Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TrojWare.JS.Agent.IL in AdAware eingenistet?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.04.2013, 19:36   #1
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Hallo,

ich habe mir evtl. o.g. Schädling eingefangen, der sich anscheinend in AdAware eingenistet hat. Über welchen Weg ich ihn bekommen habe, weiss ich nicht, aber außer Surfen fällt mir nichts ein. Hatte zwar auch noch ein Torrent-Programm installiert, aber seit einiger Zeit nicht genutzt (habe es jetzt auch deinstalliert, da ich es nicht mehr brauche).

Beim normalen Nutzen des PCs wird die Malware regelmäßig neu gefunden und in die Quarantäne verschoben, aber beim kompletten Scan taucht er in starker Zahl wieder auf. (Comodo Internet Security Premium). "AdAware Free Antivirus" findet den Trojaner gar nicht.

Bei Comodo heißt die Malware stets "TrojWare.JS.Agent.IL@296967884", aber wird in Dateien mit solchen Dateinamen gefunden:
C:\Users\Frank\AppData\Local\adaware\data\130425171830-f.list
C:\Users\Frank\AppData\Local\adaware\data\130425154609-f.list
C:\Users\Frank\AppData\Local\adaware\data\130425151520-f.list
(aber auch schon in C:\Users\Frank\AppData\Local\adaware\data\temp.zip oder in den Temporary Internet Files)

Die Frage ist jetzt natürlich, ob sich da ein Programm bei AdAware eingenistet hat oder ob das nur ein Fehlalarm von Comodo ist!
Habe über Google leider keine Hinweise gefunden, dass jemand solch ein Problem schonmal hatte.

Mein erster Gedanke ist natürlich einfach AdAware zu deinstallieren, aber wollte da jetzt erst eine Expertenmeinung hören.

Habe die geforderten Programme runtergeladen und Tests ausgeführt. Folgend die Ergebnisse:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 25.04.2013 18:18:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,44% Memory free
7,87 Gb Paging File | 6,17 Gb Available in Paging File | 78,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,72 Gb Total Space | 20,77 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 400,04 Gb Total Space | 119,48 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive F: | 488,28 Gb Total Space | 318,49 Gb Free Space | 65,23% Space Free | Partition Type: NTFS
Drive G: | 443,23 Gb Total Space | 376,17 Gb Free Space | 84,87% Space Free | Partition Type: NTFS
 
Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.25 18:06:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013.02.01 13:00:34 | 000,903,712 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\PureSync\PureSyncTray.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.07.12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.03 12:50:29 | 000,116,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.08 01:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.08 01:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011.12.19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (SbHips)
DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.08.13 14:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.04.18 22:57:00 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{FEFBE52C-63DB-4926-9BA7-73792F09AFE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AF 85 A5 B5 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92&q={searchTerms}
IE - HKCU\..\SearchScopes\{FEFBE52C-63DB-4926-9BA7-73792F09AFE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92"
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: autoproxy@gaixixon:0.1
FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "50.22.88.80"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1www.sportstreams.eu,"
FF - prefs.js..network.proxy.socks: " "
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "129.10.120.194"
FF - prefs.js..network.proxy.ssl_port: 3124
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..keyword.URL: "hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.30 22:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 12:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 12:50:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.05.31 00:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions
[2012.07.14 11:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions
[2012.05.31 00:44:56 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.05.31 00:44:56 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2012.05.31 00:44:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.31 00:44:53 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.31 00:44:53 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\ich@maltegoetz.de
[2012.07.14 11:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\staged
[2012.08.19 22:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\znnduw6f.default\extensions
[2012.08.19 22:22:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\znnduw6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.15 13:24:24 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.31 00:15:50 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.07.14 11:30:31 | 000,743,290 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.01.03 13:51:36 | 000,002,036 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\alle-preise---guenstigerde.xml
[2008.04.20 11:50:14 | 000,001,504 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\imdb.xml
[2009.12.12 11:25:16 | 000,001,699 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\metager.xml
[2012.12.03 18:41:06 | 000,002,029 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\Searchab.xml
[2008.04.20 11:49:12 | 000,001,032 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\wikipedia-eng.xml
[2010.01.30 20:54:14 | 000,001,720 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\youtube-videosuche.xml
[2012.05.30 22:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Frank\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Frank\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Frank\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Frank\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\
CHR - Extension: Media Hint = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\
CHR - Extension: YouTube = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0\
CHR - Extension: Google-Suche = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Flash Video Downloader = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh\2.3.5_0\
CHR - Extension: Print Friendly & PDF = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0\
CHR - Extension: Google Mail = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB7CCAD-C5BB-4F8F-86C4-73FC0AF0ECFE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A395D61-EAB7-4E22-B1B7-3AD99A8EE19B}: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.09 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\DSA
[2013.04.09 18:55:46 | 000,000,000 | ---D | C] -- C:\Users\Frank\Heldenverwaltung
[2013.04.09 18:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2013.04.09 18:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heldenverwaltung
[2013.04.09 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heldenverwaltung
[2013.04.03 12:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 18:16:19 | 000,000,000 | ---- | M] () -- C:\Users\Frank\defogger_reenable
[2013.04.25 18:11:42 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000UA.job
[2013.04.25 13:17:17 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.25 09:45:07 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 09:45:07 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 09:38:36 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.25 09:37:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 09:37:12 | 3168,387,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.25 09:19:36 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000Core.job
[2013.04.25 09:16:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 09:16:29 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 09:16:29 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 09:16:29 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 09:16:29 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.22 09:06:01 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.04.25 18:16:19 | 000,000,000 | ---- | C] () -- C:\Users\Frank\defogger_reenable
[2012.12.07 12:55:32 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.11.15 19:06:00 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.08.11 16:12:31 | 000,004,608 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.21 08:18:27 | 000,619,611 | ---- | C] () -- C:\Users\Frank\gutschein AL.odg
[2012.06.07 13:27:33 | 000,182,936 | ---- | C] () -- C:\Windows\hpoins52.dat
[2012.06.07 13:27:33 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat
[2012.05.31 00:10:31 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.05.31 00:10:31 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.05.31 00:10:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.31 00:10:29 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.05.28 15:35:24 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012.05.28 15:35:19 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012.05.28 15:35:19 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012.05.28 15:35:16 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.18 01:30:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\aacs
[2012.09.22 17:34:50 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Ad-Aware Antivirus
[2013.04.23 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\avidemux
[2012.08.12 11:23:26 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Canneverbe Limited
[2013.01.10 12:33:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2012.11.14 02:00:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2012.08.19 22:22:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.13 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FileZilla
[2012.06.22 07:01:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Foxit Software
[2012.09.25 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Helios
[2012.05.31 00:13:16 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\IrfanView
[2013.02.19 13:30:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Jumping Bytes
[2013.04.17 09:22:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mp3tag
[2012.05.31 00:44:56 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenOffice.org
[2013.01.16 02:00:28 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PDF reDirect
[2013.01.16 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\pdfforge
[2012.12.25 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ProtectDISC
[2012.05.31 00:44:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Thunderbird
[2012.10.30 04:21:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Tipard Studio
[2012.11.15 19:06:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Tobit
[2013.04.25 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 25.04.2013 18:18:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,44% Memory free
7,87 Gb Paging File | 6,17 Gb Available in Paging File | 78,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,72 Gb Total Space | 20,77 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 400,04 Gb Total Space | 119,48 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive F: | 488,28 Gb Total Space | 318,49 Gb Free Space | 65,23% Space Free | Partition Type: NTFS
Drive G: | 443,23 Gb Total Space | 376,17 Gb Free Space | 84,87% Space Free | Partition Type: NTFS
 
Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04288D56-2926-4EC7-B31E-91354349A8CB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{22EB20FD-0E8F-4ADD-ABA1-3FCCA3E2C54C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2397D942-D3C1-40A5-83BD-4E26D48F0D87}" = rport=138 | protocol=17 | dir=out | app=system | 
"{276332E4-DEEC-4C5D-9ACE-175564C4888E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{315E3352-9857-4021-869D-560709B229FE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{321828EB-3507-4C1F-978E-322E73F9EC37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{484E16DF-F845-446E-98F8-CB20398D3CA8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4B823A7F-5C0C-401D-A6DF-45399BE574EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{53C258AE-F5FD-404C-9D4A-F7EA75640F38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{667637C4-59B0-4C31-B525-3413CA11A732}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7A36EE98-B275-4E96-BBC1-14DAC7D54EAE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A5C08AF-53D4-4FCC-AC5B-12B92269D37F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{811234D1-9F54-4CB7-8BFC-F4677E9B1866}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A278523-C97A-478A-8A47-F9D1C8F2883E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{95061ACE-C3D0-40C5-9568-D8F99EDFE9D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AE3F877C-79E7-4ED3-865D-F6CF6CFE4732}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B865E3F3-45B1-42C0-A5D7-0BCE3911FBFA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BA0D77F5-7E60-44A0-8EA3-2A025CCE1341}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BDA09BE6-3ED9-42E4-B3E9-4D60C1F5B493}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BEDA8A94-C4D5-43A3-A6F3-FA3A9EE827B4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DC58E8D1-A9A1-41B0-BFEE-10E74CE4E3CE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E588CC75-F041-414B-95C0-5A7CA126A49A}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{EB96CEC4-C1B9-469A-98CA-ABA7FBC9BE17}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F00944A0-70CF-4AB9-A514-144EC4364C10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F3855546-F21C-4DF0-B778-4CB6F68CA271}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EC0D31B-0914-4C11-8481-5D551A446BEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1447AE84-0015-40D9-B060-98AFC456F007}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{15A45B97-831C-4CEE-BDE6-BFF4F7D0BF3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{16606B72-EF05-4362-BEF5-B960BFB6E2D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16F2AF85-9ED2-4447-9EAB-588A08DCEA02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{1947EB47-18B8-499B-BFCE-38F0531C0774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2202B289-80D3-4859-A391-C4751DAB6D0B}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{26E2DB5A-CAF0-49EF-B6DC-E7B1C6746F28}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2A5CC726-D4C9-4FB7-9610-90B7209C48F9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{30489E78-5F45-4FC3-B045-5B48254BE6A2}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{35B607D7-1438-42B9-8331-F7767F6F4EDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3813C4F1-60A5-4EC1-A5A2-A3CCF1A54AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3C3826B6-B16F-4A90-9A00-819663C4CDDA}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{3F4DE65F-7E1B-4051-BAA3-5F41EC84C845}" = protocol=6 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe | 
"{407CFB43-AB9B-4C43-BBEF-3AC36E55AC74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{41B64AAB-B383-4B8F-957E-B2B10475A003}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{42A33DBF-AAF0-44C6-BC00-C4BDB4963635}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{42B882AF-67C0-42FD-AF30-78FB7F00A2FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4E47E3B8-EBB3-4851-A308-968A1D28E620}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{519BE72F-8CE4-4810-B56F-132836518711}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{529EFF65-39F0-4BEA-9F76-AF7D49D9ACAD}" = protocol=17 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe | 
"{80D106D1-916D-4692-8137-D9264454EA58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{82795D85-BEA4-4BE8-BEFF-0ADCA3E9E69C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{893B80D7-7244-4099-8F30-175136E01B27}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{8B766E7C-526E-4F75-A403-BC7185991003}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9F7E4431-4641-4220-91AE-6C005203660B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A2C0BF4F-4EE1-44AF-B3F2-2A3ED3382AED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B040E63E-24CA-4A3A-B0AA-320C24662D13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B381626D-9EFC-4BF7-AE26-69E2EF62599A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C14A4CA0-FD99-45AC-9998-A42075F7D5A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3714C97-29C3-4AD6-93E9-023D0B836E4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{C6C8F3C7-4E61-4CC4-BE21-A9E3ACB532C5}" = protocol=6 | dir=out | app=system | 
"{D1C45CC6-CA23-4D2D-A409-CFEAB0840FF1}" = dir=in | app=c:\users\frank\appdata\local\temp\7zs0eee\setup\hpznui40.exe | 
"{E1DC8DEF-8130-4D82-82E8-E4E128A5CF88}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ED41C5C7-64D6-414B-9429-C3A374898477}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"TCP Query User{1D8BFC47-CFB5-49F7-B143-A140AC780081}C:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{36DF016C-2127-4535-9190-E87A461CEBEF}C:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1195D119-F740-478E-81C0-981BB0658F92}" = PureSync
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{765BF404-2FEE-492B-9E7F-A55143796EF1}" = Geheimakte 3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A68317E2-08D1-40d1-A705-01A2B166A286}_is1" = Tipard MKV Video Converter 6.1.26
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Avidemux 2.6 (64-bit)" = Avidemux 2.6
"C1A5C95D-9302-2943-7B988D72298F" = Heldenverwaltung
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.6.0
"Foxit Reader_is1" = Foxit Reader
"Free Studio_is1" = Free Studio version 5.7.7.1031
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.8.0
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"PDF Blender" = PDF Blender
"PDF reDirect" = PDF reDirect (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PureSync" = PureSync 3.7.2
"Sam and Max - Im Theater Des Teufels" = Sam and Max - Im Theater Des Teufels
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"VLC media player" = VLC media player 2.0.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2013 05:05:24 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
 Zeitstempel: 0x510ba012  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x73f14f0d  ID des fehlerhaften
 Prozesses: 0xeb0  Startzeit der fehlerhaften Anwendung: 0x01ce26dc0c3d647f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: a10b5484-92cf-11e2-baf9-00140b4f5e92
 
Error - 22.03.2013 21:15:43 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
 Zeitstempel: 0x510ba012  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x73f14f0d  ID des fehlerhaften
 Prozesses: 0x17a0  Startzeit der fehlerhaften Anwendung: 0x01ce27638403b3b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 2e69edc6-9357-11e2-baf9-00140b4f5e92
 
Error - 23.03.2013 21:34:03 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SBAMSvc.exe, Version: 5.0.5116.0,
 Zeitstempel: 0x4eef7ad0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xf2c  Startzeit der fehlerhaften Anwendung: 0x01ce26dc0e0d90d4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: e83c4cd7-9422-11e2-baf9-00140b4f5e92
 
Error - 26.03.2013 19:29:07 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 19:32:20 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
 Zeitstempel: 0x510ba012  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x73834f0d  ID des fehlerhaften
 Prozesses: 0xe28  Startzeit der fehlerhaften Anwendung: 0x01ce2a79a1e07eaa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 66b836fa-966d-11e2-9122-00140b4f5e92
 
Error - 29.03.2013 06:13:33 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
 Zeitstempel: 0x510ba012  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x73834f0d  ID des fehlerhaften
 Prozesses: 0x1744  Startzeit der fehlerhaften Anwendung: 0x01ce2c65c1dcc77f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 4f24f76f-9859-11e2-9122-00140b4f5e92
 
Error - 30.03.2013 16:17:07 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2013 03:06:40 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2013 03:15:45 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
 Zeitstempel: 0x510ba012  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x74984f0d  ID des fehlerhaften
 Prozesses: 0xf00  Startzeit der fehlerhaften Anwendung: 0x01ce3f282164b123  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 72bc7df9-ab1c-11e2-b4b6-00140b4f5e92
 
Error - 25.04.2013 03:39:04 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 24.04.2013 22:08:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 24.04.2013 22:20:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 24.04.2013 22:32:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 24.04.2013 22:44:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 24.04.2013 22:56:53 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 24.04.2013 23:08:53 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 24.04.2013 23:44:53 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 25.04.2013 10:33:02 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 25.04.2013 10:45:03 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 25.04.2013 10:57:03 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
 
< End of report >
         
Gmer habe ich wie beschrieben (ohne Netzzugang oder AV-Programmen) ausgeführt, aber nach ca. 30 Minuten brach der Scan mit einem Bluescreen ab.
Hier die Windows-Nachricht nach dem Neustart:
Code:
ATTFilter
Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.1.7601.2.1.0.768.3
  Gebietsschema-ID:	1031

Zusatzinformationen zum Problem:
  BCCode:	109
  BCP1:	A3A039D8AAD1266E
  BCP2:	B3B7465EFD4F6110
  BCP3:	FFFFF800040E0080
  BCP4:	0000000000000002
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\042513-27518-01.dmp
  C:\Users\Frank\AppData\Local\Temp\WER-46004-0.sysdata.xml

Lesen Sie unsere Datenschutzbestimmungen online:
  hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407

Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
  C:\Windows\system32\de-DE\erofflps.txt
         
Wenn ich was aus einer der Dateien posten soll oder den Scan einfach nochmal probieren soll, sagt bescheid.

Schonmal vielen Dank für eure Mühe.
Ich hoffe, euch nicht zu viele Umstände zu machen!

Ciao
Frank

Geändert von Hennes2000 (25.04.2013 um 19:57 Uhr)

Alt 25.04.2013, 22:48   #2
smeenk
/// Malwareteam / Visitor
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Hallo Frank ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Klicke auf "Options" und wähle die folgenden Optionen aus:
    • Recently Created
    • Startup Information
    • Firefox Look
    • Chrome Look
    • System Restore Point
    • Auto Clean
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log



Bitte poste in deiner nächsten Antwort:
  • Log von zoek
__________________


Alt 25.04.2013, 23:59   #3
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Schonmal vielen Dank für die schnelle Antwort und die weiteren Instruktionen, aber leider kann ich nicht viel vorzeigen...

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 13-April-2013
Tool run by Frank on 26.04.2013 at  0:39:09,27.

Running in: Normal Mode No Internet Access Detected

==== Older Logs ======================

C:\zoek-results26.04.2013-0030.log	267 bytes

zoek.hta failed by unknown error.
Restart computer, and try again.
If this error returns, use another tool.
         
Beim Programmstart meldet Zoek, dass in Zeile 56 nicht genug memory zur Verfügung steht. Nach Click auf "Run Script" kommt die gleiche Meldung mit anderer Zeilennummer. Habe das ganze auch zweimal nach Neustart probiert, aber es bringt nichts. (Ich habe 4GB RAM verbaut, falls die Info von Belang ist.)

Dafür zeigt mir seit dem (vor)letzten Neustart nun auch AdAware Bedrohungen an. Um genau zu sein 4 mal die gleiche: "Trojan.Win32.Generic!BT", jeweils in Quarantäne gestellt.
Dafür hat Comodo seit heute nachmittag keine neue Bedrohung gemeldet. Auch wenn ich glaube, dass das jetzt nicht zur Freudennachricht taugt... .

Hoffe einfach mal, dass du da noch ne andere Idee hast!

Ciao (und gute Nacht)
Frank
__________________

Alt 26.04.2013, 00:07   #4
smeenk
/// Malwareteam / Visitor
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Versuch es noch einmal mit nur diese Optionen angehakt:
  • Recently Created
  • Startup Information
  • Firefox Look
  • Chrome Look
  • Auto Clean
Wenn es wieder der Hta-fehler gibt dann bitte hier melden, wir werden uns dan etwas anderes ausprobieren

Gruß
Smeenk

Alt 26.04.2013, 01:23   #5
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Da du schon so lange aufgeblieben bist, um mir zu antworten habe ich das auch gemacht.
Habe zwar noch eine Windows-Fehlermeldung bekommen (s. anhängendes Bild), ich konnte jedoch auf "Ausführen" klicken und es lief.

Hier das Log:
Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 13-April-2013
Tool run by Frank on 26.04.2013 at  1:35:57,96.

Running in: Normal Mode No Internet Access Detected

==== Older Logs ======================

C:\zoek-results26.04.2013-0030.log	267 bytes
C:\zoek-results26.04.2013-0041.log	357 bytes
C:\zoek-results26.04.2013-0042.log	403 bytes
C:\zoek-results26.04.2013-0116.log	336 bytes
C:\zoek-results26.04.2013-0128.log	382 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2150396499-982110081-1011283770-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default

user.js not found
---- Lines conduit removed from prefs.js ----

user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");

---- Lines conduit modified from prefs.js ----


---- Lines ask.com removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__0151_.backup

ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\znnduw6f.default

user.js not found
---- Lines conduit removed from prefs.js ----


---- Lines conduit modified from prefs.js ----


---- Lines ask.com removed from prefs.js ----


---- Lines ask.com modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__0151_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default\searchplugins\Searchab.xml" deleted
"C:\Users\Frank\AppData\Roaming\aacs\KEYDB.cfg" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\atl100.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\BrowserHelpersInstaller.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVDVideoSoft.Resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DvsService.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSUpdate.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\mfc100u.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\mfcm100u.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\msvcp100.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\msvcr100.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\Newtonsoft.Json.Net20.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PrerequisiteCheck.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\SubscriptionOffer.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tier0-pinv-1.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tier0.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ytgroovlc.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\SubscriptionOffer.resources.dll" not deleted
"C:\Users\Frank\AppData\Roaming\aacs" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" not deleted
"C:\Users\Frank\AppData\Roaming\pdfforge" deleted
"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default\extensions\staged" deleted
"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default\conduit" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Frank\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-04-22 06:49:29	8999F18D38D55E34D356796507FFD639	192000	----a-w-	C:\Windows\SysWOW64\rdpendp_winip.dll
2013-04-22 06:49:28	E6446AB7A7E602CAFF51ACA3C68C1526	269312	----a-w-	C:\Windows\SysWOW64\aaclient.dll
2013-04-22 06:49:28	D3F64318307CEC05CBDE533D99976532	16896	----a-w-	C:\Windows\SysWOW64\wksprtPS.dll
2013-04-22 06:49:28	A9D4140B8B843D5719F7C3EED8C0F9FD	37376	----a-w-	C:\Windows\SysWOW64\tsgqec.dll
2013-04-22 06:49:27	3F853160DEE5B71B9AD2F1BAF2B1E55B	46592	----a-w-	C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-04-22 06:49:26	40FF6C636380A87DE3A99F4E348BFDCB	1048064	----a-w-	C:\Windows\SysWOW64\mstsc.exe
2013-04-22 06:49:24	EF1689081813A60D4610FF429530BA36	4916224	----a-w-	C:\Windows\SysWOW64\mstscax.dll
2013-04-22 06:46:18	2E56BA5BC215B2AED2B790D42D8C1739	2382848	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-04-22 06:46:16	40169F9AE27BB73F2CB8C7D11A7A2AC2	73216	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2013-04-22 06:46:15	507183B4FCB535A7A973427D1F367CA8	420864	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2013-04-22 06:46:11	C720BD3BDE2C9A1BFC4476F6D3A4B64D	176640	----a-w-	C:\Windows\SysWOW64\ieui.dll
2013-04-22 06:46:09	FC5BBA40E667D20126D91BD6A790705B	142848	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2013-04-22 06:46:09	69EDE878C3891E7796D46B7E552330B1	231936	----a-w-	C:\Windows\SysWOW64\url.dll
2013-04-22 06:46:07	4E7F83E1F6AEFA38E270EA7353D6911E	1104384	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-04-22 06:46:06	CA78BA218B423C7F22B14906308B8B02	1427968	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2013-04-22 06:46:03	9DE04A790F697432871E88BB77EEBCF5	607744	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-04-22 06:46:01	C5B6468422DB1C8AA36C32CBB0197E5E	1129472	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-04-22 06:46:00	7E6052699CAF18ADEDD846D44ECCE81F	1800704	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2013-04-22 06:46:00	26DB6CB9BC434ABA1169B3051E6AB4F2	717824	----a-w-	C:\Windows\SysWOW64\jscript.dll
2013-04-22 06:45:57	9BDDA34DC4890169DE5BA21134B33EFB	1796096	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-04-22 06:45:57	4BE468D2EE9CC59CB8F666949CD37CD5	65024	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-04-22 06:45:51	658EBC74BD38D16805648C4775F7FA82	12324352	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-04-22 06:45:47	DFE118C95C6571B87D1923DAB3FA0A77	9738752	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-04-22 06:41:26	8B285BDAB7735FDFB18E6F7122923B77	187392	----a-w-	C:\Windows\SysWOW64\UIAnimation.dll
2013-04-22 06:41:26	600A65F922CCDCBB2D11467914241556	2284544	----a-w-	C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-22 06:41:20	545F1BAAADD0BF1F4FE4586293FCA07D	417792	----a-w-	C:\Windows\SysWOW64\WMPhoto.dll
2013-04-22 06:41:17	6A13B4F3B3F575F1E24B877B9359AABA	10752	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-22 06:41:17	6951562DC4625EEFC6EACD52AD165866	9728	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-22 06:41:17	49ACA548B2423F1C67898E6AC719A9A6	3584	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-22 06:41:17	3C1936A12C62254F914A01BBC6A8DC69	161792	----a-w-	C:\Windows\SysWOW64\d3d10_1.dll
2013-04-22 06:41:17	2E33DFD10F28F86C3FC40EE123CC3904	2560	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-22 06:41:16	B3170CCC779B682C3341873EA60CF084	1988096	----a-w-	C:\Windows\SysWOW64\d3d10warp.dll
2013-04-22 06:41:15	C7A730AFB80B11F93EFC81B1D6F920D7	364544	----a-w-	C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-22 06:41:15	60F4AEFA103D421EA4A40E31409B4756	3072	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-22 06:41:15	589CBC4989F750E1DA35625AB481CF43	4096	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-22 06:41:15	3BE0D923AA45A4DBE091C2D84F0B4FE7	3072	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-22 06:41:15	1C60E09CA1C3A045BC4D367F67C915B7	5632	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-22 06:41:15	007863E45F25AA47A4C30D0930BBFD85	5632	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-22 06:41:14	FB3F036EF6A467F7AF46C821FF5D198D	220160	----a-w-	C:\Windows\SysWOW64\d3d10core.dll
2013-04-22 06:41:14	D4F264FE23F8953D840904418220C15E	293376	----a-w-	C:\Windows\SysWOW64\dxgi.dll
2013-04-22 06:41:14	4FF3EC04CD47DD62181894B71B004E40	604160	----a-w-	C:\Windows\SysWOW64\d3d10level9.dll
2013-04-22 06:41:13	D4212AB475A3B25EC4DF574536C3EDC5	249856	----a-w-	C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-22 06:41:13	7ACDFB4CC67F4993DF0E0731576309B2	1504768	----a-w-	C:\Windows\SysWOW64\d3d11.dll
2013-04-22 06:41:12	8504944851DF6175CC489A8F3328459E	1080832	----a-w-	C:\Windows\SysWOW64\d3d10.dll
2013-04-22 06:41:11	6A7B5A3EFCCDB53DA41CF6838056990F	1158144	----a-w-	C:\Windows\SysWOW64\XpsPrint.dll
2013-04-22 06:41:11	4277F5164DE9B7C665BB928B9145BEE0	1247744	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2013-04-22 06:41:10	62A6EB5771580CAE445804389F3F7432	207872	----a-w-	C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-22 06:41:09	3BCECD87AB4E6743BFB45B352AD1A529	1230336	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-22 06:41:08	9FF8F684BACF326082E5562F7C104A79	3419136	----a-w-	C:\Windows\SysWOW64\d2d1.dll
2013-04-22 06:38:55	AF78F66116814FDD6677CEBD73035CDD	247808	----a-w-	C:\Windows\SysWOW64\schannel.dll
2013-04-22 06:38:53	A113AFEED3159A1ED52D78CB0226006D	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2013-04-22 06:38:52	BFB26890612FB8AE8B0463EBEBE84B7E	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-04-22 06:49:34	7B619C36F84720CB6AB77031B6F4FA60	13312	----a-w-	C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-22 06:49:34	0E894692EB8579703FB1EC8AB6908571	13312	----a-w-	C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2013-04-22 06:49:33	E9A0777DCA9148157E0EF9B71D7DE353	15360	----a-w-	C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2013-04-22 06:49:29	E98E2152251EB2576714B2CCE01555DC	44032	----a-w-	C:\Windows\Sysnative\tsgqec.dll
2013-04-22 06:49:29	9EB297848DAACF111C36B6048EFF5AEA	43520	----a-w-	C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2013-04-22 06:49:29	09112DADA82F4700F833C2E40DFB59FC	18432	----a-w-	C:\Windows\Sysnative\wksprtPS.dll
2013-04-22 06:49:27	F059D17612BF074443C01FCCC8D5C905	54272	----a-w-	C:\Windows\Sysnative\MsRdpWebAccess.dll
2013-04-22 06:49:27	D346E07D62E3D4BEAB040939744EC31B	228864	----a-w-	C:\Windows\Sysnative\rdpendp_winip.dll
2013-04-22 06:49:27	AE8535663AA64318D174CD7CA44ED947	62976	----a-w-	C:\Windows\Sysnative\TSWbPrxy.exe
2013-04-22 06:49:27	AD4D0AEDB5993EDA31EB80A54EDBC344	243200	----a-w-	C:\Windows\Sysnative\rdpudd.dll
2013-04-22 06:49:27	87E8244DCB33A7A0836C66389B8874B6	322560	----a-w-	C:\Windows\Sysnative\aaclient.dll
2013-04-22 06:49:27	6846ECABF7034DD97EE1DE38F1DA16B4	384000	----a-w-	C:\Windows\Sysnative\wksprt.exe
2013-04-22 06:49:26	98C04A60A10777D99B569636C55FE91C	1123840	----a-w-	C:\Windows\Sysnative\mstsc.exe
2013-04-22 06:49:25	8F69EE5E0EB0779DC3E90DFD8D8E8683	3174912	----a-w-	C:\Windows\Sysnative\rdpcorets.dll
2013-04-22 06:49:24	FF16B21E5C0C46A70B2CD4F65B87D9F1	5773824	----a-w-	C:\Windows\Sysnative\mstscax.dll
2013-04-22 06:46:18	5281583B59E5FDB6D55E33B0906D0BFC	2382848	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-04-22 06:46:17	AC3FF334360EC9E25C9B794DC37399DC	96768	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2013-04-22 06:46:10	737DF2559F880FEC73AA831C8AC8FC4A	248320	----a-w-	C:\Windows\Sysnative\ieui.dll
2013-04-22 06:46:10	15F628A67C9C88502107320E3206982F	173056	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2013-04-22 06:46:09	566BDBDF479261EA6555B422573BCB95	237056	----a-w-	C:\Windows\Sysnative\url.dll
2013-04-22 06:46:06	D3A6792AED4841B4D055C7C80C815BB7	1346560	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-04-22 06:46:05	B54C6B8CBF6F556C9930110164EB63E4	2312704	----a-w-	C:\Windows\Sysnative\jscript9.dll
2013-04-22 06:46:05	2A0AD3BE38087708D03F4A1A80A1C655	1494528	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2013-04-22 06:46:04	12F5FB993723BF607370C9B74EC32BF6	729088	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-04-22 06:46:01	A4F6142CABA82FB7293ECE5FF864B440	1392128	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-04-22 06:46:01	A13792C4E26F54181B9E9B5B0C958B22	85504	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-04-22 06:45:59	A072A3C7FD6247F1446D26A6929BDFD7	599040	----a-w-	C:\Windows\Sysnative\vbscript.dll
2013-04-22 06:45:59	76D2D5929F5901392703C5F709AC277A	816640	----a-w-	C:\Windows\Sysnative\jscript.dll
2013-04-22 06:45:58	8D4DEA45FCDF9FCFD9E31232A07E6EF9	2147840	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-04-22 06:45:50	1154FEFC73880A2EF44295EF0DBDC59F	17817088	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-04-22 06:45:48	652B60C9C4D5391FF0970B9086702E8F	10925568	----a-w-	C:\Windows\Sysnative\ieframe.dll
2013-04-22 06:41:26	E8EEA503870CB6A6DC4E09A2433DF33E	2776576	----a-w-	C:\Windows\Sysnative\msmpeg2vdec.dll
2013-04-22 06:41:26	04CB7C8FDC6D9640DD82A527208F72C4	221184	----a-w-	C:\Windows\Sysnative\UIAnimation.dll
2013-04-22 06:41:20	893E8C1E4A1263EDDB1A6922D0E32201	465920	----a-w-	C:\Windows\Sysnative\WMPhoto.dll
2013-04-22 06:41:17	F5CEF064C7E6D95DA86B9D064A56A969	3584	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-22 06:41:17	F49E92B50CED5C9F1725D3C0329FD933	10752	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-22 06:41:17	AFC3DB5C6EB8CA8017DDB81D6C0AD02A	9728	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-22 06:41:17	9AE80F6A66B30E3ED8CDF858CF28B11B	194560	----a-w-	C:\Windows\Sysnative\d3d10_1.dll
2013-04-22 06:41:17	64A4AB126E24FD3F58EBE64852773DB5	2560	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-22 06:41:16	C498EF41B93986BCBD483597573EB96D	2565120	----a-w-	C:\Windows\Sysnative\d3d10warp.dll
2013-04-22 06:41:16	6F623BD09CBB4C3F97374F12976E5EA5	522752	----a-w-	C:\Windows\Sysnative\XpsGdiConverter.dll
2013-04-22 06:41:15	FB4045578F5180BDB1963AB352B78548	5632	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-22 06:41:15	9108540E866F75C7AF2B91DD921A8091	3072	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-22 06:41:15	9094039A00485F71C4DE64BF51F64C46	3072	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-22 06:41:15	72723D3E4781BADC62C3180C137E7B23	4096	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-22 06:41:15	0E6FBF19D9DFBB77316C23DF91F8A101	5632	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-22 06:41:14	8DFB5752FCE145A6B295093C0A8BE131	363008	----a-w-	C:\Windows\Sysnative\dxgi.dll
2013-04-22 06:41:14	3834316FE8A653227282196525E07DFE	648192	----a-w-	C:\Windows\Sysnative\d3d10level9.dll
2013-04-22 06:41:13	AFB73882AE41E1629A63E6713FE30FB9	296960	----a-w-	C:\Windows\Sysnative\d3d10core.dll
2013-04-22 06:41:13	63F72417CA38D8FC8F53709649B589E3	333312	----a-w-	C:\Windows\Sysnative\d3d10_1core.dll
2013-04-22 06:41:12	B2CA1AC17E78D986B22FD6C2261CD84F	1238528	----a-w-	C:\Windows\Sysnative\d3d10.dll
2013-04-22 06:41:12	448B02AD260EC3E1E892FCE6DFDDEEBD	1887232	----a-w-	C:\Windows\Sysnative\d3d11.dll
2013-04-22 06:41:11	FA428BDBCFAB9DC3D58F0BD2CCD50EA2	1682432	----a-w-	C:\Windows\Sysnative\XpsPrint.dll
2013-04-22 06:41:10	F1C19F0AA151B90A7416FA1D50DDB582	245248	----a-w-	C:\Windows\Sysnative\WindowsCodecsExt.dll
2013-04-22 06:41:10	C4C183E6551084039EC862DA1C945E3D	1175552	----a-w-	C:\Windows\Sysnative\FntCache.dll
2013-04-22 06:41:10	63BB89DED1E9104E68D33E54DE4D340D	1643520	----a-w-	C:\Windows\Sysnative\DWrite.dll
2013-04-22 06:41:09	BDDF242A49E7B7DC5CCEC291BCE53ACB	1424384	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2013-04-22 06:41:09	7E8A672B7B06A6EB11960C22E0360C59	3928064	----a-w-	C:\Windows\Sysnative\d2d1.dll
2013-04-22 06:38:56	B7D42CB36C08FA017E73FF2433CD7287	340992	----a-w-	C:\Windows\Sysnative\schannel.dll
2013-04-22 06:38:54	685527DA09EBFB681E98C515978BDEE2	1448448	----a-w-	C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2013-04-24 06:26:11	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-22 06:49:31	AD64450A4ABE076F5CB34CC08EEACB07	30208	----a-w-	C:\Windows\Sysnative\drivers\TsUsbGD.sys
2013-04-22 06:49:31	313F68E1A3E6345A4F47A36B07062F34	19456	----a-w-	C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2013-04-22 06:49:31	17C6B51CBCCDED95B3CC14E22791F85E	57856	----a-w-	C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2013-04-22 06:38:55	AAFCB52FE0037207FB6FBEA070D25EFE	458712	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
2013-04-22 06:38:55	7EFB9333E4ECCE6AE4AE9D777D9E553E	154480	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2013-04-10 19:26:23	8F6322049018354F45F05A2FD2D4E5E0	223752	----a-w-	C:\Windows\Sysnative\drivers\fvevol.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-04-09 16:55:36	--------	d--h--w-	C:\Program Files (x86)\InstallJammer Registry
2013-04-09 16:54:37	--------	d-----w-	C:\Program Files (x86)\Heldenverwaltung
2013-04-03 10:50:20	--------	d-----w-	C:\Program Files (x86)\Mozilla Thunderbird
======= C: =====
====== C:\Users\Frank\AppData\Roaming ======
====== C:\Users\Frank ======
2013-04-25 16:16:19	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Frank\defogger_reenable
2013-04-09 16:55:46	--------	d-----w-	C:\Users\Frank\Heldenverwaltung
2013-04-09 16:55:15	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heldenverwaltung

====== C: exe-files ==
2013-04-25 16:06:58	60BF4AE8CC40B0E3E28613657ED2EED8	377856	----a-w-	C:\Users\Frank\Desktop\gmer_2.1.19163.exe
2013-04-25 16:06:22	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\Frank\Desktop\OTL.exe
2013-04-25 16:00:51	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\Frank\Desktop\Defogger.exe
2013-04-22 06:49:34	0E894692EB8579703FB1EC8AB6908571	13312	----a-w-	C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-22 06:49:27	AE8535663AA64318D174CD7CA44ED947	62976	----a-w-	C:\Windows\System32\TSWbPrxy.exe
2013-04-22 06:49:27	6846ECABF7034DD97EE1DE38F1DA16B4	384000	----a-w-	C:\Windows\System32\wksprt.exe
2013-04-22 06:49:26	98C04A60A10777D99B569636C55FE91C	1123840	----a-w-	C:\Windows\System32\mstsc.exe
2013-04-22 06:49:26	40FF6C636380A87DE3A99F4E348BFDCB	1048064	----a-w-	C:\Windows\SysWOW64\mstsc.exe
2013-04-22 06:46:10	15F628A67C9C88502107320E3206982F	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2013-04-22 06:46:09	FC5BBA40E667D20126D91BD6A790705B	142848	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2013-04-22 06:46:08	32732CEDE2A1106B736EF3D84054EE04	757376	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-04-22 06:46:08	25B53709A37C3FD814B68EA0A92D18F9	763520	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2013-04-25 23:14:26	AE8F0A61FB3CE83DC847CB0A4134F25B	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$I2CQ2E6.zip
2013-04-25 23:13:40	C1F0ED3EE76539543F5270330946EDEA	1263335	----a-w-	C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$R2CQ2E6.zip
2013-04-25 22:59:57	5A8B4FE88C1F93573291074AF3433091	2485	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425225709-l[1].zip
2013-04-25 22:59:57	112C06EC6FBA8397B2C41E779B655F3F	164	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425225709-m[1].zip
2013-04-25 22:47:53	CE71B4A48B6A3C9542FA96FE8285FE60	388	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425222622-m[1].zip
2013-04-25 22:47:53	0F22430FBDB80AF0B543D0E49C716024	872	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425222622-l[1].zip
2013-04-25 22:25:32	1105FB88BB113B77E1C6F103C0D4A22C	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$I1J44QM.zip
2013-04-25 22:23:26	9443C1028C3782B945070D50C20A7060	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$IE82ENE.zip
2013-04-25 22:16:06	F07D06CF01B3D51952B16CB85EDF7DED	3709324	----a-w-	C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$RE82ENE.zip
2013-04-25 22:16:06	C1F0ED3EE76539543F5270330946EDEA	1263335	----a-w-	C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$R1J44QM.zip
2013-04-25 22:14:34	C8F8A8471EBF7846C5F7CFAB3C08B097	558	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425215535-m[1].zip
2013-04-25 22:14:34	AA8BA96AC9E3DE1678CF0DA1BE1B1E0A	2609	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425215535-l[1].zip
2013-04-25 22:14:34	26C28277C4529A05D8A4BDB8521CA2BE	781	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425212449-l[1].zip
2013-04-25 22:14:34	1CC98062264FD45439D5B117DA8157FF	2593	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425212449-m[1].zip
2013-04-25 22:14:33	EA1449775F36FA951B493FB0E57E4E2D	1449	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425202315-l[1].zip
2013-04-25 22:14:33	DAF82CCD83CBA1CF29D44A0C019A843A	935	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425195228-l[1].zip
2013-04-25 22:14:33	A378B76EC19BA933F9B9BEB2F99FBFA8	342	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425195228-m[1].zip
2013-04-25 22:14:33	93923E1C8832657FE8B7D86E8ACA33F6	202	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425205403-m[1].zip
2013-04-25 22:14:33	7022504A971458561EB63EB0D502DE51	3815	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425205403-l[1].zip
2013-04-25 22:14:33	59040F2F531C1976C935E302A93A728F	574	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425202315-m[1].zip
2013-04-25 22:14:33	4CBCCA99116AC0F03569B6C567EB9E57	1106	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425192141-m[1].zip
2013-04-25 22:14:32	B1A146D23BF372D85C076917EC2FE611	1427	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425192141-l[1].zip
2013-04-25 19:00:29	938ABEDC6F4E970863E95A0CA148AB91	572	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425185052-l[1].zip
2013-04-25 19:00:29	13EFB8EB444FC0A571E437FA30BA9547	470	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425185052-m[1].zip
2013-04-25 18:23:48	7C1236B120E8E7BE18766D4857005DF8	493	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425182005-l[1].zip
2013-04-25 18:23:48	40CB773EFC1FCD715006D2483B4B4AF6	825	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425182005-m[1].zip
2013-04-25 17:51:37	554FB3A528122E6481DFC68C13B795D9	254117	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425174919-f[1].zip
2013-04-25 17:43:29	6EE833B390AAB76764C19BC0E15EC74D	254840	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425171830-f[1].zip
2013-04-25 15:50:22	E4C7BEF39BA9101503F5252459DBF13A	252558	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425154609-f[1].zip
2013-04-25 15:50:22	112C06EC6FBA8397B2C41E779B655F3F	164	----a-w-	C:\Users\Frank\AppData\Local\adaware\data\temp.zip
2013-04-25 15:25:49	0C441DF1F9150A45E6B8F9E862711A46	252652	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425151520-f[1].zip
2013-04-25 14:49:38	D761425110B9030C7914726D121DF63C	251075	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425144433-f[1].zip
2013-04-25 14:21:29	58DDAB28255D7A4C391F461785E7036B	250617	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425141345-f[1].zip
2013-04-25 12:49:27	CBF9C44A4C35599989CA8BDA97DDC586	77	----a-w-	C:\Users\Frank\AppData\Local\Temp\utt93A.tmp.bat
2013-04-25 12:46:46	8238AFEC910B6A5BEB61EFCEC87BF499	250985	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425124125-f[1].zip
2013-04-25 11:26:20	FBEC8AD7A31D90757A6B21742167ACB7	1896	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425110907-m[1].zip
2013-04-25 11:26:19	E370930E9F9C6D1A7F324242AB05F0F4	751	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425100738-l[1].zip
2013-04-25 11:26:19	CCC0BC0E8CC014ED51DEA804BAAB7AE2	1707	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425100738-m[1].zip
2013-04-25 11:26:19	B2BE438053EEC6C8692852C9B5AA60EE	164	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425103820-l[1].zip
2013-04-25 11:26:19	AD641FC4F9DD41861E1EEEFD0DC26D91	186	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425103820-m[1].zip
2013-04-25 11:26:19	17CC25B5C9DC5C50EA0886B888B02C62	543	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425110907-l[1].zip
2013-04-25 09:50:00	F9C42A90F90C309C0CF4D9B4BED3F017	224	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425093651-l[1].zip
2013-04-25 09:50:00	CEF4B87256C4A1EA1429DA539F284C58	164	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425093651-m[1].zip
2013-04-25 09:50:00	59A49205A817C631D82182507CC56FF5	553	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425090602-m[1].zip
2013-04-25 09:50:00	17DE76A1E1F4F3B0BDC08F3BDCB7ACB2	674	----a-w-	C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425090602-l[1].zip
2013-04-24 06:26:11	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-04-22 06:49:31	AD64450A4ABE076F5CB34CC08EEACB07	30208	----a-w-	C:\Windows\System32\drivers\TsUsbGD.sys
2013-04-22 06:49:31	313F68E1A3E6345A4F47A36B07062F34	19456	----a-w-	C:\Windows\System32\drivers\rdpvideominiport.sys
2013-04-22 06:49:31	17C6B51CBCCDED95B3CC14E22791F85E	57856	----a-w-	C:\Windows\System32\drivers\TsUsbFlt.sys
2013-04-22 06:38:55	AAFCB52FE0037207FB6FBEA070D25EFE	458712	----a-w-	C:\Windows\System32\drivers\cng.sys
2013-04-22 06:38:55	7EFB9333E4ECCE6AE4AE9D777D9E553E	154480	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2150396499-982110081-1011283770-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"PureSync"="C:\Program Files (x86)\PureSync\PureSyncTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"PureSync"="C:\Program Files (x86)\PureSync\PureSyncTray.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Frank\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Frank\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]


==== Startup Folders ======================

2013-03-08 10:14:50	1235	----a-w-	C:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000Core.job --a------ C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [06.09.2012 21:50]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000UA.job --a------ [Undertermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- Ad-Aware Security Toolbar - %ProfilePath%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
- CookieCuller - %ProfilePath%\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\znnduw6f.default
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Frank\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx[14.11.2012 02:00]

ProxTube - Frank - Default\Extensions\aakchaleigkohafkfjfjbblobjifikek
Awesome Screenshot: Capture Annotate - Frank - Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce
Media Hint - Frank - Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja
YouTube - Frank - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Chrome YouTube Downloader - Frank - Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja
Google Search - Frank - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Flash Video Downloader - Frank - Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh
Print Friendly & PDF - Frank - Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj
Gmail - Frank - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{FEFBE52C-63DB-4926-9BA7-73792F09AFE4} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Frank\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frank\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11THS47M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\76S0WPBT will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMZ0HD2M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU7Q7UE8 will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B02RT71 will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SH3EOLL will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN0A0Q3I will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPJHB2P3 will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1742PZ9M will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4FKOXDWX will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWQS74WO will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7SWKT2Y will be deleted at reboot
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Frank\AppData\Local\Mozilla\Firefox\Profiles\cnyiga8c.default\Cache emptied successfully
C:\users\Frank\AppData\Local\Mozilla\Firefox\Profiles\znnduw6f.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
C:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully
         
Stör dich nicht an den vorherigen Scans. Ich war zu müde um zu erkennen, dass er wirklich am Scannen war.

Dann bin ich mal gespannt, was du jetzt rausfindest.

Gute Nacht (jetzt aber wirklich)
Frank

Miniaturansicht angehängter Grafiken
TrojWare.JS.Agent.IL in AdAware eingenistet?-zoek2.jpg  

Alt 26.04.2013, 07:21   #6
smeenk
/// Malwareteam / Visitor
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Der Skriptfehler wird wahrscheinlich verursacht weil Zoek versucht Systemwiederherstellung zu aktivieren.
Sieht aus dass sich da ein Problem vor tut.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 26.04.2013, 08:45   #7
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



So richtig leicht scheint es für keines der Programme zu sein. Hatte Fehlermeldungen zu Hauf.
Hier eine Kurzansicht:

- Unable to create file
C:\Windows\Hiv-backup\ERDNT.INF

- Error saving file
C:\Windows\erdnt\Hiv-backup\SYSTEM
Continue with next file?

- Die gleiche Meldung mit folgenden Pfaden:
C:\Windows\erdnt\Hiv-backup\SOFTWARE
C:\Windows\erdnt\Hiv-backup\DEFAULT
C:\Windows\erdnt\Hiv-backup\SECURITY
C:\Windows\erdnt\Hiv-backup\SAM
C:\Windows\erdnt\Hiv-backup\BCD

Danach nochmal die "Unable to create"-Meldung mit den Pfaden
C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
C:\Windows\erdnt\Hiv-backup\Users\00000004\NTUSER.DAT

Habe alle Anfragen immer mit "Ja" bzw. "Weiter" beantwortet.

Am Ende öffnete sich ein Texteingabefeld mit der Meldung, dass die c.bat nicht gefunden oder falsch geschrieben sei (s. angehängter Screenshot)

Eine C:\Combofix.txt wurde nicht erstellt (auch nicht nach Neustart).
Dafür eine Datei mit Namen Start_cmd mit folgendem Inhalt:
Code:
ATTFilter
PEV -k * -preg"\\(cmd\.exe|cmd\.3XE|Nircmd\.3XE)$"
IF EXIST C:\32788R22FWJFW\Start_dat EXIT
ECHO.>C:\32788R22FWJFW\Start_dat
ATTRIB -H -S "C:\32788R22FWJFW\*"
MOVE /Y "C:\32788R22FWJFW\*" "C:\ComboFix"
RD /S/Q "C:\32788R22FWJFW"
START "." /d"C:\ComboFix" "C:\ComboFix\CF31550.3XE" /k c.bat
DEL /A/F C:\Start_.cmd C:\Bug.txt
         
Zusätzlich ist auch noch ein Ordner C:\COMBOFIX\ erstellt worden. Wenn du Inhalte hieraus brauchst sag bescheid.
Miniaturansicht angehängter Grafiken
TrojWare.JS.Agent.IL in AdAware eingenistet?-combo.jpg  

Alt 26.04.2013, 10:58   #8
smeenk
/// Malwareteam / Visitor
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Anscheinend ist hier mehr los

Versuchen wir etwas anderes:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 26.04.2013, 14:25   #9
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Habe erstmal MBar ausgeführt. Habe anfangs die eine Frage bekommen (siehe angehängtes Bild), die ich (dem Hinweis entsprechend) mit "Nein" beantwortet. Gefunden hat das Programm anschließend nichts.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frank :: FRANK-PC [administrator]

26.04.2013 15:12:11
mbar-log-2013-04-26 (15-12-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29089
Time elapsed: 29 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Falls ich das Programm nochmal starten und mit "Ja" antworten soll, sag bescheid.

TDSSKiller war dafür erfolgreicher beim Suchen:
Code:
ATTFilter
15:27:30.0189 3372  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:27:30.0418 3372  ============================================================
15:27:30.0418 3372  Current date / time: 2013/04/26 15:27:30.0418
15:27:30.0418 3372  SystemInfo:
15:27:30.0418 3372  
15:27:30.0418 3372  OS Version: 6.1.7601 ServicePack: 1.0
15:27:30.0418 3372  Product type: Workstation
15:27:30.0419 3372  ComputerName: FRANK-PC
15:27:30.0419 3372  UserName: Frank
15:27:30.0419 3372  Windows directory: C:\Windows
15:27:30.0419 3372  System windows directory: C:\Windows
15:27:30.0419 3372  Running under WOW64
15:27:30.0419 3372  Processor architecture: Intel x64
15:27:30.0419 3372  Number of processors: 2
15:27:30.0419 3372  Page size: 0x1000
15:27:30.0419 3372  Boot type: Normal boot
15:27:30.0419 3372  ============================================================
15:27:32.0745 3372  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:33.0017 3372  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:33.0042 3372  ============================================================
15:27:33.0042 3372  \Device\Harddisk0\DR0:
15:27:33.0042 3372  MBR partitions:
15:27:33.0042 3372  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x8372000
15:27:33.0042 3372  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8372800, BlocksNum 0x32013000
15:27:33.0043 3372  \Device\Harddisk1\DR1:
15:27:33.0043 3372  MBR partitions:
15:27:33.0043 3372  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3D090000
15:27:33.0043 3372  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675000
15:27:33.0043 3372  ============================================================
15:27:33.0078 3372  C: <-> \Device\Harddisk0\DR0\Partition1
15:27:33.0117 3372  D: <-> \Device\Harddisk0\DR0\Partition2
15:27:33.0144 3372  F: <-> \Device\Harddisk1\DR1\Partition1
15:27:33.0178 3372  G: <-> \Device\Harddisk1\DR1\Partition2
15:27:33.0178 3372  ============================================================
15:27:33.0178 3372  Initialize success
15:27:33.0178 3372  ============================================================
15:28:08.0220 4984  ============================================================
15:28:08.0220 4984  Scan started
15:28:08.0221 4984  Mode: Manual; SigCheck; TDLFS; 
15:28:08.0221 4984  ============================================================
15:28:08.0844 4984  ================ Scan system memory ========================
15:28:08.0844 4984  System memory - ok
15:28:08.0845 4984  ================ Scan services =============================
15:28:09.0055 4984  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:28:09.0322 4984  1394ohci - ok
15:28:09.0401 4984  [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
15:28:09.0539 4984  acedrv11 - ok
15:28:09.0634 4984  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:28:09.0694 4984  ACPI - ok
15:28:09.0748 4984  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:28:09.0873 4984  AcpiPmi - ok
15:28:09.0993 4984  [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
15:28:10.0082 4984  Ad-Aware Service - ok
15:28:10.0199 4984  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:10.0248 4984  AdobeARMservice - ok
15:28:10.0308 4984  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:28:10.0398 4984  adp94xx - ok
15:28:10.0442 4984  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:28:10.0514 4984  adpahci - ok
15:28:10.0546 4984  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:28:10.0616 4984  adpu320 - ok
15:28:10.0660 4984  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:28:10.0885 4984  AeLookupSvc - ok
15:28:10.0925 4984  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:28:11.0048 4984  AFD - ok
15:28:11.0091 4984  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:28:11.0146 4984  agp440 - ok
15:28:11.0195 4984  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:28:11.0305 4984  ALG - ok
15:28:11.0355 4984  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:28:11.0408 4984  aliide - ok
15:28:11.0423 4984  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:28:11.0476 4984  amdide - ok
15:28:11.0524 4984  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:28:11.0617 4984  AmdK8 - ok
15:28:11.0628 4984  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:28:11.0711 4984  AmdPPM - ok
15:28:11.0760 4984  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:28:11.0819 4984  amdsata - ok
15:28:11.0845 4984  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:28:11.0908 4984  amdsbs - ok
15:28:11.0927 4984  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:28:11.0981 4984  amdxata - ok
15:28:12.0025 4984  [ 48F957A11AF8B8278C4A38EEEDDD49B9 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
15:28:12.0081 4984  ApfiltrService - ok
15:28:12.0129 4984  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:28:12.0394 4984  AppID - ok
15:28:12.0436 4984  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:28:12.0571 4984  AppIDSvc - ok
15:28:12.0633 4984  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:28:12.0755 4984  Appinfo - ok
15:28:12.0802 4984  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:12.0852 4984  Apple Mobile Device - ok
15:28:12.0900 4984  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:28:12.0956 4984  arc - ok
15:28:12.0967 4984  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:28:13.0027 4984  arcsas - ok
15:28:13.0067 4984  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:13.0197 4984  AsyncMac - ok
15:28:13.0234 4984  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:28:13.0290 4984  atapi - ok
15:28:13.0358 4984  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:13.0566 4984  AudioEndpointBuilder - ok
15:28:13.0629 4984  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:28:13.0758 4984  AudioSrv - ok
15:28:13.0819 4984  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:28:13.0947 4984  AxInstSV - ok
15:28:13.0999 4984  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:28:14.0113 4984  b06bdrv - ok
15:28:14.0161 4984  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:14.0240 4984  b57nd60a - ok
15:28:14.0281 4984  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:28:14.0370 4984  BDESVC - ok
15:28:14.0400 4984  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:28:14.0538 4984  Beep - ok
15:28:14.0654 4984  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:28:14.0799 4984  BFE - ok
15:28:14.0856 4984  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:28:15.0025 4984  BITS - ok
15:28:15.0066 4984  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:28:15.0146 4984  blbdrive - ok
15:28:15.0213 4984  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:28:15.0282 4984  Bonjour Service - ok
15:28:15.0330 4984  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:28:15.0430 4984  bowser - ok
15:28:15.0464 4984  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:28:15.0541 4984  BrFiltLo - ok
15:28:15.0579 4984  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:28:15.0648 4984  BrFiltUp - ok
15:28:15.0659 4984  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:28:15.0793 4984  BridgeMP - ok
15:28:15.0860 4984  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:28:15.0933 4984  Browser - ok
15:28:15.0970 4984  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:28:16.0071 4984  Brserid - ok
15:28:16.0081 4984  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:28:16.0159 4984  BrSerWdm - ok
15:28:16.0194 4984  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:28:16.0271 4984  BrUsbMdm - ok
15:28:16.0281 4984  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:28:16.0356 4984  BrUsbSer - ok
15:28:16.0366 4984  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:28:16.0443 4984  BTHMODEM - ok
15:28:16.0493 4984  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:28:16.0620 4984  bthserv - ok
15:28:16.0662 4984  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:28:16.0797 4984  cdfs - ok
15:28:16.0847 4984  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:28:16.0914 4984  cdrom - ok
15:28:16.0961 4984  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:28:17.0109 4984  CertPropSvc - ok
15:28:17.0164 4984  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:28:17.0253 4984  circlass - ok
15:28:17.0290 4984  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:28:17.0355 4984  CLFS - ok
15:28:17.0435 4984  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:17.0493 4984  clr_optimization_v2.0.50727_32 - ok
15:28:17.0581 4984  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:28:17.0634 4984  clr_optimization_v2.0.50727_64 - ok
15:28:17.0716 4984  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:17.0802 4984  clr_optimization_v4.0.30319_32 - ok
15:28:17.0844 4984  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:28:17.0889 4984  clr_optimization_v4.0.30319_64 - ok
15:28:17.0931 4984  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:18.0004 4984  CmBatt - ok
15:28:18.0151 4984  [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
15:28:18.0308 4984  cmdAgent - ok
15:28:18.0349 4984  [ 2D6DC31AA55BFF702519235DEF0DA68E ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
15:28:18.0390 4984  cmderd - ok
15:28:18.0427 4984  [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
15:28:18.0490 4984  cmdGuard - ok
15:28:18.0516 4984  [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
15:28:18.0558 4984  cmdHlp - ok
15:28:18.0607 4984  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:28:18.0661 4984  cmdide - ok
15:28:18.0712 4984  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:28:18.0820 4984  CNG - ok
15:28:18.0880 4984  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:28:18.0932 4984  Compbatt - ok
15:28:18.0964 4984  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:28:19.0039 4984  CompositeBus - ok
15:28:19.0057 4984  COMSysApp - ok
15:28:19.0082 4984  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:28:19.0136 4984  crcdisk - ok
15:28:19.0188 4984  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:28:19.0266 4984  CryptSvc - ok
15:28:19.0325 4984  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:28:19.0490 4984  DcomLaunch - ok
15:28:19.0549 4984  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:28:19.0709 4984  defragsvc - ok
15:28:19.0779 4984  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:28:19.0911 4984  DfsC - ok
15:28:19.0953 4984  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:28:20.0047 4984  Dhcp - ok
15:28:20.0069 4984  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:28:20.0205 4984  discache - ok
15:28:20.0247 4984  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:28:20.0301 4984  Disk - ok
15:28:20.0333 4984  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:28:20.0433 4984  Dnscache - ok
15:28:20.0491 4984  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:28:20.0619 4984  dot3svc - ok
15:28:20.0702 4984  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
15:28:20.0781 4984  Dot4 - ok
15:28:20.0803 4984  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:28:20.0885 4984  Dot4Print - ok
15:28:20.0904 4984  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
15:28:20.0984 4984  dot4usb - ok
15:28:21.0024 4984  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:28:21.0150 4984  DPS - ok
15:28:21.0177 4984  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:28:21.0262 4984  drmkaud - ok
15:28:21.0321 4984  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:28:21.0420 4984  DXGKrnl - ok
15:28:21.0476 4984  [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
15:28:21.0558 4984  e1yexpress - ok
15:28:21.0611 4984  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:28:21.0768 4984  EapHost - ok
15:28:21.0951 4984  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:28:22.0246 4984  ebdrv - ok
15:28:22.0279 4984  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:28:22.0366 4984  EFS - ok
15:28:22.0456 4984  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:28:22.0613 4984  ehRecvr - ok
15:28:22.0649 4984  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:28:22.0723 4984  ehSched - ok
15:28:22.0784 4984  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:28:22.0873 4984  elxstor - ok
15:28:22.0919 4984  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:28:22.0990 4984  ErrDev - ok
15:28:23.0068 4984  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:28:23.0210 4984  EventSystem - ok
15:28:23.0276 4984  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:28:23.0406 4984  exfat - ok
15:28:23.0442 4984  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:28:23.0587 4984  fastfat - ok
15:28:23.0658 4984  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:28:23.0798 4984  Fax - ok
15:28:23.0827 4984  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:28:23.0905 4984  fdc - ok
15:28:23.0941 4984  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:28:24.0059 4984  fdPHost - ok
15:28:24.0072 4984  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:28:24.0201 4984  FDResPub - ok
15:28:24.0240 4984  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:28:24.0295 4984  FileInfo - ok
15:28:24.0304 4984  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:28:24.0439 4984  Filetrace - ok
15:28:24.0474 4984  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:28:24.0535 4984  flpydisk - ok
15:28:24.0625 4984  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:28:24.0694 4984  FltMgr - ok
15:28:24.0775 4984  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:28:24.0927 4984  FontCache - ok
15:28:24.0974 4984  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:28:25.0232 4984  FontCache3.0.0.0 - ok
15:28:25.0282 4984  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:28:25.0337 4984  FsDepends - ok
15:28:25.0371 4984  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:28:25.0424 4984  Fs_Rec - ok
15:28:25.0478 4984  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:28:25.0550 4984  fvevol - ok
15:28:25.0612 4984  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:28:25.0667 4984  gagp30kx - ok
15:28:25.0706 4984  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:28:25.0750 4984  GEARAspiWDM - ok
15:28:25.0812 4984  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:28:26.0003 4984  gpsvc - ok
15:28:26.0020 4984  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:28:26.0096 4984  hcw85cir - ok
15:28:26.0145 4984  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:28:26.0240 4984  HdAudAddService - ok
15:28:26.0275 4984  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:26.0339 4984  HDAudBus - ok
15:28:26.0370 4984  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:28:26.0456 4984  HidBatt - ok
15:28:26.0474 4984  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:28:26.0556 4984  HidBth - ok
15:28:26.0604 4984  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:28:26.0671 4984  HidIr - ok
15:28:26.0709 4984  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:28:26.0843 4984  hidserv - ok
15:28:26.0913 4984  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:28:26.0975 4984  HidUsb - ok
15:28:27.0004 4984  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:28:27.0158 4984  hkmsvc - ok
15:28:27.0225 4984  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:28:27.0306 4984  HomeGroupListener - ok
15:28:27.0335 4984  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:28:27.0413 4984  HomeGroupProvider - ok
15:28:27.0462 4984  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:28:27.0520 4984  HpSAMD - ok
15:28:27.0662 4984  [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:28:28.0296 4984  HPSLPSVC - ok
15:28:28.0354 4984  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:28:28.0539 4984  HTTP - ok
15:28:28.0583 4984  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:28:28.0637 4984  hwpolicy - ok
15:28:28.0667 4984  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:28:28.0732 4984  i8042prt - ok
15:28:28.0785 4984  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:28:28.0848 4984  iaStorV - ok
15:28:28.0914 4984  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:28:29.0037 4984  idsvc - ok
15:28:29.0342 4984  [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:28:29.0941 4984  igfx - ok
15:28:29.0992 4984  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:28:30.0049 4984  iirsp - ok
15:28:30.0110 4984  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:28:30.0309 4984  IKEEXT - ok
15:28:30.0359 4984  [ C4E67D3037DC79E39D7136581A947F50 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
15:28:30.0411 4984  inspect - ok
15:28:30.0527 4984  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:28:30.0657 4984  IntcAzAudAddService - ok
15:28:30.0689 4984  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:28:30.0744 4984  intelide - ok
15:28:30.0779 4984  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:28:30.0844 4984  intelppm - ok
15:28:30.0872 4984  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:28:31.0012 4984  IPBusEnum - ok
15:28:31.0057 4984  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:31.0179 4984  IpFilterDriver - ok
15:28:31.0244 4984  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:28:31.0374 4984  iphlpsvc - ok
15:28:31.0403 4984  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:28:31.0484 4984  IPMIDRV - ok
15:28:31.0505 4984  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:28:31.0637 4984  IPNAT - ok
15:28:31.0710 4984  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:28:31.0828 4984  iPod Service - ok
15:28:31.0858 4984  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:28:31.0932 4984  IRENUM - ok
15:28:31.0948 4984  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:28:32.0001 4984  isapnp - ok
15:28:32.0042 4984  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:28:32.0112 4984  iScsiPrt - ok
15:28:32.0134 4984  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:32.0188 4984  kbdclass - ok
15:28:32.0231 4984  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:28:32.0300 4984  kbdhid - ok
15:28:32.0324 4984  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:28:32.0387 4984  KeyIso - ok
15:28:32.0428 4984  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:28:32.0486 4984  KSecDD - ok
15:28:32.0539 4984  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:28:32.0600 4984  KSecPkg - ok
15:28:32.0645 4984  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:28:32.0772 4984  ksthunk - ok
15:28:32.0841 4984  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:28:33.0010 4984  KtmRm - ok
15:28:33.0060 4984  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:28:33.0201 4984  LanmanServer - ok
15:28:33.0241 4984  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:28:33.0389 4984  LanmanWorkstation - ok
15:28:33.0519 4984  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:28:33.0652 4984  lltdio - ok
15:28:33.0706 4984  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:28:33.0859 4984  lltdsvc - ok
15:28:33.0903 4984  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:28:34.0044 4984  lmhosts - ok
15:28:34.0110 4984  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:28:34.0169 4984  LSI_FC - ok
15:28:34.0190 4984  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:28:34.0248 4984  LSI_SAS - ok
15:28:34.0275 4984  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:28:34.0333 4984  LSI_SAS2 - ok
15:28:34.0354 4984  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:28:34.0413 4984  LSI_SCSI - ok
15:28:34.0439 4984  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:28:34.0575 4984  luafv - ok
15:28:34.0620 4984  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:28:34.0704 4984  Mcx2Svc - ok
15:28:34.0723 4984  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:28:34.0778 4984  megasas - ok
15:28:34.0830 4984  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:28:34.0899 4984  MegaSR - ok
15:28:34.0942 4984  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:28:35.0075 4984  MMCSS - ok
15:28:35.0126 4984  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:28:35.0262 4984  Modem - ok
15:28:35.0315 4984  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:28:35.0395 4984  monitor - ok
15:28:35.0430 4984  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:28:35.0483 4984  mouclass - ok
15:28:35.0522 4984  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:28:35.0599 4984  mouhid - ok
15:28:35.0632 4984  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:28:35.0688 4984  mountmgr - ok
15:28:35.0745 4984  [ 9CE4C8A46B585EB5103EFE5FDEF3703F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:28:35.0803 4984  MozillaMaintenance - ok
15:28:35.0847 4984  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:28:35.0909 4984  mpio - ok
15:28:35.0940 4984  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:28:36.0064 4984  mpsdrv - ok
15:28:36.0129 4984  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:28:36.0289 4984  MpsSvc - ok
15:28:36.0322 4984  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:28:36.0409 4984  MRxDAV - ok
15:28:36.0449 4984  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:36.0552 4984  mrxsmb - ok
15:28:36.0599 4984  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:36.0671 4984  mrxsmb10 - ok
15:28:36.0724 4984  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:36.0788 4984  mrxsmb20 - ok
15:28:36.0812 4984  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:28:36.0866 4984  msahci - ok
15:28:36.0897 4984  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:28:36.0958 4984  msdsm - ok
15:28:36.0985 4984  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:28:37.0067 4984  MSDTC - ok
15:28:37.0095 4984  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:28:37.0224 4984  Msfs - ok
15:28:37.0251 4984  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:28:37.0385 4984  mshidkmdf - ok
15:28:37.0404 4984  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:28:37.0457 4984  msisadrv - ok
15:28:37.0504 4984  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:28:37.0634 4984  MSiSCSI - ok
15:28:37.0644 4984  msiserver - ok
15:28:37.0684 4984  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:28:37.0821 4984  MSKSSRV - ok
15:28:37.0875 4984  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:38.0008 4984  MSPCLOCK - ok
15:28:38.0018 4984  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:28:38.0171 4984  MSPQM - ok
15:28:38.0237 4984  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:28:38.0306 4984  MsRPC - ok
15:28:38.0338 4984  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:38.0389 4984  mssmbios - ok
15:28:38.0415 4984  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:28:38.0550 4984  MSTEE - ok
15:28:38.0582 4984  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:28:38.0649 4984  MTConfig - ok
15:28:38.0694 4984  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:28:38.0748 4984  Mup - ok
15:28:38.0794 4984  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:28:38.0942 4984  napagent - ok
15:28:39.0003 4984  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:28:39.0095 4984  NativeWifiP - ok
15:28:39.0155 4984  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:28:39.0239 4984  NDIS - ok
15:28:39.0255 4984  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:28:39.0382 4984  NdisCap - ok
15:28:39.0410 4984  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:39.0532 4984  NdisTapi - ok
15:28:39.0549 4984  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:39.0695 4984  Ndisuio - ok
15:28:39.0740 4984  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:39.0883 4984  NdisWan - ok
15:28:39.0913 4984  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:28:40.0053 4984  NDProxy - ok
15:28:40.0123 4984  [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:28:40.0163 4984  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:28:40.0163 4984  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:28:40.0199 4984  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:28:40.0335 4984  NetBIOS - ok
15:28:40.0367 4984  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:28:40.0497 4984  NetBT - ok
15:28:40.0512 4984  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:28:40.0571 4984  Netlogon - ok
15:28:40.0649 4984  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:28:40.0811 4984  Netman - ok
15:28:40.0890 4984  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:28:41.0048 4984  netprofm - ok
15:28:41.0076 4984  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:41.0352 4984  NetTcpPortSharing - ok
15:28:41.0604 4984  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
15:28:42.0010 4984  netw5v64 - ok
15:28:42.0066 4984  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:28:42.0121 4984  nfrd960 - ok
15:28:42.0198 4984  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:28:42.0277 4984  NlaSvc - ok
15:28:42.0356 4984  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:28:42.0481 4984  Npfs - ok
15:28:42.0515 4984  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:28:42.0641 4984  nsi - ok
15:28:42.0673 4984  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:28:42.0802 4984  nsiproxy - ok
15:28:42.0938 4984  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:28:43.0124 4984  Ntfs - ok
15:28:43.0158 4984  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:28:43.0288 4984  Null - ok
15:28:43.0740 4984  [ CBC377A32C076FD7EA2AFED9445FF6E7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:28:44.0663 4984  nvlddmkm - ok
15:28:44.0696 4984  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:28:44.0729 4984  nvraid - ok
15:28:44.0766 4984  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:28:44.0829 4984  nvstor - ok
15:28:44.0864 4984  [ BAAE8AB3DA201F265C914210D1284E1F ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:28:44.0920 4984  nvsvc - ok
15:28:44.0955 4984  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:28:45.0022 4984  nv_agp - ok
15:28:45.0037 4984  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:28:45.0101 4984  ohci1394 - ok
15:28:45.0156 4984  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:28:45.0262 4984  p2pimsvc - ok
15:28:45.0299 4984  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:28:45.0387 4984  p2psvc - ok
15:28:45.0416 4984  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:28:45.0491 4984  Parport - ok
15:28:45.0520 4984  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:28:45.0578 4984  partmgr - ok
15:28:45.0641 4984  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:28:45.0726 4984  PcaSvc - ok
15:28:45.0749 4984  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:28:45.0813 4984  pci - ok
15:28:45.0833 4984  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:28:45.0886 4984  pciide - ok
15:28:45.0926 4984  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:28:45.0991 4984  pcmcia - ok
15:28:46.0016 4984  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:28:46.0071 4984  pcw - ok
15:28:46.0105 4984  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:28:46.0277 4984  PEAUTH - ok
15:28:46.0413 4984  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:28:46.0692 4984  PerfHost - ok
15:28:46.0781 4984  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:28:47.0015 4984  pla - ok
15:28:47.0085 4984  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:28:47.0199 4984  PlugPlay - ok
15:28:47.0285 4984  [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:28:47.0329 4984  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:28:47.0329 4984  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:28:47.0372 4984  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:28:47.0447 4984  PNRPAutoReg - ok
15:28:47.0485 4984  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:28:47.0552 4984  PNRPsvc - ok
15:28:47.0666 4984  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:28:47.0857 4984  PolicyAgent - ok
15:28:47.0903 4984  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:28:48.0036 4984  Power - ok
15:28:48.0134 4984  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:28:48.0256 4984  PptpMiniport - ok
15:28:48.0313 4984  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:28:48.0394 4984  Processor - ok
15:28:48.0434 4984  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:28:48.0524 4984  ProfSvc - ok
15:28:48.0543 4984  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:28:48.0604 4984  ProtectedStorage - ok
15:28:48.0666 4984  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:28:48.0803 4984  Psched - ok
15:28:48.0943 4984  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:28:49.0141 4984  ql2300 - ok
15:28:49.0165 4984  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:28:49.0224 4984  ql40xx - ok
15:28:49.0261 4984  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:28:49.0355 4984  QWAVE - ok
15:28:49.0378 4984  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:28:49.0461 4984  QWAVEdrv - ok
15:28:49.0729 4984  [ 138F7963118EC710C348819C08F72230 ] Radio.fx        D:\Tobit Radio.fx\Server\rfx-server.exe
15:28:49.0970 4984  Radio.fx - ok
15:28:50.0022 4984  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:28:50.0144 4984  RasAcd - ok
15:28:50.0186 4984  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:28:50.0309 4984  RasAgileVpn - ok
15:28:50.0364 4984  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:28:50.0504 4984  RasAuto - ok
15:28:50.0554 4984  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:50.0706 4984  Rasl2tp - ok
15:28:50.0756 4984  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:28:50.0894 4984  RasMan - ok
15:28:50.0947 4984  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:51.0080 4984  RasPppoe - ok
15:28:51.0137 4984  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:28:51.0271 4984  RasSstp - ok
15:28:51.0342 4984  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:28:51.0492 4984  rdbss - ok
15:28:51.0508 4984  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:28:51.0592 4984  rdpbus - ok
15:28:51.0626 4984  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:51.0754 4984  RDPCDD - ok
15:28:51.0825 4984  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:28:51.0953 4984  RDPENCDD - ok
15:28:52.0008 4984  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:28:52.0130 4984  RDPREFMP - ok
15:28:52.0204 4984  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:28:52.0291 4984  RdpVideoMiniport - ok
15:28:52.0330 4984  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:28:52.0426 4984  RDPWD - ok
15:28:52.0471 4984  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:28:52.0534 4984  rdyboost - ok
15:28:52.0601 4984  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:28:52.0730 4984  RemoteAccess - ok
15:28:52.0778 4984  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:28:52.0917 4984  RemoteRegistry - ok
15:28:53.0019 4984  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:28:53.0141 4984  RpcEptMapper - ok
15:28:53.0208 4984  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:28:53.0286 4984  RpcLocator - ok
15:28:53.0334 4984  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:28:53.0468 4984  RpcSs - ok
15:28:53.0532 4984  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:28:53.0700 4984  rspndr - ok
15:28:53.0730 4984  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:28:53.0788 4984  SamSs - ok
15:28:53.0965 4984  [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
15:28:54.0142 4984  SBAMSvc - ok
15:28:54.0219 4984  [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs         C:\Windows\system32\DRIVERS\sbapifs.sys
15:28:54.0264 4984  sbapifs - ok
15:28:54.0318 4984  [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw            C:\Windows\system32\drivers\SbFw.sys
15:28:54.0373 4984  SbFw - ok
15:28:54.0412 4984  [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL        C:\Windows\system32\DRIVERS\sbfwim.sys
15:28:54.0459 4984  SBFWIMCL - ok
15:28:54.0473 4984  [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP      C:\Windows\system32\DRIVERS\SBFWIM.sys
15:28:54.0516 4984  SBFWIMCLMP - ok
15:28:54.0547 4984  [ B671EEF468D13016B9286F5835A06AE1 ] SbHips          C:\Windows\system32\drivers\sbhips.sys
15:28:54.0600 4984  SbHips - ok
15:28:54.0647 4984  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:28:54.0707 4984  sbp2port - ok
15:28:54.0742 4984  [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE            C:\Windows\system32\drivers\SBREdrv.sys
15:28:54.0787 4984  SBRE - ok
15:28:54.0806 4984  [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis          C:\Windows\system32\DRIVERS\sbwtis.sys
15:28:54.0853 4984  sbwtis - ok
15:28:54.0897 4984  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:28:55.0031 4984  SCardSvr - ok
15:28:55.0077 4984  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:28:55.0204 4984  scfilter - ok
15:28:55.0266 4984  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:28:55.0486 4984  Schedule - ok
15:28:55.0516 4984  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:28:55.0631 4984  SCPolicySvc - ok
15:28:55.0687 4984  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:28:55.0780 4984  SDRSVC - ok
15:28:55.0829 4984  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:28:55.0968 4984  secdrv - ok
15:28:56.0036 4984  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:28:56.0158 4984  seclogon - ok
15:28:56.0214 4984  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:28:56.0356 4984  SENS - ok
15:28:56.0467 4984  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:28:56.0564 4984  SensrSvc - ok
15:28:56.0643 4984  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:28:56.0715 4984  Serenum - ok
15:28:56.0744 4984  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:28:56.0821 4984  Serial - ok
15:28:56.0834 4984  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:28:56.0912 4984  sermouse - ok
15:28:56.0982 4984  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:28:57.0120 4984  SessionEnv - ok
15:28:57.0132 4984  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:28:57.0201 4984  sffdisk - ok
15:28:57.0262 4984  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:28:57.0344 4984  sffp_mmc - ok
15:28:57.0360 4984  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:28:57.0432 4984  sffp_sd - ok
15:28:57.0462 4984  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:28:57.0536 4984  sfloppy - ok
15:28:57.0615 4984  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:28:57.0780 4984  SharedAccess - ok
15:28:57.0878 4984  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:28:58.0011 4984  ShellHWDetection - ok
15:28:58.0047 4984  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:28:58.0102 4984  SiSRaid2 - ok
15:28:58.0138 4984  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:28:58.0194 4984  SiSRaid4 - ok
15:28:58.0231 4984  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:28:58.0360 4984  Smb - ok
15:28:58.0414 4984  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:28:58.0497 4984  SNMPTRAP - ok
15:28:58.0523 4984  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:28:58.0578 4984  spldr - ok
15:28:58.0643 4984  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:28:58.0733 4984  Spooler - ok
15:28:58.0874 4984  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:28:59.0096 4984  sppsvc - ok
15:28:59.0127 4984  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:28:59.0255 4984  sppuinotify - ok
15:28:59.0308 4984  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:28:59.0428 4984  srv - ok
15:28:59.0462 4984  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:28:59.0556 4984  srv2 - ok
15:28:59.0591 4984  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:28:59.0658 4984  srvnet - ok
15:28:59.0716 4984  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:28:59.0843 4984  SSDPSRV - ok
15:28:59.0878 4984  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:29:00.0008 4984  SstpSvc - ok
15:29:00.0077 4984  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:29:00.0130 4984  stexstor - ok
15:29:00.0162 4984  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:29:00.0239 4984  StillCam - ok
15:29:00.0311 4984  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:29:00.0450 4984  stisvc - ok
15:29:00.0484 4984  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:29:00.0536 4984  swenum - ok
15:29:00.0628 4984  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:29:00.0829 4984  swprv - ok
15:29:00.0913 4984  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:29:01.0125 4984  SysMain - ok
15:29:01.0169 4984  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:01.0265 4984  TabletInputService - ok
15:29:01.0295 4984  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:29:01.0462 4984  TapiSrv - ok
15:29:01.0486 4984  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:29:01.0613 4984  TBS - ok
15:29:01.0722 4984  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:29:01.0899 4984  Tcpip - ok
15:29:01.0992 4984  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:29:02.0112 4984  TCPIP6 - ok
15:29:02.0215 4984  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:29:02.0276 4984  tcpipreg - ok
15:29:02.0328 4984  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:29:02.0424 4984  TDPIPE - ok
15:29:02.0460 4984  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:29:02.0525 4984  TDTCP - ok
15:29:02.0607 4984  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:29:02.0729 4984  tdx - ok
15:29:02.0767 4984  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:29:02.0822 4984  TermDD - ok
15:29:02.0880 4984  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:29:03.0067 4984  TermService - ok
15:29:03.0086 4984  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:29:03.0162 4984  Themes - ok
15:29:03.0179 4984  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:29:03.0300 4984  THREADORDER - ok
15:29:03.0340 4984  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:29:03.0475 4984  TrkWks - ok
15:29:03.0535 4984  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:03.0662 4984  TrustedInstaller - ok
15:29:03.0703 4984  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:03.0837 4984  tssecsrv - ok
15:29:03.0894 4984  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:29:03.0981 4984  TsUsbFlt - ok
15:29:04.0028 4984  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:29:04.0087 4984  TsUsbGD - ok
15:29:04.0132 4984  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:29:04.0261 4984  tunnel - ok
15:29:04.0290 4984  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:29:04.0347 4984  uagp35 - ok
15:29:04.0389 4984  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:29:04.0522 4984  udfs - ok
15:29:04.0640 4984  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:29:04.0726 4984  UI0Detect - ok
15:29:04.0763 4984  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:29:04.0819 4984  uliagpkx - ok
15:29:04.0883 4984  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:29:04.0963 4984  umbus - ok
15:29:04.0976 4984  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:29:05.0046 4984  UmPass - ok
15:29:05.0096 4984  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:29:05.0242 4984  upnphost - ok
15:29:05.0295 4984  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:29:05.0382 4984  usbaudio - ok
15:29:05.0425 4984  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:05.0507 4984  usbccgp - ok
15:29:05.0608 4984  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:29:05.0680 4984  usbcir - ok
15:29:05.0708 4984  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:29:05.0783 4984  usbehci - ok
15:29:05.0835 4984  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:29:05.0927 4984  usbhub - ok
15:29:05.0974 4984  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:29:06.0040 4984  usbohci - ok
15:29:06.0099 4984  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:29:06.0184 4984  usbprint - ok
15:29:06.0250 4984  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:29:06.0318 4984  usbscan - ok
15:29:06.0348 4984  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:06.0427 4984  USBSTOR - ok
15:29:06.0474 4984  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:29:06.0543 4984  usbuhci - ok
15:29:06.0629 4984  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:29:06.0769 4984  UxSms - ok
15:29:06.0820 4984  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:29:06.0878 4984  VaultSvc - ok
15:29:06.0929 4984  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:29:06.0982 4984  vdrvroot - ok
15:29:07.0032 4984  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:29:07.0209 4984  vds - ok
15:29:07.0233 4984  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:07.0302 4984  vga - ok
15:29:07.0320 4984  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:29:07.0455 4984  VgaSave - ok
15:29:07.0490 4984  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:29:07.0556 4984  vhdmp - ok
15:29:07.0604 4984  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:29:07.0659 4984  viaide - ok
15:29:07.0673 4984  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:29:07.0729 4984  volmgr - ok
15:29:07.0760 4984  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:29:07.0835 4984  volmgrx - ok
15:29:07.0866 4984  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:29:07.0936 4984  volsnap - ok
15:29:07.0982 4984  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:29:08.0043 4984  vsmraid - ok
15:29:08.0128 4984  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:29:08.0367 4984  VSS - ok
15:29:08.0387 4984  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:29:08.0466 4984  vwifibus - ok
15:29:08.0508 4984  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:29:08.0641 4984  W32Time - ok
15:29:08.0704 4984  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:29:08.0776 4984  WacomPen - ok
15:29:08.0828 4984  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:29:08.0966 4984  WANARP - ok
15:29:08.0979 4984  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:29:09.0094 4984  Wanarpv6 - ok
15:29:09.0188 4984  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:29:09.0371 4984  wbengine - ok
15:29:09.0407 4984  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:29:09.0496 4984  WbioSrvc - ok
15:29:09.0568 4984  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:29:09.0667 4984  wcncsvc - ok
15:29:09.0691 4984  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:09.0791 4984  WcsPlugInService - ok
15:29:09.0833 4984  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:29:09.0887 4984  Wd - ok
15:29:09.0948 4984  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:29:10.0067 4984  Wdf01000 - ok
15:29:10.0101 4984  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:29:10.0240 4984  WdiServiceHost - ok
15:29:10.0253 4984  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:29:10.0330 4984  WdiSystemHost - ok
15:29:10.0367 4984  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:29:10.0467 4984  WebClient - ok
15:29:10.0497 4984  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:29:10.0646 4984  Wecsvc - ok
15:29:10.0700 4984  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:29:10.0826 4984  wercplsupport - ok
15:29:10.0892 4984  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:29:11.0015 4984  WerSvc - ok
15:29:11.0078 4984  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:11.0198 4984  WfpLwf - ok
15:29:11.0254 4984  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:29:11.0309 4984  WIMMount - ok
15:29:11.0327 4984  WinDefend - ok
15:29:11.0353 4984  WinHttpAutoProxySvc - ok
15:29:11.0413 4984  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:29:11.0548 4984  Winmgmt - ok
15:29:11.0700 4984  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:29:11.0933 4984  WinRM - ok
15:29:12.0023 4984  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:29:12.0174 4984  Wlansvc - ok
15:29:12.0198 4984  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:29:12.0260 4984  WmiAcpi - ok
15:29:12.0305 4984  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:29:12.0384 4984  wmiApSrv - ok
15:29:12.0443 4984  WMPNetworkSvc - ok
15:29:12.0480 4984  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:29:12.0559 4984  WPCSvc - ok
15:29:12.0581 4984  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:29:12.0655 4984  WPDBusEnum - ok
15:29:12.0691 4984  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:29:12.0812 4984  ws2ifsl - ok
15:29:12.0832 4984  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:29:12.0914 4984  wscsvc - ok
15:29:12.0928 4984  WSearch - ok
15:29:13.0060 4984  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:29:13.0202 4984  wuauserv - ok
15:29:13.0255 4984  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:29:13.0336 4984  WudfPf - ok
15:29:13.0395 4984  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:13.0477 4984  WUDFRd - ok
15:29:13.0527 4984  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:29:13.0611 4984  wudfsvc - ok
15:29:13.0659 4984  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:29:13.0748 4984  WwanSvc - ok
15:29:13.0779 4984  ================ Scan global ===============================
15:29:13.0844 4984  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:29:13.0892 4984  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:29:13.0914 4984  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:29:13.0952 4984  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:29:13.0987 4984  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:29:13.0998 4984  [Global] - ok
15:29:13.0999 4984  ================ Scan MBR ==================================
15:29:14.0019 4984  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:29:14.0527 4984  \Device\Harddisk0\DR0 - ok
15:29:14.0534 4984  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:29:14.0878 4984  \Device\Harddisk1\DR1 - ok
15:29:14.0879 4984  ================ Scan VBR ==================================
15:29:14.0885 4984  [ 756AC5B371C9FAF69D6F7172119E9CDE ] \Device\Harddisk0\DR0\Partition1
15:29:14.0888 4984  \Device\Harddisk0\DR0\Partition1 - ok
15:29:14.0935 4984  [ 856A7711EE9BA389A5014FFD3B9A3891 ] \Device\Harddisk0\DR0\Partition2
15:29:14.0938 4984  \Device\Harddisk0\DR0\Partition2 - ok
15:29:14.0945 4984  [ 0C84BD2881D4CBFF104220F5756590AA ] \Device\Harddisk1\DR1\Partition1
15:29:14.0948 4984  \Device\Harddisk1\DR1\Partition1 - ok
15:29:14.0974 4984  [ 252E3CD0B287BF44C14E5C31AB6D36AB ] \Device\Harddisk1\DR1\Partition2
15:29:14.0977 4984  \Device\Harddisk1\DR1\Partition2 - ok
15:29:14.0978 4984  ============================================================
15:29:14.0978 4984  Scan finished
15:29:14.0978 4984  ============================================================
15:29:15.0006 3508  Detected object count: 2
15:29:15.0006 3508  Actual detected object count: 2
15:29:38.0242 3508  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:38.0243 3508  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:38.0248 3508  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:38.0248 3508  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Miniaturansicht angehängter Grafiken
TrojWare.JS.Agent.IL in AdAware eingenistet?-mbar.gif  

Geändert von Hennes2000 (26.04.2013 um 14:31 Uhr)

Alt 26.04.2013, 15:13   #10
smeenk
/// Malwareteam / Visitor
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Es ist mir immer noch nicht klar ob da wirklich etwas schlimmes los is.

Versuch Combofix zu drehen im Abgesicherten Modus:
Starten des Computers im abgesicherten Modus

Alt 26.04.2013, 16:00   #11
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Im abgesicherten Modus war es deutlich erfolgreicher!
Zwar hat er gemeckert, dass Comodo und AdAware auf wären, aber das nahm er auch an nachdem ich alle Dienste im Task-Manager geschlossen hatte. Er hat mir das auch nur noch mitgeteilt und die Prüfung so oder so begonnen. War eher eine Information als eine Frage.

Hier die ComboFix.txt:
Code:
ATTFilter
ComboFix 13-04-25.01 - Frank 26.04.2013  16:42:08.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4029.3395 [GMT 2:00]
ausgeführt von:: c:\users\Frank\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-26 bis 2013-04-26  ))))))))))))))))))))))))))))))
.
.
2013-04-25 23:50 . 2013-04-26 00:03	--------	d-----w-	C:\zoek
2013-04-25 22:29 . 2013-04-25 22:29	--------	d-----w-	c:\windows\SysWow64\zoek
2013-04-24 06:26 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-22 06:46 . 2013-02-22 06:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-04-22 06:45 . 2013-02-22 06:15	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-04-22 06:45 . 2013-02-22 06:15	816640	----a-w-	c:\windows\system32\jscript.dll
2013-04-22 06:45 . 2013-02-22 06:13	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-04-22 06:45 . 2013-02-22 06:21	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2013-04-22 06:45 . 2013-02-22 03:39	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-04-22 06:45 . 2013-02-22 03:38	387584	----a-w-	c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-04-22 06:45 . 2013-02-22 06:22	887808	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2013-04-22 06:45 . 2013-02-22 06:57	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-04-22 06:45 . 2013-02-22 06:29	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-04-22 06:38 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-04-22 06:38 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-04-22 06:38 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-04-22 06:38 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-04-22 06:38 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-04-22 06:38 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-04-22 06:38 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-04-10 19:26 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 19:26 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 19:26 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 19:26 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 19:26 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:26 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-10 19:26 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 19:26 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-09 16:55 . 2013-04-09 16:55	--------	d-----w-	c:\users\Frank\Heldenverwaltung
2013-04-09 16:55 . 2013-04-09 16:55	--------	d--h--w-	c:\program files (x86)\InstallJammer Registry
2013-04-09 16:54 . 2013-04-09 16:54	--------	d-----w-	c:\program files (x86)\Heldenverwaltung
2013-04-03 10:50 . 2013-04-03 10:51	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 06:51 . 2012-05-31 00:21	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-23 16:32 . 2013-03-23 16:32	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-23 16:32 . 2012-11-18 11:55	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-23 16:32 . 2012-11-18 11:55	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 12:47	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 12:47	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 12:47	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 12:47	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 12:47	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:47	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-15 08:39	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2013-02-01 903712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2011-11-18 3673944]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
R3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-11-07 22736]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000Core.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 19:50]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000UA.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 19:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-04-09 265216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-22 16336416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\znnduw6f.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-26  16:48:15
ComboFix-quarantined-files.txt  2013-04-26 14:48
.
Vor Suchlauf: 8 Verzeichnis(se), 22.170.013.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 23.869.890.560 Bytes frei
.
- - End Of File - - 8CA77EAA1AF1AD0078DDAF0B1C2227D7
         

Alt 26.04.2013, 17:25   #12
smeenk
/// Malwareteam / Visitor
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld:

Code:
ATTFilter
C:\Users\Frank\AppData\Local\adaware\data;vs
         
Drucke "Run Script".

Poste mir das neue Log von Zoek.

Alt 26.04.2013, 19:11   #13
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Log ist zu lang zum Posten und zu groß zum Anhängen als log-Datei (250k).
Hänge es deshalb als Zip an.

Alt 26.04.2013, 19:38   #14
smeenk
/// Malwareteam / Visitor
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld:

Code:
ATTFilter
type C:\Users\Frank\AppData\Local\adaware\data\130426071018-l.list>>log.txt;b
         
Drucke "Run Script".

Poste mir das neue Log von Zoek.

Alt 26.04.2013, 19:59   #15
Hennes2000
 
TrojWare.JS.Agent.IL in AdAware eingenistet? - Standard

TrojWare.JS.Agent.IL in AdAware eingenistet?



Neu
Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 13-April-2013
Tool run by Frank on 26.04.2013 at 20:43:28,76.

Running in: Normal Mode No Internet Access Detected

==== Batch Command(s) Run By Tool======================

222.236.44.17/%7eimapseoul/paypal.com/paypal
88.208.233.253/.ep/ep.htm
abpersonaltraining.com/wp-admin/includes/www.nwolb.com/1_source.php?https://www.nwolb.com/default.aspx?refererident=77c0acc69d1e33f28a475882ff386cf92095694f&amp;cookieid=193636&amp;noscr=false&amp;cookiecheck=2012-04-03t04:20:14
bani-net-azi.ro/wp-content/themes/pure-line/library/functions/uco/index2.html
bapmaquinaria.com.mx/components/paypal/www.paypal.comuscgi-binwebscrcmd=_login-submit/64769abc949c993962025ce7e0d4c4ac/
bapmaquinaria.com.mx/components/paypal/www.paypal.comuscgi-binwebscrcmd=_login-submit/6d9fe19b2827c85e16acd86e7ed581ad/
customer.service.confirm.paypal.com.cgi.bin.webscr.cmd.login.submit.dispatch.9267d8.80a1a67d8.db167d8.4e635267d8.80a17d67d80a13faee6d6767d8.110b67d8.e98767asdsa4c752sd467d8.granciasi67d8.das67d8.fitnessmodels.com.br/logto/a91de16884f606f37dc89ba01e9bf719/
dl.dropboxusercontent.com/u/59315736/client.exe
dl.dropboxusercontent.com/u/74470609/photoinstrument.exe
downloads.ptf.com/stor2/0/219/itunes.exe
downloads.ptf.com/stor2/36/36238/tncremont.exe
elcirculocafe.com.ar/caixaeconomica.php
fc13.userfiles.me/f/081054214170194092147237205234222076180092231059/1366222422/34922013/0/269632a286f976f8c14873345fd989a6/aktivacija_windows_7_loader-spaces.ru.exe
ictjournal.co.uk/secure-code4/security/login.php
jifrex.com/dorc/asmon/sbn/per.dery/m/icus.php
mezonbarboza.com.br/cgi-sys/suspendedpage.cgi?url=hxxp://www.cyberlink.com/english/download/affiliate.jsp?clid=2581_-1_20_enu-02-2013-apr-gb-aboutcl_0&amp;redirecturl=hxxp://www.cyberlink.com/english/companybg/company_bg.jsp?utm_campaign=edm%26utm_
paypal.com.cgi-bin-webscr-cmd-login-submit-dispatch-536616.9315cf1b2a6612a663.d3fa66.2f7415cf1b7415c885d8.0a8e28ee8d19.5a579f1b.lihakoe.co.za/cgibin/confirm/processing/cmd=/47a351c140256a21e7b229c0c346ba5b/
redirecionamentofaturazero.com/copa/cielo/cadastro.php
rosebeanevents.com/blog/wp-includes/text/diff/engine/rino/login/secure-code117/security/login.php
simeuqueroseguro.site11.com/promocoes/vouchers/cadastro/usernovo2013edit01cadastro338413/index.shtml
utgw42sw8.hdmediastore.com/logo.png
www.burracoweb.it/tw.exe
www.cebit.at/teamviewerqs.exe
www.dbdpix.20megsfree.com/marriagemindedpeoplemeet.html
www.falcogames.com/distributives/forestlifesetup.exe
www.falcogames.com/distributives/seaattacksetup.exe
www.falcogames.com/distributives/xoloxsetup.exe
www.m8000.com.br/emerson1/emerson1/link.php?m=100416&amp;n=90&amp;l=15&amp;f=h
         
Ohne wirklich zu wissen, was da drin steckt: Sieht doch mal nach mehr Erkenntnissen aus.
Und weil ich nicht will, dass es untergeht wiederhole ich mich auch gerne: Danke für die Mühen.

Antwort

Themen zu TrojWare.JS.Agent.IL in AdAware eingenistet?
7-zip, ad-aware, adaware, application/pdf:, bluescreen, bonjour, comodo internet security, converter, desktop, downloader, error, fehlalarm, firefox, flash player, google, hilfreich, home, install.exe, js.agent.il, logfile, malware, minidump, mp3, ntdll.dll, problem, realtek, scan, schädling, security, server, software, svchost.exe, trojaner, windows, youtube downloader



Ähnliche Themen: TrojWare.JS.Agent.IL in AdAware eingenistet?


  1. Werde TrojWare.JS.Agend.PD@300743807 nicht los
    Log-Analyse und Auswertung - 19.07.2015 (23)
  2. Windows 7 N: Comodo endeckt TrojWare.JS.Agent.PD@300743807 immer wieder in Firefox Unterordnern
    Log-Analyse und Auswertung - 11.07.2015 (5)
  3. Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los
    Log-Analyse und Auswertung - 06.07.2015 (18)
  4. Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache
    Log-Analyse und Auswertung - 20.06.2015 (19)
  5. TrojWare.Win32.VB.HEFF@312803905
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (3)
  6. TrojWare.Win32.Buzus.carj@283207124
    Log-Analyse und Auswertung - 27.03.2013 (34)
  7. Commodo meldet: TrojWare.JS.TrojanDownloader.Expack.SY@284715804
    Log-Analyse und Auswertung - 21.08.2012 (37)
  8. TrojWare.Win32.Simda.C@282510848 Kann mir jemand helfen!
    Log-Analyse und Auswertung - 07.06.2012 (3)
  9. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Log-Analyse und Auswertung - 06.04.2012 (3)
  10. TrojWare.Win32.Trojan.Agent.Gen@1 in temp/upd.exe gefunden! Lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (16)
  11. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  12. TrojWare.Win32.Trojan.Agent.Gen@146264662 in systempack107_2121.exe
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (39)
  13. Virenmeldung TrojWare.Win32.Krap.T@-1
    Plagegeister aller Art und deren Bekämpfung - 17.12.2010 (1)
  14. Malware eingenistet?
    Log-Analyse und Auswertung - 03.11.2010 (1)
  15. Div. Viren / Adaware funde (Adaware Zango...) - Systemuhr festellt sich ständig
    Plagegeister aller Art und deren Bekämpfung - 10.09.2009 (18)
  16. Adaware.agent.bn. videoplugin, at und it infiziert + TC/IP defekt
    Log-Analyse und Auswertung - 19.04.2008 (1)
  17. Trojaner eingenistet
    Log-Analyse und Auswertung - 07.06.2006 (9)

Zum Thema TrojWare.JS.Agent.IL in AdAware eingenistet? - Hallo, ich habe mir evtl. o.g. Schädling eingefangen, der sich anscheinend in AdAware eingenistet hat. Über welchen Weg ich ihn bekommen habe, weiss ich nicht, aber außer Surfen fällt mir - TrojWare.JS.Agent.IL in AdAware eingenistet?...
Archiv
Du betrachtest: TrojWare.JS.Agent.IL in AdAware eingenistet? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.