| |
| |||||||
Log-Analyse und Auswertung: Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.04.2013, 20:10
| #1 |
 |  Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Guten Abend! Wenn ich den Firefox Browser starte, dann erscheint unten links oder rechts jeweils der Text "Verbunden mit shpr.co...". Der Browser ist auch merklich langsamer und es öffnen sich Werbefenster! Ich habe dieses Thema bereits gefunden und habe auch die 4 Schirtt-Anleitung wie auf http://www.trojaner-board.de/133245-...befenster.html beschrieben bereits ausprobiert, aber es erscheint der Text und die Werbefenster immernoch. Ich konnte einige Programme und Toolbars entfernen. Die Logfiles habe ich im Anhang angehängt. Ich musste den Adwcleaner 3 Mal, und den FTC 2 Mal laufen lassen. Von allen Durchgängen sind die Logfiles vorhanden. Diese Problem habe ich seit ca. 2 Monaten, jedoch kann ich mich nicht daran erinnern, dass ich ein neues Programm oder eine Software installiert habe. Norton machte heute folgende Meldung: Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 07.04.2013 18:41:10,Hoch,gfiltersvc.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\system32\gfiltersvc.exe Im Firefox Browser habe ich zusätzlich die Toolbar von Yahoo entfernt. Ich habe im Google noch nichts vergleichbares und hilfreiches gefunden. Ich hoffe ihr könnt mir noch einen Tipp geben, wie ich diese Sache wieder beheben kann. Besten Dank schon im Voraus. Freundliche Grüsse |
|
08.04.2013, 16:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.04.2013, 13:12
| #3 |
| | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Da ich in Sachen PC überhaupt keine Ahnung habe, post ich hier mal den Sicherheitsverlauf von Norton. Ich hoffe, ich habe die richtigen, welche du meintes.
__________________Falls das die falschen sind, wo finde ich die richtigen Logfiles unter Norton / Windows 7? Vielen vielen Dank schon im Voraus. Gruss Jürg Es hätte noch hunderte mehr. Genügt das für dich? Files nach Datum. 1. Datei: Code:
ATTFilter Dateiname: gfiltersvc.exe
Bedrohungsname: SONAR.Heuristic
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Sehr wenige Benutzer,* Sehr neu,* Risiko Hoch
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 4
____________________________
Auf Computern ab*07.04.2013 um 18:37:42
Zuletzt verwendet*07.04.2013 um 18:37:42
Start-Element*Nein
Gestarted*Ja
____________________________
Sehr wenige Benutzer
Weniger als 5 Benutzer in der Norton Community haben diese Datei verwendet.
Sehr neu
Diese Datei wurde vor weniger als 1 Woche veröffentlicht.
Hoch
Das Risiko dieser Datei ist hoch.
SONAR-Schutz überwacht Ihren Computer auf verdächtige Programmaktivitäten.
____________________________
Quelle: externe Medien
Quelldatei:
gutscheinfilter_r686.exeDatei erstellt:
gfiltersvc.exe
____________________________
Dateiaktionen
Datei: c:\windows\system32\gfiltersvc.exeentfernt
____________________________
Systemeinstellungsaktionen
Ereignis: Prozessstart (Ausgeführt von c:\windows\system32\gfiltersvc.exe, PID:4332)Keine Aktion unternommen
Ereignis: Prozessstart: c:\windows\system32\gfiltersvc.exe, PID:4332 (Ausgeführt von c:\windows\system32\gfiltersvc.exe, PID:4332)Keine Aktion unternommen
____________________________
Verdächtige Aktionen
(Ausgeführt von c:\windows\system32\gfiltersvc.exe, PID:4332)Keine Aktion unternommen
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: Tracking Cookies
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Gering
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 5
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*02.04.2013 um 19:35:01
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Gering
Das Risiko dieser Datei ist niedrig.
Art der Bedrohung: Tracking Cookies. Ein Tracking Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Quelle: externe Medien
____________________________
Tracking Cookies
Tracking cookie: .doubleclick.netentfernt
Tracking cookie: .apmebf.comentfernt
Tracking cookie: .mediaplex.comentfernt
Tracking cookie: Nachbearbeitungentfernt
Tracking cookie: Verwaiste Elemente bereinigenentfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: Tracking Cookies
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Gering
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 42
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*19.03.2013 um 14:49:14
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Gering
Das Risiko dieser Datei ist niedrig.
Art der Bedrohung: Tracking Cookies. Ein Tracking Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Quelle: externe Medien
____________________________
Tracking Cookies
Tracking cookie: Cookie:jürg@network.realmedia.com/entfernt
Tracking cookie: Cookie:jürg@realmedia.com/entfernt
Tracking cookie: Cookie:jürg@doubleclick.net/entfernt
Tracking cookie: Cookie:jürg@zedo.com/entfernt
Tracking cookie: .smartadserver.comentfernt
Tracking cookie: .adtech.deentfernt
Tracking cookie: .serving-sys.comentfernt
Tracking cookie: ad.yieldmanager.comentfernt
Tracking cookie: track.adform.netentfernt
Tracking cookie: .revsci.netentfernt
Tracking cookie: .atdmt.comentfernt
Tracking cookie: .liveperson.netentfernt
Tracking cookie: googleads.g.doubleclick.netentfernt
Tracking cookie: sales.liveperson.netentfernt
Tracking cookie: .mediaplex.comentfernt
Tracking cookie: .apmebf.comentfernt
Tracking cookie: .zedo.comentfernt
Tracking cookie: .ivwbox.deentfernt
Tracking cookie: .adfarm1.adition.comentfernt
Tracking cookie: .doubleclick.netentfernt
Tracking cookie: .rubiconproject.comentfernt
Tracking cookie: aka-cdn-ns.adtech.deentfernt
Tracking cookie: .tradedoubler.comentfernt
Tracking cookie: .intellitxt.comentfernt
Tracking cookie: .tacoda.at.atwola.comentfernt
Tracking cookie: .ar.atwola.comentfernt
Tracking cookie: ad.zanox.comentfernt
Tracking cookie: .atwola.comentfernt
Tracking cookie: .advertising.comentfernt
Tracking cookie: .at.atwola.comentfernt
Tracking cookie: .xiti.comentfernt
Tracking cookie: ad2.adfarm1.adition.comentfernt
Tracking cookie: .adverserve.netentfernt
Tracking cookie: ww251.smartadserver.comentfernt
Tracking cookie: tap.rubiconproject.comentfernt
Tracking cookie: ad1.adfarm1.adition.comentfernt
Tracking cookie: ad4.adfarm1.adition.comentfernt
Tracking cookie: .pixel.rubiconproject.comentfernt
Tracking cookie: .casalemedia.comentfernt
Tracking cookie: statse.webtrendslive.comentfernt
Tracking cookie: Nachbearbeitungentfernt
Tracking cookie: Verwaiste Elemente bereinigenentfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: Tracking Cookies
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Gering
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 62
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*11.02.2013 um 16:40:32
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Gering
Das Risiko dieser Datei ist niedrig.
Art der Bedrohung: Tracking Cookies. Ein Tracking Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Quelle: externe Medien
____________________________
Tracking Cookies
Tracking cookie: Cookie:jürg@realmedia.com/entfernt
Tracking cookie: Cookie:jürg@doubleclick.net/entfernt
Tracking cookie: Cookie:jürg@zedo.com/entfernt
Tracking cookie: .adtech.deentfernt
Tracking cookie: .ivwbox.deentfernt
Tracking cookie: .adfarm1.adition.comentfernt
Tracking cookie: .serving-sys.comentfernt
Tracking cookie: ad.yieldmanager.comentfernt
Tracking cookie: .247realmedia.comentfernt
Tracking cookie: .fastclick.netentfernt
Tracking cookie: .rubiconproject.comentfernt
Tracking cookie: tap2-cdn.rubiconproject.comentfernt
Tracking cookie: .quantserve.comentfernt
Tracking cookie: .yieldmanager.netentfernt
Tracking cookie: .at.atwola.comentfernt
Tracking cookie: .revsci.netentfernt
Tracking cookie: .adbrite.comentfernt
Tracking cookie: .atdmt.comentfernt
Tracking cookie: .partypoker.comentfernt
Tracking cookie: .de.partypoker.comentfernt
Tracking cookie: .yadro.ruentfernt
Tracking cookie: .apmebf.comentfernt
Tracking cookie: .mediaplex.comentfernt
Tracking cookie: .smartadserver.comentfernt
Tracking cookie: .intellitxt.comentfernt
Tracking cookie: .2o7.netentfernt
Tracking cookie: .questionmarket.comentfernt
Tracking cookie: ad1.adfarm1.adition.comentfernt
Tracking cookie: .xiti.comentfernt
Tracking cookie: .zedo.comentfernt
Tracking cookie: .conrad.122.2o7.netentfernt
Tracking cookie: stat.dealtime.comentfernt
Tracking cookie: .tradedoubler.comentfernt
Tracking cookie: m1.webstats.motigo.comentfernt
Tracking cookie: .homestore.comentfernt
Tracking cookie: .cewecolor.112.2o7.netentfernt
Tracking cookie: .ads.pointroll.comentfernt
Tracking cookie: testdata.coremetrics.comentfernt
Tracking cookie: .liveperson.netentfernt
Tracking cookie: server.lon.liveperson.netentfernt
Tracking cookie: .estat.comentfernt
Tracking cookie: .burstnet.comentfernt
Tracking cookie: .casalemedia.comentfernt
Tracking cookie: .overture.comentfernt
Tracking cookie: adfarm1.adition.comentfernt
Tracking cookie: .secure.tiscover.comentfernt
Tracking cookie: ww251.smartadserver.comentfernt
Tracking cookie: .doubleclick.netentfernt
Tracking cookie: ad4.adfarm1.adition.comentfernt
Tracking cookie: ad2.adfarm1.adition.comentfernt
Tracking cookie: .advertising.comentfernt
Tracking cookie: tap.rubiconproject.comentfernt
Tracking cookie: track.adform.netentfernt
Tracking cookie: .bs.serving-sys.comentfernt
Tracking cookie: .pixel.rubiconproject.comentfernt
Tracking cookie: ad.zanox.comentfernt
Tracking cookie: googleads.g.doubleclick.netentfernt
Tracking cookie: ad3.adfarm1.adition.comentfernt
Tracking cookie: .gemoneysch.112.2o7.netentfernt
Tracking cookie: .gemoneyschmb.112.2o7.netentfernt
Tracking cookie: Nachbearbeitungentfernt
Tracking cookie: Verwaiste Elemente bereinigenentfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: Tracking Cookies
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Gering
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 51
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*30.11.2012 um 17:54:49
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Gering
Das Risiko dieser Datei ist niedrig.
Art der Bedrohung: Tracking Cookies. Ein Tracking Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Quelle: externe Medien
____________________________
Tracking Cookies
Tracking cookie: Cookie:jürg@network.realmedia.com/entfernt
Tracking cookie: Cookie:jürg@realmedia.com/entfernt
Tracking cookie: Cookie:jürg@doubleclick.net/entfernt
Tracking cookie: Cookie:jürg@zedo.com/entfernt
Tracking cookie: .ivwbox.deentfernt
Tracking cookie: .apmebf.comentfernt
Tracking cookie: .fastclick.netentfernt
Tracking cookie: .rubiconproject.comentfernt
Tracking cookie: .adbrite.comentfernt
Tracking cookie: track.adform.netentfernt
Tracking cookie: ad.yieldmanager.comentfernt
Tracking cookie: .atdmt.comentfernt
Tracking cookie: ad2.adfarm1.adition.comentfernt
Tracking cookie: .dmtracker.comentfernt
Tracking cookie: fl01.ct2.comclick.comentfernt
Tracking cookie: .revsci.netentfernt
Tracking cookie: .bubblestat.comentfernt
Tracking cookie: .smartadserver.comentfernt
Tracking cookie: .adverserve.netentfernt
Tracking cookie: .advertstream.comentfernt
Tracking cookie: .adfarm1.adition.comentfernt
Tracking cookie: .adtech.deentfernt
Tracking cookie: .c.atdmt.comentfernt
Tracking cookie: m.webtrends.comentfernt
Tracking cookie: .intellitxt.comentfernt
Tracking cookie: .casalemedia.comentfernt
Tracking cookie: .zedo.comentfernt
Tracking cookie: .mediaplex.comentfernt
Tracking cookie: www.etracker.deentfernt
Tracking cookie: .doubleclick.netentfernt
Tracking cookie: .tradedoubler.comentfernt
Tracking cookie: .247realmedia.comentfernt
Tracking cookie: .liveperson.netentfernt
Tracking cookie: sales.liveperson.netentfernt
Tracking cookie: .thomascookag.122.2o7.netentfernt
Tracking cookie: .boldchat.comentfernt
Tracking cookie: .passion.comentfernt
Tracking cookie: .medleyads.comentfernt
Tracking cookie: .quantserve.comentfernt
Tracking cookie: .care2.112.2o7.netentfernt
Tracking cookie: .tribalfusion.comentfernt
Tracking cookie: .serving-sys.comentfernt
Tracking cookie: .ad-emea.doubleclick.netentfernt
Tracking cookie: .pixel.rubiconproject.comentfernt
Tracking cookie: adfarm1.adition.comentfernt
Tracking cookie: ad3.adfarm1.adition.comentfernt
Tracking cookie: ad1.adfarm1.adition.comentfernt
Tracking cookie: ad.zanox.comentfernt
Tracking cookie: ww251.smartadserver.comentfernt
Tracking cookie: Nachbearbeitungentfernt
Tracking cookie: Verwaiste Elemente bereinigenentfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: Tracking Cookies
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Gering
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 2
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*09.10.2012 um 14:40:47
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Gering
Das Risiko dieser Datei ist niedrig.
Art der Bedrohung: Cookie. Ein Tracking Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Quelle: externe Medien
____________________________
Tracking Cookies
Tracking cookie: Cookie:jürg@doubleclick.net/entfernt
Tracking cookie: Verwaiste Elemente bereinigenentfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: Tracking Cookies
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Gering
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 7
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*08.10.2012 um 20:07:04
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Gering
Das Risiko dieser Datei ist niedrig.
Art der Bedrohung: Cookie. Ein Tracking Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Quelle: externe Medien
____________________________
Tracking Cookies
Tracking cookie: Cookie:jürg@doubleclick.net/entfernt
Tracking cookie: .adtech.deentfernt
Tracking cookie: www.etracker.deentfernt
Tracking cookie: .doubleclick.netentfernt
Tracking cookie: .serving-sys.comentfernt
Tracking cookie: Nachbearbeitungentfernt
Tracking cookie: Verwaiste Elemente bereinigenentfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: Tracking Cookies
Vollständiger Pfad: Nicht verfügbar
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Gering
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: 30
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*07.10.2012 um 12:40:28
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Gering
Das Risiko dieser Datei ist niedrig.
Art der Bedrohung: Cookie. Ein Tracking Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Quelle: externe Medien
____________________________
Tracking Cookies
Tracking cookie: Cookie:jürg@doubleclick.net/entfernt
Tracking cookie: .rakuten.112.2o7.netentfernt
Tracking cookie: ad2.adfarm1.adition.comentfernt
Tracking cookie: .adfarm1.adition.comentfernt
Tracking cookie: .ru4.comentfernt
Tracking cookie: www.etracker.deentfernt
Tracking cookie: testdata.coremetrics.comentfernt
Tracking cookie: .liveperson.netentfernt
Tracking cookie: server.lon.liveperson.netentfernt
Tracking cookie: .doubleclick.netentfernt
Tracking cookie: .rubiconproject.comentfernt
Tracking cookie: ad.yieldmanager.comentfernt
Tracking cookie: .atdmt.comentfernt
Tracking cookie: fl01.ct2.comclick.comentfernt
Tracking cookie: .burstnet.comentfernt
Tracking cookie: .casalemedia.comentfernt
Tracking cookie: .www.burstnet.comentfernt
Tracking cookie: .adbrite.comentfernt
Tracking cookie: .fastclick.netentfernt
Tracking cookie: .smartadserver.comentfernt
Tracking cookie: .adtech.deentfernt
Tracking cookie: .bubblestat.comentfernt
Tracking cookie: .pixel.rubiconproject.comentfernt
Tracking cookie: .adverserve.netentfernt
Tracking cookie: .advertstream.comentfernt
Tracking cookie: .revsci.netentfernt
Tracking cookie: ad1.adfarm1.adition.comentfernt
Tracking cookie: ww251.smartadserver.comentfernt
Tracking cookie: Nachbearbeitungentfernt
Tracking cookie: Verwaiste Elemente bereinigenentfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: applet.class
Bedrohungsname: Trojan.Maljava
Vollständiger Pfad: c:\users\jürg\appdata\local\temp\jar_cache6146246174822463234.tmp
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Hoch
Ursprung
Heruntergeladen von*Unbekannt
Aktivität
Ausgeführte Aktionen: Ausgeführte Aktionen: 1
____________________________
Auf Computern ab*Nicht verfügbar
Zuletzt verwendet*10.02.2012 um 20:02:47
Start-Element*Nein
Gestarted*Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Hoch
Das Risiko dieser Datei ist hoch.
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
Quelle: externe Medien
____________________________
Dateiaktionen
applet.class[Enthalten in] c:\users\jürg\appdata\local\temp\jar_cache6146246174822463234.tmpGelöscht
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
Dateiabdruck - MD5:
Nicht verfügbar
|
|
11.04.2013, 13:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss (die vorhandene adwcleaner.exe bitte vorher löschen und neu runterladen!!) adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.04.2013, 14:28
| #5 |
| | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Alles bestens geklappt. Hier die Logfiles: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Professional x86
Ran by Jrg on 11.04.2013 at 14:41:34.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
Successfully deleted: [File] C:\Windows\prefetch\MYBABYLONTB.EXE-DAA8D2A0.pf
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Jrg\AppData\Roaming\mozilla\firefox\profiles\xojm5ys6.default\prefs.js
user_pref("browser.search.defaultengine", "Privitize VPN");
user_pref("extensions.50c5ba10de128.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
Emptied folder: C:\Users\Jrg\AppData\Roaming\mozilla\firefox\profiles\xojm5ys6.default\minidumps [81 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 14:44:18.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 11/04/2013 um 14:49:45 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Jürg - JÜRG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jürg\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Jürg\AppData\Roaming\Mozilla\Firefox\Profiles\xojm5ys6.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Jürg\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12015 octets] - [07/04/2013 18:25:03]
AdwCleaner[S2].txt - [9880 octets] - [07/04/2013 18:54:25]
AdwCleaner[S3].txt - [1483 octets] - [07/04/2013 20:00:45]
AdwCleaner[S4].txt - [1076 octets] - [11/04/2013 14:49:45]
########## EOF - C:\AdwCleaner[S4].txt - [1136 octets] ##########
Code:
ATTFilter OTL logfile created on: 11.04.2013 15:30:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jürg\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.76% Memory free
4.00 Gb Paging File | 2.74 Gb Available in Paging File | 68.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 66.68 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive K: | 931.28 Gb Total Space | 357.95 Gb Free Space | 38.44% Space Free | Partition Type: FAT32
Computer Name: JÜRG-PC | User Name: Jürg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jürg\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Windows\System32\wininetd.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Users\Jürg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
========== Services (SafeList) ==========
SRV - (Fun4IM Coordinator) -- C:\PROGRA~1\Fun4IM\Bandoo.exe File not found
SRV - (aqpidcertstorecheck) -- C:\Windows\System32\wininetd.exe ()
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1403000.024\symds.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130410.022\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130410.022\NAVENG.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1403000.024\ironx86.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1403000.024\ccsetx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130410.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{218A9694-4774-4621-A09F-68719BA30A8F}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=402&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 35 F8 EA 13 9D CB 01 [binary data]
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\..\SearchScopes\{218A9694-4774-4621-A09F-68719BA30A8F}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=402&q={searchTerms}
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}: "URL" = hxxp://search.privitize.com/?aff=7&q={searchTerms}
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ch"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.11 14:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.10.29 13:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.19 14:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.19 14:55:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.19 14:55:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.19 14:55:39 | 000,000,000 | ---D | M]
[2012.01.23 20:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürg\AppData\Roaming\mozilla\Extensions
[2013.04.07 20:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürg\AppData\Roaming\mozilla\Firefox\Profiles\xojm5ys6.default\extensions
[2013.04.07 18:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.19 14:55:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.07 18:49:51 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.07 18:49:51 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.07 18:49:51 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.07 18:49:51 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.07 18:37:31 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.07 18:49:51 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Jürg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpinghmeehgjadadgndmibaiognimil\3.2_0\
CHR - Extension: No name found = C:\Users\Jürg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
O1 HOSTS File: ([2013.04.07 20:30:58 | 000,098,094 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 00aaf101a7.gougava.asia # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 1a2e115593.efacen.pro # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 1f1.fr # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 4672ee0bc8.laibritec.waw.pl # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 4990usd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 4xp.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 74.80.131.123 # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 78031d2298.tradorad.waw.pl # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 80323fcc6e.starsogor.waw.pl # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 8e47c22037.temavi.pro # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 96910cbcd4.nicero.pro # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 96fb625592.tysofque.waw.pl:82 # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 98eu.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ack.cdnperformance.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 acking.conversionads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 1696 more lines...
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4044689728-101358719-3782500957-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKU\S-1-5-21-4044689728-101358719-3782500957-1001..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-4044689728-101358719-3782500957-1001..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4044689728-101358719-3782500957-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jürg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jürg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13DC806D-2935-47A3-AC7B-5CD6E7CC1D00}: DhcpNameServer = 138.188.101.186 138.188.101.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A92066-8CF2-4E77-947E-3D5B0FCA923B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.11 15:11:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jürg\Desktop\OTL.com
[2013.04.11 14:41:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.11 14:41:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.11 14:40:35 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jürg\Desktop\JRT.exe
[2013.04.10 13:05:06 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 13:05:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 13:05:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 13:05:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 13:05:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 13:04:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 13:04:53 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 13:04:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 13:04:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 13:04:52 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 13:04:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.07 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013.04.07 19:57:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jürg\Desktop\dds.scr
[2013.04.07 18:57:31 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Jürg\Desktop\TFC.exe
[2013.04.07 18:49:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.04.07 18:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jürg\AppData\Roaming\Opera
[2013.04.07 18:32:49 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.04.07 18:32:47 | 000,000,000 | ---D | C] -- C:\Users\Jürg\AppData\Local\Programs
[2013.04.02 17:36:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.04.02 17:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.19 14:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.19 13:59:04 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.19 13:58:22 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.23 13:11:56 | 046,708,800 | ---- | C] (Information Factory AG) -- C:\Users\Jürg\ptw12.exe
========== Files - Modified Within 30 Days ==========
[2013.04.11 15:12:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.11 15:11:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jürg\Desktop\OTL.com
[2013.04.11 14:59:09 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 14:59:09 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 14:51:55 | 000,001,934 | ---- | M] () -- C:\Users\Jürg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
[2013.04.11 14:51:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.11 14:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 14:51:20 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 14:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 14:47:41 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.11 14:47:41 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.11 14:47:41 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.11 14:47:41 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.11 14:46:14 | 000,613,083 | ---- | M] () -- C:\Users\Jürg\Desktop\adwcleaner.exe
[2013.04.11 14:40:39 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jürg\Desktop\JRT.exe
[2013.04.11 13:58:03 | 022,523,077 | ---- | M] () -- C:\Users\Jürg\Desktop\Behobene Sicherheitsrisiken.mcf
[2013.04.11 11:59:17 | 000,410,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.11 11:57:27 | 001,907,417 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.04.07 20:30:58 | 000,098,094 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.07 19:57:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jürg\Desktop\dds.scr
[2013.04.07 18:57:33 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Jürg\Desktop\TFC.exe
[2013.04.07 18:49:11 | 000,001,657 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.07 18:37:36 | 000,068,608 | ---- | M] () -- C:\Windows\System32\wininetd.exe
[2013.04.07 18:25:18 | 000,000,091 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.03 12:45:10 | 000,001,047 | ---- | M] () -- C:\Users\Jürg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.03 12:44:43 | 000,001,013 | ---- | M] () -- C:\Users\Jürg\Desktop\Dropbox.lnk
[2013.04.02 17:17:51 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.19 14:50:52 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.19 14:50:52 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.19 13:58:15 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.19 13:58:14 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.19 13:58:14 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.19 13:58:14 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.19 13:58:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.19 13:58:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.19 13:43:58 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk
[2013.03.19 13:42:21 | 046,708,800 | ---- | M] (Information Factory AG) -- C:\Users\Jürg\ptw12.exe
[2013.03.19 13:34:22 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\VT20130115.021
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
========== Files Created - No Company Name ==========
[2013.04.11 14:46:08 | 000,613,083 | ---- | C] () -- C:\Users\Jürg\Desktop\adwcleaner.exe
[2013.04.11 13:57:54 | 022,523,077 | ---- | C] () -- C:\Users\Jürg\Desktop\Behobene Sicherheitsrisiken.mcf
[2013.04.07 18:37:36 | 000,068,608 | ---- | C] () -- C:\Windows\System32\wininetd.exe
[2013.04.07 18:34:14 | 000,001,657 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.07 18:32:49 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.04.07 18:25:12 | 000,000,091 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.02 17:17:50 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.02.11 13:09:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.01.06 19:22:15 | 000,007,605 | ---- | C] () -- C:\Users\Jürg\AppData\Local\Resmon.ResmonCfg
[2011.10.22 10:57:10 | 000,013,022 | ---- | C] () -- C:\Users\Jürg\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2011.09.01 12:11:27 | 000,000,020 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.05.27 20:39:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.20 11:15:08 | 000,001,940 | ---- | C] () -- C:\Users\Jürg\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.05.12 18:28:34 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.02.14 14:06:54 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\.jfwupdate
[2011.01.20 13:18:44 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\.Kanton ZH
[2012.10.21 12:11:53 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Canon
[2013.04.11 14:52:08 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Dropbox
[2011.02.14 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\FileZilla
[2012.12.10 21:31:42 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\FrostWire
[2011.01.30 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\GARMIN
[2012.05.13 11:53:45 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\GHISLER
[2012.01.17 11:06:38 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Information Factory
[2010.05.18 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Leadertech
[2011.09.01 13:56:19 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Notepad++
[2010.10.12 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Open XML Editor
[2013.04.07 18:37:31 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Opera
[2011.09.01 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Reviversoft
[2010.06.12 17:53:17 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\Tobit
[2013.04.07 18:19:30 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\uTorrent
[2011.01.30 19:46:22 | 000,000,000 | ---D | M] -- C:\Users\Jürg\AppData\Roaming\WhiteSmoke
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\Windows:F019D8AC9F11845A
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 11.04.2013 15:30:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jürg\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.76% Memory free
4.00 Gb Paging File | 2.74 Gb Available in Paging File | 68.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 66.68 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive K: | 931.28 Gb Total Space | 357.95 Gb Free Space | 38.44% Space Free | Partition Type: FAT32
Computer Name: JÜRG-PC | User Name: Jürg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4044689728-101358719-3782500957-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Migros Photo Service] -- "C:\Program Files\Migros\Migros Photo Service\Migros Photo Service.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{198B0A19-3661-45D7-BDB3-6A095C77460E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30E3DAFB-24EA-48A2-B28B-EC868F15CE36}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{433DCAF8-11A2-41A5-A9EC-BED394F06CA4}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B218997-FFAA-4AD1-9232-54A84688F1FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{50A096FD-5D55-4CFF-88DD-ED0A97095903}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{524A7209-5DD9-4BA3-A18E-FDD8224BBC5A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FE6A8C7-3FA2-4895-8277-E585FE41C7B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AAE3881-4B92-45A0-8A95-11D5186618B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{73D51E76-8858-4ACF-A0A2-6BF97213F09F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76F1DFB4-C69B-45D8-A7E9-AEA18EFC2DC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BD4F9E9-B3B6-4112-BD31-A2CFE8522FA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{8A0694CD-7ED8-4E85-B903-C6425B71273F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F4FCAE6-F485-41A4-BED9-0433CD3A4361}" = rport=10243 | protocol=6 | dir=out | app=system |
"{96681B10-2416-4BC2-89C5-C7990E0A836C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96F8183B-B9A7-407D-AE0B-BA7BB65A1E52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F9BDA38-B5E4-481D-8F48-5E6327D0B4DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0B5B161-88D9-4A7F-8C53-B596CBD20B7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4A38A58-6352-4EB1-8D38-9686DA6299D7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B674AD9C-C57D-4C95-A924-AB98809A2F51}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BEDE554C-DEE0-48A7-910D-0A2509876FAD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C2BB1FAE-E1DF-4190-A7E2-720D64E7C693}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBAA5B3D-B0C1-45DE-A775-3CA9C07251A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDFB1BF4-7A16-4488-B612-F29372F3E843}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEFAF233-05EF-4A96-8E09-A32F85CBEA7D}" = rport=137 | protocol=17 | dir=out | app=system |
"{D2F26225-73AF-47C7-9AA2-BAC991966FA7}" = lport=138 | protocol=17 | dir=in | app=system |
"{D4D121B7-4479-417B-9B67-AA0197B4B4D8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D618CEED-65CF-4258-821C-C0CEDF6A862F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D9394975-12BE-4C65-8770-9F5C97D65EBC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4C546EE-0CB2-4883-B37E-62F0D843C59A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F26DAA66-232F-4A26-AF74-4ED04F32C2E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA61532E-603B-4937-BB93-0AC64F98E543}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA8D704A-AB69-46BC-98CD-E396B6CDF472}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065E23D4-A7B0-4A45-9B8A-C490A76EB9AA}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{0B06444D-96EA-4CFB-83A3-9F83664AD919}" = protocol=6 | dir=in | app=j:\tobit radio.fx\client\rfx-client.exe |
"{0CB3F3C4-59B4-415E-B911-EEB0416EC990}" = protocol=17 | dir=in | app=c:\users\jürg\appdata\roaming\dropbox\bin\dropbox.exe |
"{1E8CF43F-04DF-4482-AC7C-7855B1B2050F}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{22F8BEB1-2D42-4F7E-B089-B4E28A3B0898}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26A652AE-8A1F-40E1-BBF9-B830C5CC336C}" = protocol=17 | dir=in | app=j:\tobit radio.fx\client\rfx-client.exe |
"{273D5EA5-A484-4DF6-9F34-72FFE80ACA52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42247B2F-28F3-4145-B340-2C0258757293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42382D14-CBC8-4E06-A032-7157CE0E06D5}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{4B6FD1E4-7FD3-4B01-B8AA-8BFAE8C13CFA}" = protocol=6 | dir=in | app=j:\tobit radio.fx\server\rfx-server.exe |
"{4BE8D8AE-C75F-4CCC-B35F-597A55F648BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5043FB65-2255-468D-B1CB-3BDAFC47B13B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59CBAC52-4F16-4034-A950-6E9E9CB44478}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{65D7E0B9-259E-482F-AA8B-1BB5D15AAA9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65E5D526-0150-42A2-8013-7DDE3638350D}" = protocol=17 | dir=in | app=j:\tobit radio.fx\server\rfx-server.exe |
"{700D570E-64CD-40B5-BA9D-FC2171CBF6F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A8FFEF2-0BAD-419D-B55E-0D04C7A5DEFB}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{7E2003EE-08D2-445E-924F-74C8F042558A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E28D2EB-8D5B-4AFC-80F2-C08E7BAECABA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{86FA234E-C312-40E5-B8DA-40FDF0E8558A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{88466C73-9D62-4C0D-9201-F0D7C77D2314}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{8A51EA93-1DB3-4FF9-8CB4-EE38E8A665DA}" = protocol=6 | dir=out | app=system |
"{911E9470-CD6F-4F7A-A3DD-589FA2D77569}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9ABA7E15-7729-43A4-AD51-C057C9A031E2}" = protocol=6 | dir=in | app=c:\users\jürg\appdata\roaming\dropbox\bin\dropbox.exe |
"{AFDF0F77-8C7C-4D24-82AA-F19FBE30F261}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B595487F-08E9-46A4-8116-FD44CE46C682}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5C69228-D2CC-4F7B-A27A-46E9982630DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BBA43907-3EDC-491A-8E17-D80675E4CE81}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDC78C40-3D57-454B-A2E8-307AC7E82670}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAE89C6E-3BB5-45DF-9F13-818495C3B39A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DAE96A38-E6B8-4D66-BEBD-71A4543D2A83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2AB03CD-050C-4D53-A28B-545EEB347DCE}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{EC1AC350-60D8-4F7C-B45F-E493753B3EC7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ED5D4294-8982-4C72-875B-C0C2E56C8C12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA980E5D-3A35-4A4C-8B56-A2C4A66CED79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A6F6041-013B-4C45-861E-3E2BA6C894B8}" = Studie zur Verbesserung von HP Officejet Pro 8600 Produkten
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Open XML Editor
"{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Hilfe
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"1492-3330-4054-6911" = eTax.schwyz 2011 nP 10.0.5
"4095-7861-2728-4611" = Private Tax 2011 1.2
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"6753-7911-9438-6061" = Private Tax 2012 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DPP" = Canon Utilities Digital Photo Professional 3.10
"FileZilla Client" = FileZilla Client 3.3.5.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Migros Photo Service" = Migros Photo Service
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NP_GL_2011" = GlaroTax 2011 11.3.19
"Open XML Editor" = Open XML Editor
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"POIbase_is1" = POIbase 1.027
"Private Tax 2010" = Private Tax 2010
"PROPLUSR" = Microsoft Office Professional Plus 2007
"VLC media player" = VLC media player 1.1.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4044689728-101358719-3782500957-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 31.03.2010 10:25:38 | Computer Name = Jürg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.09.2012 11:37:10 | Computer Name = Jürg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.04.2013 08:48:14 | Computer Name = Jürg-PC | Source = DCOM | ID = 10010
Description =
Error - 11.04.2013 08:51:29 | Computer Name = Jürg-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 11.04.2013 08:51:29 | Computer Name = Jürg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.04.2013 08:51:35 | Computer Name = Jürg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Fun4IM Coordinator" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
Geändert von Bluepoint (11.04.2013 um 14:37 Uhr) |
|
11.04.2013, 14:58
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." !Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ --> Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! |
|
11.04.2013, 17:09
| #7 |
| | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Nein, der Rechner steht bei mir zu Hause. Ich arbeite in einem Univesitätsspital und wir konnten mal günstig Windows und Office erwerben für den Heimgebrauch. Das war ganz offiziell. Es hies, da das Spital auch einen Lehrauftrag hat, könnten wir das beziehen. Warum, ist das das Problem? Bis jetzt hatte ich ja auch noch nie Probleme? |
|
12.04.2013, 12:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Ich hab doch die Frage erwähnt, ob es ein gewebrlich genutzter Rechner ist. Und davon könnte man ausgehen wenn man Professional-Editionen sieht Falls hier nämlich Logs von gewerblich genutzten Rechner (Büro-PCs) stehen, müssen besondere Hinweise gepostet werden Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2013, 13:58
| #9 |
| | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Beim Scan von GMER erschienen 5 Fenster mit der Information: kfns9r36.exe kein Datenträger Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk\Device\Harddisk2\DR2 ein. Die Meldung wiederholte sich jeweils mit dem Verweis auf die Harddisk3, 1, 4 ,5, resp. DR3, 1, 4, 5. Die Fenster konnten aber jeweils mit Weiter geschlossen werden. Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 14:30:00
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD161GJ rev.1AC01118 149.05GB
Running: kfns9r36.exe; Driver: C:\Users\JRG~1\AppData\Local\Temp\kxldypod.sys
---- System - GMER 2.1 ----
SSDT 85DD1D68 ZwAlertResumeThread
SSDT 85DD1E48 ZwAlertThread
SSDT 86058F38 ZwAllocateVirtualMemory
SSDT 85E8C738 ZwAlpcConnectPort
SSDT 85DD1510 ZwAssignProcessToJobObject
SSDT 85DD1AB8 ZwCreateMutant
SSDT 85DD1230 ZwCreateSymbolicLinkObject
SSDT 85DD01F8 ZwCreateThread
SSDT 85DD1320 ZwCreateThreadEx
SSDT 85DD15F0 ZwDebugActiveProcess
SSDT 85DCE8C8 ZwDuplicateObject
SSDT 86058CF0 ZwFreeVirtualMemory
SSDT 85DD1BA8 ZwImpersonateAnonymousToken
SSDT 85DD1C88 ZwImpersonateThread
SSDT 85E68E00 ZwLoadDriver
SSDT 86058BF0 ZwMapViewOfSection
SSDT 85DD19D8 ZwOpenEvent
SSDT 85DCEFC0 ZwOpenProcess
SSDT 85DCE7E8 ZwOpenProcessToken
SSDT 85DD1818 ZwOpenSection
SSDT 85DCEEF0 ZwOpenThread
SSDT 85DD1420 ZwProtectVirtualMemory
SSDT 85DD1F28 ZwResumeThread
SSDT 86058940 ZwSetContextThread
SSDT 86058A20 ZwSetInformationProcess
SSDT 85DD16D0 ZwSetSystemInformation
SSDT 85DD18F8 ZwSuspendProcess
SSDT 860587C0 ZwSuspendThread
SSDT 85DD02F8 ZwTerminateProcess
SSDT 86058860 ZwTerminateThread
SSDT 86058B10 ZwUnmapViewOfSection
SSDT 86058DE0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 82C4F9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C6F4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 13A3 82C76778 8 Bytes [68, 1D, DD, 85, 48, 1E, DD, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C76790 4 Bytes [38, 8F, 05, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 82C7679C 4 Bytes [38, C7, E8, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 141B 82C767F0 4 Bytes [10, 15, DD, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 82C7686C 4 Bytes [B8, 1A, DD, 85]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9A021000, 0x2D5378, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Nero\Update\NASvc.exe[748] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\Nero\Update\NASvc.exe[748] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00200930
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00100930
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1648] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1648] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930
.text C:\Windows\system32\wininetd.exe[1692] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Windows\system32\wininetd.exe[1692] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 002E0AF4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1724] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1724] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 000F0930
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1804] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 001F004C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1804] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00210930
.text C:\Users\Jürg\Desktop\kfns9r36.exe[2456] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Users\Jürg\Desktop\kfns9r36.exe[2456] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00180930
.text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[2728] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0030004C
.text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[2728] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00320AF4
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2900] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2900] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930
.text C:\Program Files\iTunes\iTunesHelper.exe[2928] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\iTunes\iTunesHelper.exe[2928] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00080930
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2948] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0018004C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2948] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001A0930
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[2976] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[2976] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 000F0930
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[2996] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[2996] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 000F0AF4
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3028] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0034004C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3028] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00360930
.text C:\Users\Jürg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3060] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Users\Jürg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3060] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0048
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3424] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3424] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930
.text C:\Program Files\iPod\bin\iPodService.exe[3632] ntdll.dll!NtTerminateThread 776868D8 5 Bytes JMP 0002004C
.text C:\Program Files\iPod\bin\iPodService.exe[3632] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D0E11BA2-3C2E-11DF-970D-806E6F6E6963} 3132141712
---- EOF - GMER 2.1 ----
Logfile: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.12.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Jürg :: JÜRG-PC [administrator]
12.04.2013 14:46:46
mbar-log-2013-04-12 (14-46-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28875
Time elapsed: 6 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
12.04.2013, 16:23
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2013, 19:34
| #11 |
| | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Hier die Logfiles: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-12 20:08:28
-----------------------------
20:08:28.574 OS Version: Windows 6.1.7601 Service Pack 1
20:08:28.574 Number of processors: 2 586 0x170A
20:08:28.574 ComputerName: JÜRG-PC UserName: Jürg
20:08:31.497 Initialize success
20:10:05.901 AVAST engine defs: 13041200
20:10:25.088 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:10:25.088 Disk 0 Vendor: SAMSUNG_HD161GJ 1AC01118 Size: 152626MB BusType: 3
20:10:25.307 Disk 0 MBR read successfully
20:10:25.307 Disk 0 MBR scan
20:10:25.307 Disk 0 Windows 7 default MBR code
20:10:25.323 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152624 MB offset 2048
20:10:25.323 Disk 0 scanning sectors +312576000
20:10:25.370 Disk 0 scanning C:\Windows\system32\drivers
20:10:34.921 Service scanning
20:10:36.814 Service aqpidcertstorecheck C:\Windows\system32\wininetd.exe **INFECTED** Win32:Agent-AQRH [Trj]
20:10:55.844 Modules scanning
20:11:03.481 Disk 0 trace - called modules:
20:11:03.497 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:11:03.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a63030]
20:11:03.497 3 CLASSPNP.SYS[89f7359e] -> nt!IofCallDriver -> [0x859a8918]
20:11:03.497 5 ACPI.sys[896263d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85982030]
20:11:04.154 AVAST engine scan C:\Windows
20:11:05.905 AVAST engine scan C:\Windows\system32
20:12:29.293 File: C:\Windows\system32\wininetd.exe **INFECTED** Win32:Agent-AQRH [Trj]
20:13:13.468 AVAST engine scan C:\Windows\system32\drivers
20:13:24.735 AVAST engine scan C:\Users\Jürg
20:21:29.594 AVAST engine scan C:\ProgramData
20:23:06.660 Scan finished successfully
20:23:33.191 Disk 0 MBR has been saved successfully to "C:\Users\Jürg\Desktop\MBR.dat"
20:23:33.191 The log file has been saved successfully to "C:\Users\Jürg\Desktop\aswMBR.txt"
Code:
ATTFilter 20:30:09.0213 6624 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:30:11.0247 6624 ============================================================
20:30:11.0247 6624 Current date / time: 2013/04/12 20:30:11.0247
20:30:11.0247 6624 SystemInfo:
20:30:11.0247 6624
20:30:11.0247 6624 OS Version: 6.1.7601 ServicePack: 1.0
20:30:11.0247 6624 Product type: Workstation
20:30:11.0247 6624 ComputerName: JÜRG-PC
20:30:11.0247 6624 UserName: Jürg
20:30:11.0247 6624 Windows directory: C:\Windows
20:30:11.0247 6624 System windows directory: C:\Windows
20:30:11.0247 6624 Processor architecture: Intel x86
20:30:11.0247 6624 Number of processors: 2
20:30:11.0247 6624 Page size: 0x1000
20:30:11.0247 6624 Boot type: Normal boot
20:30:11.0247 6624 ============================================================
20:30:13.0702 6624 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:30:13.0749 6624 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:30:13.0780 6624 ============================================================
20:30:13.0780 6624 \Device\Harddisk0\DR0:
20:30:13.0780 6624 MBR partitions:
20:30:13.0780 6624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18000
20:30:13.0780 6624 \Device\Harddisk2\DR2:
20:30:13.0780 6624 MBR partitions:
20:30:13.0780 6624 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
20:30:13.0780 6624 ============================================================
20:30:13.0811 6624 C: <-> \Device\Harddisk0\DR0\Partition1
20:30:13.0811 6624 K: <-> \Device\Harddisk2\DR2\Partition1
20:30:13.0811 6624 ============================================================
20:30:13.0811 6624 Initialize success
20:30:13.0811 6624 ============================================================
20:30:40.0941 5904 ============================================================
20:30:40.0941 5904 Scan started
20:30:40.0941 5904 Mode: Manual; SigCheck; TDLFS;
20:30:40.0941 5904 ============================================================
20:30:41.0457 5904 ================ Scan system memory ========================
20:30:41.0457 5904 System memory - ok
20:30:41.0457 5904 ================ Scan services =============================
20:30:41.0582 5904 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:30:41.0771 5904 1394ohci - ok
20:30:41.0849 5904 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:30:41.0896 5904 ACPI - ok
20:30:41.0943 5904 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:30:42.0162 5904 AcpiPmi - ok
20:30:42.0365 5904 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:30:42.0380 5904 AdobeARMservice - ok
20:30:42.0521 5904 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:42.0568 5904 AdobeFlashPlayerUpdateSvc - ok
20:30:42.0677 5904 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:30:42.0743 5904 adp94xx - ok
20:30:42.0821 5904 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:30:42.0852 5904 adpahci - ok
20:30:42.0946 5904 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:30:42.0977 5904 adpu320 - ok
20:30:43.0071 5904 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:30:43.0180 5904 AeLookupSvc - ok
20:30:43.0336 5904 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:30:43.0415 5904 AFD - ok
20:30:43.0477 5904 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:30:43.0508 5904 agp440 - ok
20:30:43.0633 5904 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:30:43.0665 5904 aic78xx - ok
20:30:43.0805 5904 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:30:43.0930 5904 ALG - ok
20:30:44.0024 5904 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:30:44.0040 5904 aliide - ok
20:30:44.0133 5904 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:30:44.0274 5904 AMD External Events Utility - ok
20:30:44.0336 5904 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:30:44.0399 5904 amdagp - ok
20:30:44.0430 5904 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:30:44.0446 5904 amdide - ok
20:30:44.0540 5904 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:30:44.0633 5904 AmdK8 - ok
20:30:44.0711 5904 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:30:44.0774 5904 AmdPPM - ok
20:30:44.0852 5904 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:30:44.0899 5904 amdsata - ok
20:30:44.0993 5904 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:30:45.0086 5904 amdsbs - ok
20:30:45.0133 5904 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:30:45.0149 5904 amdxata - ok
20:30:45.0211 5904 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:30:45.0258 5904 AppID - ok
20:30:45.0336 5904 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:30:45.0461 5904 AppIDSvc - ok
20:30:45.0571 5904 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:30:45.0633 5904 Appinfo - ok
20:30:45.0852 5904 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:30:45.0899 5904 Apple Mobile Device - ok
20:30:46.0008 5904 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:30:46.0102 5904 AppMgmt - ok
20:30:46.0243 5904 [ 57E8A1A014E77CD75F9D27D5022EEFE7 ] aqpidcertstorecheck C:\Windows\system32\wininetd.exe
20:30:46.0336 5904 aqpidcertstorecheck ( UnsignedFile.Multi.Generic ) - warning
20:30:46.0336 5904 aqpidcertstorecheck - detected UnsignedFile.Multi.Generic (1)
20:30:46.0415 5904 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:30:46.0461 5904 arc - ok
20:30:46.0493 5904 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:30:46.0540 5904 arcsas - ok
20:30:46.0586 5904 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:46.0665 5904 AsyncMac - ok
20:30:46.0696 5904 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:30:46.0711 5904 atapi - ok
20:30:46.0805 5904 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:30:46.0899 5904 atikmdag - ok
20:30:46.0946 5904 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:30:46.0993 5904 AudioEndpointBuilder - ok
20:30:47.0024 5904 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:30:47.0040 5904 Audiosrv - ok
20:30:47.0086 5904 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:30:47.0118 5904 AxInstSV - ok
20:30:47.0165 5904 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:30:47.0180 5904 b06bdrv - ok
20:30:47.0227 5904 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:30:47.0243 5904 b57nd60x - ok
20:30:47.0274 5904 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:30:47.0321 5904 BDESVC - ok
20:30:47.0321 5904 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:30:47.0352 5904 Beep - ok
20:30:47.0399 5904 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:30:47.0430 5904 BFE - ok
20:30:47.0618 5904 [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
20:30:47.0633 5904 BHDrvx86 - ok
20:30:47.0680 5904 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:30:47.0727 5904 BITS - ok
20:30:47.0758 5904 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:30:47.0774 5904 blbdrive - ok
20:30:47.0836 5904 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:30:47.0852 5904 Bonjour Service - ok
20:30:47.0899 5904 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:30:47.0930 5904 bowser - ok
20:30:47.0946 5904 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:30:48.0024 5904 BrFiltLo - ok
20:30:48.0055 5904 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:30:48.0102 5904 BrFiltUp - ok
20:30:48.0133 5904 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:30:48.0165 5904 Browser - ok
20:30:48.0196 5904 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:30:48.0227 5904 Brserid - ok
20:30:48.0243 5904 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:30:48.0258 5904 BrSerWdm - ok
20:30:48.0274 5904 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:30:48.0290 5904 BrUsbMdm - ok
20:30:48.0305 5904 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:30:48.0336 5904 BrUsbSer - ok
20:30:48.0352 5904 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:30:48.0383 5904 BTHMODEM - ok
20:30:48.0415 5904 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:30:48.0430 5904 bthserv - ok
20:30:48.0493 5904 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
20:30:48.0493 5904 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
20:30:48.0493 5904 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
20:30:48.0586 5904 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NIS C:\Windows\system32\drivers\NIS\1403000.024\ccSetx86.sys
20:30:48.0602 5904 ccSet_NIS - ok
20:30:48.0649 5904 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:30:48.0680 5904 cdfs - ok
20:30:48.0727 5904 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:30:48.0758 5904 cdrom - ok
20:30:48.0790 5904 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:30:48.0821 5904 CertPropSvc - ok
20:30:48.0852 5904 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:30:48.0852 5904 circlass - ok
20:30:48.0883 5904 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:30:48.0883 5904 CLFS - ok
20:30:48.0946 5904 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:48.0961 5904 clr_optimization_v2.0.50727_32 - ok
20:30:49.0055 5904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:49.0071 5904 clr_optimization_v4.0.30319_32 - ok
20:30:49.0071 5904 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:30:49.0086 5904 CmBatt - ok
20:30:49.0118 5904 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:30:49.0133 5904 cmdide - ok
20:30:49.0180 5904 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:30:49.0196 5904 CNG - ok
20:30:49.0211 5904 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:30:49.0211 5904 Compbatt - ok
20:30:49.0258 5904 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:30:49.0290 5904 CompositeBus - ok
20:30:49.0305 5904 COMSysApp - ok
20:30:49.0321 5904 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:30:49.0336 5904 crcdisk - ok
20:30:49.0383 5904 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:30:49.0415 5904 CryptSvc - ok
20:30:49.0446 5904 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:30:49.0477 5904 CSC - ok
20:30:49.0508 5904 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:30:49.0540 5904 CscService - ok
20:30:49.0555 5904 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:30:49.0586 5904 DcomLaunch - ok
20:30:49.0618 5904 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:30:49.0649 5904 defragsvc - ok
20:30:49.0680 5904 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:30:49.0727 5904 DfsC - ok
20:30:49.0790 5904 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:30:49.0821 5904 Dhcp - ok
20:30:49.0852 5904 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:30:49.0883 5904 discache - ok
20:30:49.0899 5904 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:30:49.0915 5904 Disk - ok
20:30:49.0946 5904 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:30:49.0977 5904 Dnscache - ok
20:30:50.0024 5904 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:30:50.0071 5904 dot3svc - ok
20:30:50.0102 5904 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:30:50.0133 5904 DPS - ok
20:30:50.0180 5904 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:30:50.0196 5904 drmkaud - ok
20:30:50.0243 5904 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:30:50.0258 5904 DXGKrnl - ok
20:30:50.0290 5904 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:30:50.0305 5904 EapHost - ok
20:30:50.0399 5904 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:30:50.0446 5904 ebdrv - ok
20:30:50.0524 5904 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:30:50.0540 5904 eeCtrl - ok
20:30:50.0571 5904 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:30:50.0618 5904 EFS - ok
20:30:50.0665 5904 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:30:50.0711 5904 ehRecvr - ok
20:30:50.0758 5904 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:30:50.0790 5904 ehSched - ok
20:30:50.0836 5904 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:30:50.0852 5904 elxstor - ok
20:30:50.0899 5904 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:30:50.0915 5904 EraserUtilRebootDrv - ok
20:30:50.0946 5904 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:30:50.0961 5904 ErrDev - ok
20:30:51.0040 5904 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:30:51.0071 5904 EventSystem - ok
20:30:51.0086 5904 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:30:51.0133 5904 exfat - ok
20:30:51.0149 5904 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:30:51.0165 5904 fastfat - ok
20:30:51.0227 5904 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:30:51.0258 5904 Fax - ok
20:30:51.0274 5904 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:30:51.0290 5904 fdc - ok
20:30:51.0305 5904 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:30:51.0352 5904 fdPHost - ok
20:30:51.0368 5904 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:30:51.0399 5904 FDResPub - ok
20:30:51.0415 5904 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:30:51.0430 5904 FileInfo - ok
20:30:51.0446 5904 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:30:51.0477 5904 Filetrace - ok
20:30:51.0493 5904 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:30:51.0524 5904 flpydisk - ok
20:30:51.0540 5904 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:30:51.0540 5904 FltMgr - ok
20:30:51.0602 5904 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
20:30:51.0649 5904 FontCache - ok
20:30:51.0680 5904 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:30:51.0696 5904 FontCache3.0.0.0 - ok
20:30:51.0696 5904 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:30:51.0711 5904 FsDepends - ok
20:30:51.0743 5904 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:30:51.0758 5904 Fs_Rec - ok
20:30:51.0758 5904 Fun4IM Coordinator - ok
20:30:51.0805 5904 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:30:51.0821 5904 fvevol - ok
20:30:51.0836 5904 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:30:51.0852 5904 gagp30kx - ok
20:30:51.0883 5904 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:30:51.0899 5904 GEARAspiWDM - ok
20:30:51.0946 5904 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:30:51.0977 5904 gpsvc - ok
20:30:52.0118 5904 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:52.0118 5904 gupdate - ok
20:30:52.0133 5904 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:52.0133 5904 gupdatem - ok
20:30:52.0149 5904 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:30:52.0180 5904 hcw85cir - ok
20:30:52.0227 5904 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:30:52.0258 5904 HdAudAddService - ok
20:30:52.0274 5904 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:30:52.0305 5904 HDAudBus - ok
20:30:52.0321 5904 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:30:52.0368 5904 HidBatt - ok
20:30:52.0383 5904 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:30:52.0399 5904 HidBth - ok
20:30:52.0430 5904 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:30:52.0446 5904 HidIr - ok
20:30:52.0477 5904 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:30:52.0493 5904 hidserv - ok
20:30:52.0540 5904 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:30:52.0555 5904 HidUsb - ok
20:30:52.0586 5904 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:30:52.0618 5904 hkmsvc - ok
20:30:52.0665 5904 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:30:52.0696 5904 HomeGroupListener - ok
20:30:52.0743 5904 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:30:52.0758 5904 HomeGroupProvider - ok
20:30:52.0791 5904 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:30:52.0791 5904 HpSAMD - ok
20:30:52.0837 5904 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:30:52.0869 5904 HTTP - ok
20:30:52.0900 5904 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:30:52.0916 5904 hwpolicy - ok
20:30:52.0962 5904 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:30:52.0978 5904 i8042prt - ok
20:30:53.0025 5904 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:30:53.0041 5904 iaStorV - ok
20:30:53.0103 5904 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:30:53.0119 5904 idsvc - ok
20:30:53.0212 5904 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130411.001\IDSvix86.sys
20:30:53.0228 5904 IDSVix86 - ok
20:30:53.0259 5904 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:30:53.0275 5904 iirsp - ok
20:30:53.0322 5904 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:30:53.0369 5904 IKEEXT - ok
20:30:53.0369 5904 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:30:53.0384 5904 intelide - ok
20:30:53.0400 5904 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:30:53.0431 5904 intelppm - ok
20:30:53.0447 5904 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:30:53.0478 5904 IPBusEnum - ok
20:30:53.0494 5904 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:30:53.0525 5904 IpFilterDriver - ok
20:30:53.0572 5904 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:30:53.0603 5904 iphlpsvc - ok
20:30:53.0634 5904 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:30:53.0650 5904 IPMIDRV - ok
20:30:53.0666 5904 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:30:53.0697 5904 IPNAT - ok
20:30:53.0759 5904 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:30:53.0775 5904 iPod Service - ok
20:30:53.0807 5904 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:30:53.0838 5904 IRENUM - ok
20:30:53.0854 5904 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:30:53.0870 5904 isapnp - ok
20:30:53.0901 5904 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:30:53.0916 5904 iScsiPrt - ok
20:30:53.0932 5904 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:30:53.0948 5904 kbdclass - ok
20:30:54.0026 5904 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:30:54.0041 5904 kbdhid - ok
20:30:54.0041 5904 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:30:54.0057 5904 KeyIso - ok
20:30:54.0104 5904 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:30:54.0104 5904 KSecDD - ok
20:30:54.0135 5904 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:30:54.0151 5904 KSecPkg - ok
20:30:54.0245 5904 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:30:54.0276 5904 KtmRm - ok
20:30:54.0323 5904 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:30:54.0416 5904 LanmanServer - ok
20:30:54.0448 5904 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:30:54.0526 5904 LanmanWorkstation - ok
20:30:54.0745 5904 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:30:54.0776 5904 LBTServ - ok
20:30:54.0824 5904 [ 70035567754BED4E6AD353CA3F175127 ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
20:30:54.0839 5904 LEqdUsb - ok
20:30:54.0839 5904 [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
20:30:54.0855 5904 LHidEqd - ok
20:30:54.0886 5904 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:30:54.0886 5904 LHidFilt - ok
20:30:54.0996 5904 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:30:55.0011 5904 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:30:55.0011 5904 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:30:55.0167 5904 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:30:55.0199 5904 lltdio - ok
20:30:55.0230 5904 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:30:55.0277 5904 lltdsvc - ok
20:30:55.0292 5904 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:30:55.0324 5904 lmhosts - ok
20:30:55.0324 5904 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:30:55.0339 5904 LMouFilt - ok
20:30:55.0371 5904 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:30:55.0386 5904 LSI_FC - ok
20:30:55.0386 5904 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:30:55.0402 5904 LSI_SAS - ok
20:30:55.0417 5904 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:30:55.0433 5904 LSI_SAS2 - ok
20:30:55.0433 5904 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:30:55.0449 5904 LSI_SCSI - ok
20:30:55.0464 5904 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:30:55.0480 5904 luafv - ok
20:30:55.0511 5904 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:30:55.0527 5904 Mcx2Svc - ok
20:30:55.0542 5904 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:30:55.0542 5904 megasas - ok
20:30:55.0558 5904 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:30:55.0574 5904 MegaSR - ok
20:30:55.0589 5904 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:30:55.0621 5904 MMCSS - ok
20:30:55.0636 5904 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:30:55.0667 5904 Modem - ok
20:30:55.0699 5904 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:30:55.0730 5904 monitor - ok
20:30:55.0746 5904 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:30:55.0761 5904 mouclass - ok
20:30:55.0808 5904 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:30:55.0840 5904 mouhid - ok
20:30:55.0872 5904 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:30:55.0887 5904 mountmgr - ok
20:30:55.0950 5904 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:30:55.0950 5904 MozillaMaintenance - ok
20:30:55.0965 5904 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:30:55.0981 5904 mpio - ok
20:30:55.0981 5904 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:30:56.0028 5904 mpsdrv - ok
20:30:56.0075 5904 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:30:56.0122 5904 MpsSvc - ok
20:30:56.0153 5904 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:30:56.0184 5904 MRxDAV - ok
20:30:56.0231 5904 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:30:56.0278 5904 mrxsmb - ok
20:30:56.0309 5904 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:30:56.0356 5904 mrxsmb10 - ok
20:30:56.0356 5904 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:30:56.0372 5904 mrxsmb20 - ok
20:30:56.0418 5904 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:30:56.0418 5904 msahci - ok
20:30:56.0465 5904 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:30:56.0481 5904 msdsm - ok
20:30:56.0497 5904 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:30:56.0512 5904 MSDTC - ok
20:30:56.0559 5904 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:30:56.0575 5904 Msfs - ok
20:30:56.0590 5904 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:30:56.0622 5904 mshidkmdf - ok
20:30:56.0653 5904 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:30:56.0668 5904 msisadrv - ok
20:30:56.0700 5904 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:30:56.0731 5904 MSiSCSI - ok
20:30:56.0731 5904 msiserver - ok
20:30:56.0762 5904 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:30:56.0778 5904 MSKSSRV - ok
20:30:56.0793 5904 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:30:56.0825 5904 MSPCLOCK - ok
20:30:56.0825 5904 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:30:56.0873 5904 MSPQM - ok
20:30:56.0904 5904 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:30:56.0919 5904 MsRPC - ok
20:30:56.0919 5904 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:30:56.0935 5904 mssmbios - ok
20:30:56.0951 5904 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:30:56.0966 5904 MSTEE - ok
20:30:57.0013 5904 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:30:57.0044 5904 MTConfig - ok
20:30:57.0044 5904 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:30:57.0060 5904 Mup - ok
20:30:57.0091 5904 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:30:57.0123 5904 napagent - ok
20:30:57.0154 5904 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:30:57.0169 5904 NativeWifiP - ok
20:30:57.0279 5904 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
20:30:57.0294 5904 NAUpdate - ok
20:30:57.0388 5904 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130412.003\NAVENG.SYS
20:30:57.0404 5904 NAVENG - ok
20:30:57.0466 5904 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130412.003\NAVEX15.SYS
20:30:57.0498 5904 NAVEX15 - ok
20:30:57.0544 5904 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:30:57.0560 5904 NDIS - ok
20:30:57.0607 5904 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:30:57.0638 5904 NdisCap - ok
20:30:57.0669 5904 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:30:57.0685 5904 NdisTapi - ok
20:30:57.0732 5904 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:30:57.0748 5904 Ndisuio - ok
20:30:57.0794 5904 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:30:57.0826 5904 NdisWan - ok
20:30:57.0874 5904 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:30:57.0905 5904 NDProxy - ok
20:30:57.0952 5904 [ 29C45722E20572B6440B57E3359E73EE ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
20:30:57.0952 5904 Netaapl ( UnsignedFile.Multi.Generic ) - warning
20:30:57.0952 5904 Netaapl - detected UnsignedFile.Multi.Generic (1)
20:30:58.0030 5904 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:30:58.0061 5904 NetBIOS - ok
20:30:58.0092 5904 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:30:58.0124 5904 NetBT - ok
20:30:58.0139 5904 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:30:58.0155 5904 Netlogon - ok
20:30:58.0186 5904 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:30:58.0217 5904 Netman - ok
20:30:58.0233 5904 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:30:58.0264 5904 netprofm - ok
20:30:58.0311 5904 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:30:58.0311 5904 NetTcpPortSharing - ok
20:30:58.0358 5904 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:30:58.0374 5904 nfrd960 - ok
20:30:58.0452 5904 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
20:30:58.0452 5904 NIS - ok
20:30:58.0499 5904 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:30:58.0499 5904 NlaSvc - ok
20:30:58.0514 5904 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:30:58.0530 5904 Npfs - ok
20:30:58.0545 5904 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:30:58.0577 5904 nsi - ok
20:30:58.0577 5904 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:30:58.0608 5904 nsiproxy - ok
20:30:58.0655 5904 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:30:58.0686 5904 Ntfs - ok
20:30:58.0702 5904 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:30:58.0749 5904 Null - ok
20:30:58.0764 5904 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:30:58.0780 5904 nvraid - ok
20:30:58.0811 5904 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:30:58.0827 5904 nvstor - ok
20:30:58.0842 5904 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:30:58.0842 5904 nv_agp - ok
20:30:58.0953 5904 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:30:58.0968 5904 odserv - ok
20:30:59.0031 5904 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:30:59.0046 5904 ohci1394 - ok
20:30:59.0078 5904 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:30:59.0093 5904 ose - ok
20:30:59.0125 5904 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:30:59.0171 5904 p2pimsvc - ok
20:30:59.0187 5904 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:30:59.0218 5904 p2psvc - ok
20:30:59.0250 5904 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:30:59.0281 5904 Parport - ok
20:30:59.0312 5904 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:30:59.0312 5904 partmgr - ok
20:30:59.0328 5904 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:30:59.0343 5904 Parvdm - ok
20:30:59.0359 5904 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:30:59.0375 5904 PcaSvc - ok
20:30:59.0390 5904 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:30:59.0406 5904 pci - ok
20:30:59.0437 5904 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:30:59.0453 5904 pciide - ok
20:30:59.0468 5904 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:30:59.0484 5904 pcmcia - ok
20:30:59.0484 5904 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:30:59.0500 5904 pcw - ok
20:30:59.0531 5904 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:30:59.0546 5904 PEAUTH - ok
20:30:59.0609 5904 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:30:59.0640 5904 PeerDistSvc - ok
20:30:59.0703 5904 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:30:59.0734 5904 pla - ok
20:30:59.0781 5904 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:30:59.0796 5904 PlugPlay - ok
20:30:59.0828 5904 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:30:59.0843 5904 PNRPAutoReg - ok
20:30:59.0875 5904 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:30:59.0875 5904 PNRPsvc - ok
20:30:59.0938 5904 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:30:59.0954 5904 PolicyAgent - ok
20:31:00.0016 5904 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:31:00.0032 5904 Power - ok
20:31:00.0079 5904 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:31:00.0110 5904 PptpMiniport - ok
20:31:00.0125 5904 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:31:00.0157 5904 Processor - ok
20:31:00.0204 5904 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:31:00.0235 5904 ProfSvc - ok
20:31:00.0235 5904 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:00.0250 5904 ProtectedStorage - ok
20:31:00.0266 5904 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:31:00.0297 5904 Psched - ok
20:31:00.0329 5904 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:31:00.0360 5904 ql2300 - ok
20:31:00.0375 5904 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:31:00.0375 5904 ql40xx - ok
20:31:00.0407 5904 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:31:00.0438 5904 QWAVE - ok
20:31:00.0438 5904 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:31:00.0454 5904 QWAVEdrv - ok
20:31:00.0469 5904 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:31:00.0500 5904 RasAcd - ok
20:31:00.0547 5904 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:00.0563 5904 RasAgileVpn - ok
20:31:00.0579 5904 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:31:00.0625 5904 RasAuto - ok
20:31:00.0625 5904 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:00.0657 5904 Rasl2tp - ok
20:31:00.0704 5904 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:31:00.0750 5904 RasMan - ok
20:31:00.0766 5904 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:00.0797 5904 RasPppoe - ok
20:31:00.0829 5904 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:31:00.0860 5904 RasSstp - ok
20:31:00.0891 5904 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:31:00.0907 5904 rdbss - ok
20:31:00.0922 5904 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:00.0938 5904 rdpbus - ok
20:31:00.0969 5904 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:01.0000 5904 RDPCDD - ok
20:31:01.0047 5904 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:31:01.0079 5904 RDPDR - ok
20:31:01.0094 5904 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:31:01.0125 5904 RDPENCDD - ok
20:31:01.0141 5904 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:31:01.0172 5904 RDPREFMP - ok
20:31:01.0219 5904 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:31:01.0250 5904 RDPWD - ok
20:31:01.0297 5904 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:31:01.0313 5904 rdyboost - ok
20:31:01.0344 5904 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:31:01.0391 5904 RemoteAccess - ok
20:31:01.0407 5904 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:31:01.0438 5904 RemoteRegistry - ok
20:31:01.0469 5904 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:31:01.0500 5904 RpcEptMapper - ok
20:31:01.0516 5904 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:31:01.0547 5904 RpcLocator - ok
20:31:01.0563 5904 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:31:01.0594 5904 RpcSs - ok
20:31:01.0625 5904 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:31:01.0657 5904 rspndr - ok
20:31:01.0719 5904 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:31:01.0735 5904 RTL8167 - ok
20:31:01.0766 5904 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:31:01.0797 5904 s3cap - ok
20:31:01.0797 5904 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:31:01.0813 5904 SamSs - ok
20:31:01.0829 5904 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:31:01.0844 5904 sbp2port - ok
20:31:01.0860 5904 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:31:01.0875 5904 SCardSvr - ok
20:31:01.0907 5904 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:31:01.0938 5904 scfilter - ok
20:31:02.0063 5904 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:31:02.0094 5904 Schedule - ok
20:31:02.0094 5904 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:31:02.0125 5904 SCPolicySvc - ok
20:31:02.0157 5904 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:31:02.0172 5904 SDRSVC - ok
20:31:02.0219 5904 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:31:02.0250 5904 secdrv - ok
20:31:02.0282 5904 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:31:02.0297 5904 seclogon - ok
20:31:02.0329 5904 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:31:02.0344 5904 SENS - ok
20:31:02.0391 5904 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:31:02.0422 5904 SensrSvc - ok
20:31:02.0438 5904 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:31:02.0469 5904 Serenum - ok
20:31:02.0485 5904 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:31:02.0516 5904 Serial - ok
20:31:02.0547 5904 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:31:02.0547 5904 sermouse - ok
20:31:02.0594 5904 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:31:02.0625 5904 SessionEnv - ok
20:31:02.0657 5904 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:31:02.0688 5904 sffdisk - ok
20:31:02.0704 5904 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:31:02.0735 5904 sffp_mmc - ok
20:31:02.0766 5904 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:31:02.0782 5904 sffp_sd - ok
20:31:02.0782 5904 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:31:02.0797 5904 sfloppy - ok
20:31:02.0829 5904 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:31:02.0844 5904 SharedAccess - ok
20:31:02.0860 5904 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:02.0907 5904 ShellHWDetection - ok
20:31:02.0938 5904 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:31:02.0938 5904 sisagp - ok
20:31:02.0969 5904 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:31:02.0969 5904 SiSRaid2 - ok
20:31:03.0047 5904 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:31:03.0047 5904 SiSRaid4 - ok
20:31:03.0079 5904 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:31:03.0094 5904 Smb - ok
20:31:03.0125 5904 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:31:03.0141 5904 SNMPTRAP - ok
20:31:03.0141 5904 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:31:03.0157 5904 spldr - ok
20:31:03.0204 5904 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:31:03.0250 5904 Spooler - ok
20:31:03.0329 5904 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:31:03.0391 5904 sppsvc - ok
20:31:03.0422 5904 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:31:03.0469 5904 sppuinotify - ok
20:31:03.0563 5904 [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP C:\Windows\System32\Drivers\NIS\1403000.024\SRTSP.SYS
20:31:03.0579 5904 SRTSP - ok
20:31:03.0594 5904 [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX C:\Windows\system32\drivers\NIS\1403000.024\SRTSPX.SYS
20:31:03.0610 5904 SRTSPX - ok
20:31:03.0641 5904 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:31:03.0672 5904 srv - ok
20:31:03.0688 5904 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:31:03.0704 5904 srv2 - ok
20:31:03.0719 5904 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:31:03.0735 5904 srvnet - ok
20:31:03.0766 5904 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:31:03.0797 5904 SSDPSRV - ok
20:31:03.0813 5904 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:31:03.0860 5904 SstpSvc - ok
20:31:03.0875 5904 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:31:03.0891 5904 stexstor - ok
20:31:03.0938 5904 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
20:31:03.0969 5904 StillCam - ok
20:31:04.0032 5904 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:31:04.0063 5904 StiSvc - ok
20:31:04.0094 5904 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:31:04.0110 5904 storflt - ok
20:31:04.0141 5904 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:31:04.0157 5904 StorSvc - ok
20:31:04.0188 5904 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:31:04.0204 5904 storvsc - ok
20:31:04.0235 5904 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:31:04.0250 5904 swenum - ok
20:31:04.0266 5904 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:31:04.0297 5904 swprv - ok
20:31:04.0344 5904 [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS C:\Windows\system32\drivers\NIS\1403000.024\SYMDS.SYS
20:31:04.0360 5904 SymDS - ok
20:31:04.0375 5904 [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA C:\Windows\system32\drivers\NIS\1403000.024\SYMEFA.SYS
20:31:04.0407 5904 SymEFA - ok
20:31:04.0422 5904 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
20:31:04.0438 5904 SymEvent - ok
20:31:04.0469 5904 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\NIS\1403000.024\Ironx86.SYS
20:31:04.0485 5904 SymIRON - ok
20:31:04.0500 5904 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\NIS\1403000.024\SYMNETS.SYS
20:31:04.0516 5904 SymNetS - ok
20:31:04.0594 5904 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:31:04.0610 5904 SysMain - ok
20:31:04.0657 5904 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:04.0672 5904 TabletInputService - ok
20:31:04.0719 5904 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:31:04.0735 5904 TapiSrv - ok
20:31:04.0766 5904 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:31:04.0782 5904 TBS - ok
20:31:04.0829 5904 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:31:04.0860 5904 Tcpip - ok
20:31:04.0891 5904 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:31:04.0907 5904 TCPIP6 - ok
20:31:04.0938 5904 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:31:04.0969 5904 tcpipreg - ok
20:31:05.0032 5904 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:31:05.0063 5904 TDPIPE - ok
20:31:05.0094 5904 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:31:05.0110 5904 TDTCP - ok
20:31:05.0157 5904 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:31:05.0172 5904 tdx - ok
20:31:05.0204 5904 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:31:05.0219 5904 TermDD - ok
20:31:05.0266 5904 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:31:05.0282 5904 TermService - ok
20:31:05.0313 5904 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:31:05.0329 5904 Themes - ok
20:31:05.0344 5904 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:31:05.0375 5904 THREADORDER - ok
20:31:05.0391 5904 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:31:05.0422 5904 TrkWks - ok
20:31:05.0485 5904 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:05.0516 5904 TrustedInstaller - ok
20:31:05.0547 5904 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:05.0579 5904 tssecsrv - ok
20:31:05.0625 5904 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:31:05.0657 5904 TsUsbFlt - ok
20:31:05.0688 5904 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:31:05.0719 5904 tunnel - ok
20:31:05.0766 5904 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:31:05.0782 5904 uagp35 - ok
20:31:05.0797 5904 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:31:05.0829 5904 udfs - ok
20:31:05.0860 5904 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:31:05.0875 5904 UI0Detect - ok
20:31:05.0891 5904 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:31:05.0891 5904 uliagpkx - ok
20:31:05.0955 5904 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:31:05.0970 5904 umbus - ok
20:31:05.0986 5904 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:31:06.0033 5904 UmPass - ok
20:31:06.0064 5904 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:31:06.0080 5904 UmRdpService - ok
20:31:06.0111 5904 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:31:06.0126 5904 upnphost - ok
20:31:06.0173 5904 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:31:06.0173 5904 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
20:31:06.0173 5904 USBAAPL - detected UnsignedFile.Multi.Generic (1)
20:31:06.0205 5904 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:06.0251 5904 usbccgp - ok
20:31:06.0314 5904 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:31:06.0361 5904 usbcir - ok
20:31:06.0392 5904 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:31:06.0408 5904 usbehci - ok
20:31:06.0423 5904 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:31:06.0455 5904 usbhub - ok
20:31:06.0470 5904 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:31:06.0501 5904 usbohci - ok
20:31:06.0548 5904 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:31:06.0564 5904 usbprint - ok
20:31:06.0595 5904 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:31:06.0611 5904 usbscan - ok
20:31:06.0626 5904 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:06.0658 5904 USBSTOR - ok
20:31:06.0658 5904 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:31:06.0673 5904 usbuhci - ok
20:31:06.0689 5904 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:31:06.0720 5904 UxSms - ok
20:31:06.0720 5904 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:31:06.0736 5904 VaultSvc - ok
20:31:06.0751 5904 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:31:06.0767 5904 vdrvroot - ok
20:31:06.0814 5904 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:31:06.0845 5904 vds - ok
20:31:06.0876 5904 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:06.0892 5904 vga - ok
20:31:06.0939 5904 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:31:06.0955 5904 VgaSave - ok
20:31:06.0986 5904 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:31:07.0001 5904 vhdmp - ok
20:31:07.0033 5904 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:31:07.0048 5904 viaagp - ok
20:31:07.0048 5904 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:31:07.0064 5904 ViaC7 - ok
20:31:07.0095 5904 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:31:07.0111 5904 viaide - ok
20:31:07.0126 5904 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:31:07.0126 5904 vmbus - ok
20:31:07.0142 5904 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:31:07.0173 5904 VMBusHID - ok
20:31:07.0189 5904 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:31:07.0189 5904 volmgr - ok
20:31:07.0205 5904 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:31:07.0220 5904 volmgrx - ok
20:31:07.0236 5904 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:31:07.0251 5904 volsnap - ok
20:31:07.0267 5904 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:31:07.0283 5904 vsmraid - ok
20:31:07.0330 5904 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:31:07.0361 5904 VSS - ok
20:31:07.0376 5904 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:31:07.0392 5904 vwifibus - ok
20:31:07.0408 5904 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:31:07.0439 5904 W32Time - ok
20:31:07.0455 5904 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:31:07.0486 5904 WacomPen - ok
20:31:07.0501 5904 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:31:07.0533 5904 WANARP - ok
20:31:07.0533 5904 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:31:07.0548 5904 Wanarpv6 - ok
20:31:07.0611 5904 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:31:07.0642 5904 WatAdminSvc - ok
20:31:07.0689 5904 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:31:07.0736 5904 wbengine - ok
20:31:07.0751 5904 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:31:07.0783 5904 WbioSrvc - ok
20:31:07.0814 5904 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:31:07.0845 5904 wcncsvc - ok
20:31:07.0861 5904 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:07.0908 5904 WcsPlugInService - ok
20:31:07.0939 5904 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:31:07.0955 5904 Wd - ok
20:31:08.0048 5904 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:31:08.0064 5904 Wdf01000 - ok
20:31:08.0064 5904 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:31:08.0126 5904 WdiServiceHost - ok
20:31:08.0126 5904 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:31:08.0142 5904 WdiSystemHost - ok
20:31:08.0173 5904 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:31:08.0189 5904 WebClient - ok
20:31:08.0205 5904 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:31:08.0236 5904 Wecsvc - ok
20:31:08.0236 5904 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:31:08.0267 5904 wercplsupport - ok
20:31:08.0314 5904 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:31:08.0345 5904 WerSvc - ok
20:31:08.0376 5904 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:08.0392 5904 WfpLwf - ok
20:31:08.0408 5904 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:31:08.0423 5904 WIMMount - ok
20:31:08.0486 5904 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:31:08.0517 5904 WinDefend - ok
20:31:08.0517 5904 WinHttpAutoProxySvc - ok
20:31:08.0580 5904 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:31:08.0611 5904 Winmgmt - ok
20:31:08.0658 5904 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:31:08.0705 5904 WinRM - ok
20:31:08.0751 5904 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:08.0783 5904 WinUsb - ok
20:31:08.0814 5904 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:31:08.0830 5904 Wlansvc - ok
20:31:08.0861 5904 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:31:08.0892 5904 WmiAcpi - ok
20:31:08.0923 5904 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:31:08.0955 5904 wmiApSrv - ok
20:31:09.0064 5904 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:31:09.0126 5904 WMPNetworkSvc - ok
20:31:09.0142 5904 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:31:09.0173 5904 WPCSvc - ok
20:31:09.0205 5904 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:31:09.0251 5904 WPDBusEnum - ok
20:31:09.0283 5904 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:31:09.0314 5904 ws2ifsl - ok
20:31:09.0330 5904 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:31:09.0345 5904 wscsvc - ok
20:31:09.0361 5904 WSearch - ok
20:31:09.0423 5904 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:31:09.0455 5904 wuauserv - ok
20:31:09.0486 5904 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:31:09.0501 5904 WudfPf - ok
20:31:09.0548 5904 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:09.0580 5904 WUDFRd - ok
20:31:09.0626 5904 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:31:09.0642 5904 wudfsvc - ok
20:31:09.0673 5904 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:31:09.0689 5904 WwanSvc - ok
20:31:09.0720 5904 ================ Scan global ===============================
20:31:09.0751 5904 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:31:09.0783 5904 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:31:09.0783 5904 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:31:09.0814 5904 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:31:09.0845 5904 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:31:09.0845 5904 [Global] - ok
20:31:09.0845 5904 ================ Scan MBR ==================================
20:31:09.0845 5904 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:31:10.0111 5904 \Device\Harddisk0\DR0 - ok
20:31:10.0111 5904 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
20:31:10.0220 5904 \Device\Harddisk2\DR2 - ok
20:31:10.0220 5904 ================ Scan VBR ==================================
20:31:10.0236 5904 [ 7B923E29DA758FE36617F5CEA1959D42 ] \Device\Harddisk0\DR0\Partition1
20:31:10.0236 5904 \Device\Harddisk0\DR0\Partition1 - ok
20:31:10.0236 5904 [ 1FEE1E2957070376D192CDC2C678C24F ] \Device\Harddisk2\DR2\Partition1
20:31:10.0236 5904 \Device\Harddisk2\DR2\Partition1 - ok
20:31:10.0236 5904 ============================================================
20:31:10.0236 5904 Scan finished
20:31:10.0236 5904 ============================================================
20:31:10.0236 6188 Detected object count: 5
20:31:10.0236 6188 Actual detected object count: 5
20:31:49.0408 6188 aqpidcertstorecheck ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:49.0408 6188 aqpidcertstorecheck ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:49.0408 6188 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:49.0408 6188 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:49.0408 6188 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:49.0408 6188 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:49.0408 6188 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:49.0408 6188 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:49.0408 6188 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:49.0408 6188 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:14.0127 7864 Deinitialize success
|
|
13.04.2013, 14:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 17:07
| #13 |
| | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Das Logfile: Code:
ATTFilter ComboFix 13-04-12.02 - Jürg 13.04.2013 17:52:24.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.2046.1085 [GMT 2:00]
ausgeführt von:: c:\users\J³rg\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jürg\ptw12.exe
c:\windows\system32\3500_256.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-13 bis 2013-04-13 ))))))))))))))))))))))))))))))
.
.
2013-04-13 16:00 . 2013-04-13 16:00 -------- d-----w- c:\users\Jürg\AppData\Local\temp
2013-04-13 16:00 . 2013-04-13 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 12:38 . 2013-04-12 12:38 -------- d-----w- c:\programdata\Malwarebytes
2013-04-11 12:41 . 2013-04-11 12:41 -------- d-----w- c:\windows\ERUNT
2013-04-11 12:41 . 2013-04-11 12:41 -------- d-----w- C:\JRT
2013-04-10 11:05 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 11:05 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 11:05 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 11:05 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 11:05 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 11:05 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 11:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 11:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-07 18:28 . 2013-04-07 18:30 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-04-07 17:12 . 2013-04-07 17:12 -------- d-----w- c:\users\J³rg
2013-04-07 16:49 . 2013-04-07 16:49 -------- d-----w- c:\windows\system32\IO
2013-04-07 16:37 . 2013-04-07 16:37 68608 ----a-w- c:\windows\system32\wininetd.exe
2013-04-07 16:37 . 2013-04-07 16:37 -------- d-----w- c:\users\Jürg\AppData\Roaming\Opera
2013-04-07 16:32 . 2011-05-13 11:16 493056 ----a-w- c:\windows\system32\dhRichClient3.dll
2013-04-07 16:32 . 2011-03-25 19:42 338432 ----a-w- c:\windows\system32\sqlite36_engine.dll
2013-04-07 16:32 . 2013-04-07 16:32 -------- d-----w- c:\users\Jürg\AppData\Local\Programs
2013-04-07 16:25 . 2013-04-07 16:25 91 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-02 15:36 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-19 11:58 . 2013-03-19 11:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 12:50 . 2012-04-13 18:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-19 12:50 . 2011-05-16 11:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 11:58 . 2012-11-30 15:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 11:58 . 2010-06-14 16:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-19 11:47 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-19 11:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-31 03:18 . 2013-02-27 16:23 338592 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 16:23 934488 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\symefa.sys
2013-01-29 01:45 . 2013-02-27 16:23 602712 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\srtsp.sys
2013-01-29 01:45 . 2013-02-27 16:23 32344 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\srtspx.sys
2013-01-22 02:15 . 2013-02-27 16:23 367704 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\symds.sys
2013-01-13 21:17 . 2013-02-27 18:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 18:48 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 18:48 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 18:48 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:48 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30 . 2013-02-27 18:48 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22 . 2013-02-27 18:48 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 18:48 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09 . 2013-02-27 18:48 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 18:48 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 18:48 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54 . 2013-02-27 18:48 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 18:48 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 18:48 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48 . 2013-02-27 18:48 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 18:48 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43 . 2013-02-27 18:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37 . 2013-02-27 18:48 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 18:48 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 18:48 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 18:48 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-12 14:35 . 2013-04-12 14:35 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jürg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jürg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jürg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-28 1406248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Jürg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jürg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 aqpidcertstorecheck;Microsoft Display Access;c:\windows\system32\wininetd.exe [x]
R2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\Fun4IM\Bandoo.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1403000.024\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1403000.024\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1403000.024\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1403000.024\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1403000.024\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:50]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 17:25]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 17:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jürg\AppData\Roaming\Mozilla\Firefox\Profiles\xojm5ys6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-13 18:02:13
ComboFix-quarantined-files.txt 2013-04-13 16:02
.
Vor Suchlauf: 11 Verzeichnis(se), 72'404'680'704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 72'260'141'056 Bytes frei
.
- - End Of File - - FCBC7C1C1C009A70B8C3DBCBBE036E6B
|
|
13.04.2013, 17:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 19:20
| #15 |
| | Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! Das Logfile: Code:
ATTFilter ComboFix 13-04-12.02 - Jürg 13.04.2013 20:05:42.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.2046.943 [GMT 2:00]
ausgeführt von:: c:\users\J³rg\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\J³rg\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Wininetd.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aqpidcertstorecheck
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-13 bis 2013-04-13 ))))))))))))))))))))))))))))))
.
.
2013-04-13 18:12 . 2013-04-13 18:14 -------- d-----w- c:\users\Jürg\AppData\Local\temp
2013-04-12 12:38 . 2013-04-12 12:38 -------- d-----w- c:\programdata\Malwarebytes
2013-04-11 12:41 . 2013-04-11 12:41 -------- d-----w- c:\windows\ERUNT
2013-04-11 12:41 . 2013-04-11 12:41 -------- d-----w- C:\JRT
2013-04-10 11:05 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 11:05 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 11:05 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 11:05 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 11:05 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 11:05 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 11:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 11:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-07 18:28 . 2013-04-07 18:30 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-04-07 17:12 . 2013-04-07 17:12 -------- d-----w- c:\users\J³rg
2013-04-07 16:49 . 2013-04-07 16:49 -------- d-----w- c:\windows\system32\IO
2013-04-07 16:37 . 2013-04-07 16:37 -------- d-----w- c:\users\Jürg\AppData\Roaming\Opera
2013-04-07 16:32 . 2011-05-13 11:16 493056 ----a-w- c:\windows\system32\dhRichClient3.dll
2013-04-07 16:32 . 2011-03-25 19:42 338432 ----a-w- c:\windows\system32\sqlite36_engine.dll
2013-04-07 16:32 . 2013-04-07 16:32 -------- d-----w- c:\users\Jürg\AppData\Local\Programs
2013-04-07 16:25 . 2013-04-07 16:25 91 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-02 15:36 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-19 11:58 . 2013-03-19 11:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 12:50 . 2012-04-13 18:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-19 12:50 . 2011-05-16 11:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 11:58 . 2012-11-30 15:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 11:58 . 2010-06-14 16:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-19 11:47 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-19 11:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-31 03:18 . 2013-02-27 16:23 338592 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 16:23 934488 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\symefa.sys
2013-01-29 01:45 . 2013-02-27 16:23 602712 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\srtsp.sys
2013-01-29 01:45 . 2013-02-27 16:23 32344 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\srtspx.sys
2013-01-22 02:15 . 2013-02-27 16:23 367704 ----a-w- c:\windows\system32\drivers\NIS\1403000.024\symds.sys
2013-01-13 21:17 . 2013-02-27 18:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 18:48 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 18:48 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 18:48 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:48 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30 . 2013-02-27 18:48 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22 . 2013-02-27 18:48 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 18:48 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09 . 2013-02-27 18:48 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 18:48 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 18:48 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54 . 2013-02-27 18:48 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 18:48 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 18:48 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48 . 2013-02-27 18:48 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 18:48 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43 . 2013-02-27 18:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37 . 2013-02-27 18:48 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 18:48 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 18:48 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-12 14:35 . 2013-04-12 14:35 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jürg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jürg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jürg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-28 1406248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Jürg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jürg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\Fun4IM\Bandoo.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1403000.024\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1403000.024\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1403000.024\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1403000.024\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1403000.024\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:50]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 17:25]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 17:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jürg\AppData\Roaming\Mozilla\Firefox\Profiles\xojm5ys6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2268)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Jürg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-13 20:17:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-13 18:17
ComboFix2.txt 2013-04-13 16:02
.
Vor Suchlauf: 15 Verzeichnis(se), 71'856'627'712 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 71'682'465'792 Bytes frei
.
- - End Of File - - 8C801226B28B32C14535744583F93741
|
|
| Themen zu Langsamer Firefox, immer erscheint "Verbunden mit shpr.co..." ! |
| browser, c:\windows, datei, erkannt, firefox, folge, gen, gfiltersvc.exe, google, guten, langsamer, links, logfiles, meldung, neues, nichts, problem, programme, software, system, system32, thema, werbefenster, windows, yahoo, öffnen |
Linear-Darstellung
