Trojaner-Board - wss4191.tmp und yontoo

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - wss4191.tmp und yontoo (https://www.trojaner-board.de/136898-wss4191-tmp-yontoo.html)

wss4191.tmp und yontoo

Hallo,

sobald ich den computer neu starte, bekomme ich die Meldung zum installieren von wss4191.tmp von perion. von perion hab ich aber nichts installiert.
desweiteren habe ich in meinen programmen "yontoo" gefunden, daß ich nicht deinstallieren kann.

wäre super, wenn mir jemand helfen könnte.

ich hab schon etwas gelesen, aber ich denke, da ich beide probleme habe, melde ich lieber hier. ach ja, und wie kann ich dann jemanden diese .txt-dateien schicken. dafür kenne ich mich zu wenig damit aus, sorry

Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

ich habe avg internet security 2013 und norton anti-virus. hab aber nie ne meldung bekommen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Code:

OTL logfile created on: 19.06.2013 22:48:31 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 39,20% Memory free

6,19 Gb Paging File | 4,05 Gb Available in Paging File | 65,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,04 Gb Total Space | 32,14 Gb Free Space | 22,31% Space Free | Partition Type: NTFS

Drive D: | 140,50 Gb Total Space | 22,42 Gb Free Space | 15,95% Space Free | Partition Type: NTFS

 

Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)

PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)

PRC - C:\Program Files\AVG Secure Search\vprot.exe ()

PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)

PRC - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)

PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll ()

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()

MOD - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (rrinttaller) -- C:\Windows\system32\KBDIOASA.exe File not found

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found

SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found

SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe (Symantec Corporation)

SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)

SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)

SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)

SRV - (cmd32) -- C:\Windows\System32\NapiNSPd.exe ()

SRV - (Bandoo Coordinator) -- C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)

SRV - (PST Service) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)

SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS File not found

DRV - (SYMFW) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMFW.SYS File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found

DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found

DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found

DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found

DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found

DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found

DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found

DRV - (k57nd60x) -- system32\DRIVERS\k57nd60x.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found

DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found

DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found

DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found

DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found

DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found

DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found

DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.002\NAVENG.SYS (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1404000.028\symds.sys (Symantec Corporation)

DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)

DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1404000.028\srtsp.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1404000.028\symtdiv.sys (Symantec Corporation)

DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys (Symantec Corporation)

DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1404000.028\ccsetx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1404000.028\ironx86.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1404000.028\srtspx.sys (Symantec Corporation)

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130618.001\IDSvix86.sys (Symantec Corporation)

DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (qciusbnet) -- C:\Windows\System32\drivers\qciusbnet.sys (Yota)

DRV - (qciusbser) -- C:\Windows\System32\drivers\qciusbser.sys (Yota)

DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)

DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)

DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

 

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={12096131-13C2-442D-AE38-ED64DF40BC0E}&mid=5c5a5a5dbf6647d094f8d16acd837683-34b10f71087b93e4f11146a951b354a2922d70ff&lang=de&ds=AVG&pr=pr&d=2012-10-25 09:56:58&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=SWL&chn=retail&geo=DE&ver=2013&locale=de_DE&tpr=111

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={12096131-13C2-442D-AE38-ED64DF40BC0E}&mid=5c5a5a5dbf6647d094f8d16acd837683-34b10f71087b93e4f11146a951b354a2922d70ff&lang=de&ds=AVG&pr=pr&d=2012-10-25 09:56:58&v=13.2.0.4&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=SWL&chn=retail&geo=DE&ver=2013&locale=de_DE&tpr=111

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\ [2013.06.19 20:56:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.20 19:52:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com [2012.12.29 16:24:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\ [2012.10.19 22:23:13 | 000,000,000 | ---D | M]

 

[2012.12.29 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions

[2012.12.29 16:24:09 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions\ffox@bandoo.com

[2012.12.28 22:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\extensions

[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)

O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe (AVG Secure Search)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe (AVG Secure Search)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [EPSON Stylus DX9400F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\.DEFAULT..\RunOnce: []  File not found

O4 - HKU\S-1-5-18..\RunOnce: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: []  File not found

O4 - HKU\S-1-5-20..\RunOnce: []  File not found

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: []  File not found

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: [ScrSav]  File not found

O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{953825AE-A4D2-4671-AE71-709636AB8FB8}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C20B90ED-AF1B-4DB2-8A95-C308F300E354}: DhcpNameServer = 83.149.24.244 83.149.24.243

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F670E7BE-CF05-491F-AB7C-F22E3D093A60}: DhcpNameServer = 212.166.64.1 212.166.64.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)

O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{871baeaa-7e81-11e1-946f-00238b679f70}\Shell - "" = AutoRun

O33 - MountPoints2\{871baeaa-7e81-11e1-946f-00238b679f70}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.19 22:45:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2013.06.19 22:40:31 | 005,081,021 | ---- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe

[2013.06.19 22:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013.06.19 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Check

[2013.06.19 21:21:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes

[2013.06.19 21:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.06.19 21:20:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.06.19 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.06.19 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013.06.15 03:02:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013.06.15 03:02:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013.06.15 03:02:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013.06.15 03:02:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013.06.15 03:02:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013.06.15 03:02:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013.06.15 03:02:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013.06.15 03:02:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013.06.14 15:34:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll

[2013.06.14 00:11:58 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe

[2013.06.14 00:11:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll

[2013.06.14 00:11:53 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013.06.14 00:11:52 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013.06.14 00:11:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll

[2013.05.30 23:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2013.05.21 20:20:20 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.19 22:47:18 | 005,081,021 | ---- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe

[2013.06.19 22:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2013.06.19 22:24:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.06.19 21:42:16 | 000,235,008 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.06.19 20:54:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.06.19 20:54:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.06.19 20:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.06.19 20:54:24 | 002,198,189 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\Cat.DB

[2013.06.19 20:54:18 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.19 20:53:15 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\VT20130115.021

[2013.06.19 19:43:40 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.06.19 19:43:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.06.19 19:43:40 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.06.19 19:43:40 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.06.19 19:01:15 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.06.19 04:21:01 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2013.06.19 04:21:01 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2013.06.19 04:21:01 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2013.06.16 09:34:32 | 000,000,386 | ---- | M] () -- C:\Users\Christian\Desktop\Filme.lnk

[2013.06.11 23:26:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.06.11 23:26:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013.06.04 08:44:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\isolate.ini

[2013.05.31 03:50:15 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NST\7DD04000.00A\isolate.ini

[2013.05.24 04:09:47 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symds.cat

[2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys

[2013.05.23 07:25:28 | 000,007,583 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.cat

[2013.05.23 07:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.inf

[2013.05.21 20:20:47 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2013.05.21 20:20:20 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2013.05.21 18:59:26 | 000,001,356 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat

[2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1404000.028\symds.sys

[2013.05.21 07:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symds.inf

[2013.05.21 06:40:20 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\srtsp.cat

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.19 19:01:15 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.06.16 09:34:29 | 000,000,386 | ---- | C] () -- C:\Users\Christian\Desktop\Filme.lnk

[2013.05.21 20:30:13 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss

[2012.12.08 14:38:25 | 000,000,800 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Christianv3.4.2.2.vbs

[2012.10.18 06:24:14 | 000,001,940 | ---- | C] () -- C:\Users\Christian\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2012.09.13 17:10:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys

[2012.09.01 19:50:39 | 000,065,024 | ---- | C] () -- C:\Windows\System32\NapiNSPd.exe

[2012.03.18 09:41:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2012.03.18 09:40:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2012.03.18 08:20:02 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[2012.03.18 01:35:17 | 000,235,008 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.17 23:41:13 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT

[2012.03.17 23:41:13 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2012.03.17 23:41:13 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2012.03.17 23:38:40 | 000,001,356 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.12.12 12:35:40 | 000,000,000 | -H-D | M] -- C:\Users\Christian\AppData\Roaming\82BC6C71

[2009.03.12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Acer GameZone Console

[2013.03.03 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apowersoft

[2012.10.25 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVG

[2012.10.25 10:00:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVG2013

[2012.08.18 10:23:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Bandoo

[2012.08.09 20:37:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

[2013.05.31 06:33:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon

[2012.04.07 10:48:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\EPSON

[2012.12.12 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\JAM Software

[2012.12.28 22:43:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\JDownloaderPackages

[2012.09.01 19:52:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Lingoes

[2013.01.21 05:43:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MotoCast

[2013.01.11 14:27:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Motorola

[2013.01.10 19:05:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Motorola Mobility

[2013.01.06 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDF Writer

[2012.12.02 19:12:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software

[2013.06.19 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UseNeXT

[2012.12.08 07:38:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinMedia

[2012.12.24 10:50:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XMedia Recode

[2012.10.27 09:28:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2012.10.27 09:28:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2012.10.27 09:28:48 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software

 
 ========== Purity Check ==========

 

 
 

< End of report >

Code:

OTL Extras logfile created on: 19.06.2013 22:48:31 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 39,20% Memory free

6,19 Gb Paging File | 4,05 Gb Available in Paging File | 65,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,04 Gb Total Space | 32,14 Gb Free Space | 22,31% Space Free | Partition Type: NTFS

Drive D: | 140,50 Gb Total Space | 22,42 Gb Free Space | 15,95% Space Free | Partition Type: NTFS

 

Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig" = 0

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AD73A1E-741E-4AF6-9BCD-0B8358CC70A5}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C6BE6929-6642-4AAA-9979-4B9CF7FE0B40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02C22316-AB3B-4722-B3C2-B9BA96824656}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{0425EF1B-2DC2-448A-871B-4E4BECE05C19}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{0662F95D-047F-4791-A585-9225F4DA83BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 

"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0F1EDBD9-A70F-4D4B-B225-C27437358C1B}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{0F69A0CC-3771-42EA-88B1-CDCFDF8D7B88}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{12A0BBAD-0799-4F05-A074-EDBCBDE89D63}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{1951B165-0BAC-48FE-96FB-A83CEA21C260}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{298B1586-8C60-4C8A-A1FD-BA5FD8404DD8}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftdump.dll | 

"{3430496B-E98D-481A-BDEF-BE8AAE95758E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{34AC874B-EBD0-46BF-B71E-2BA12D4F93CF}" = dir=in | app=c:\program files\motorola media link\lite\mml.exe | 

"{3EB5EE15-943D-4F61-AC0D-E74B3963D21C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 

"{41AC618E-0EAA-460D-A25B-F523B59564C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{42357D3C-60CA-4C33-AD80-8BCA2F972B91}" = dir=in | app=c:\program files\apowersoft\video download capture\videodownloadcapture.exe | 

"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{625DC748-AF7B-499E-86A5-FE77129BF5E2}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 

"{6F76510F-55DD-4E55-BD64-3D091694B3C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{75DF6C8A-9721-420B-95C8-592BFC7C92CE}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | 

"{76768208-7E5F-4099-89DD-EE08335E142C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 

"{7B0EC1FA-8128-4772-9190-FE64AFF2A091}" = dir=in | app=c:\program files\apowersoft\video download capture\video-download-capture.exe | 

"{85EEF39B-5664-48EE-9CAD-2646BFBB5DF3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftsrv.dll | 

"{894AC073-E399-4435-B13F-C38B6A1CE359}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | 

"{8D37EE0D-DF0C-4FFC-AE68-49162188A2E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{91930A40-AC44-4C53-86D0-E6744673989A}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 

"{9695C4A4-4944-426C-A3F7-315398F90864}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{A25B67E1-7831-4902-B3DA-7B1F2BFA7EE3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftplayer.dll | 

"{A4B4287C-1D8B-4F3A-A7CC-080ECBF90909}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{B0E4C9B3-2DC4-43B0-BE4D-4185417C6F47}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{B276CEDB-0938-408F-A4A9-6AB0C6885FEB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{C4BFCEB1-CAD9-4EB9-8412-8646C1555D4C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{CE20492F-1F0E-43EC-B5E0-C131FC7A2241}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{D77B2D3A-3337-421F-90B5-F7F9176029BC}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 

"{DD3BB85A-FDFD-4FEF-AAEA-0ABD23A0D060}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{F88EB40C-9D41-4894-9606-1E094FA7E90B}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftac.dll | 

"TCP Query User{4393ACD0-89A4-4D55-B02F-1F4EB866C677}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 

"TCP Query User{6C06F792-DE6F-4778-9BA3-0BC4B37DB972}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 

"UDP Query User{2A9B3E17-0FB5-4605-80FF-92BC6CC3868E}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 

"UDP Query User{B4C5656B-57D4-40C6-9CC2-23038CD08064}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver

"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager

"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013

"{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software

"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V4.3.3

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager

"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013

"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition

"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor

"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7

"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D732E36A-B0C2-4DFF-8C60-4AC06233B2BC}" = Motorola Mobile Drivers Installation 6.0.0

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam

"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.8

"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.22

"AVG" = AVG 2013

"AVG Secure Search" = AVG Security Toolbar

"Bandoo" = Bandoo

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516

"CCleaner" = CCleaner

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"EPSON Scanner" = EPSON Scan

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"Lingoes Translator_is1" = Lingoes 2.8.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NAV" = Norton AntiVirus

"NST" = Norton Identity Safe

"ProInst" = Intel PROSet Wireless

"TreeSize Professional_is1" = TreeSize Professional V5.5

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft

"VLC media player" = VLC media player 2.0.7

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR Archivierer

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 12292

Description = 

 

Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 40

Description = 

 

Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 12292

Description = 

 

Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 40

Description = 

 

Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 12292

Description = 

 

Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = System Restore | ID = 8193

Description = 

 

Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = System Restore | ID = 8210

Description = 

 

Error - 31.05.2013 01:53:15 | Computer Name = Zombie | Source = VSS | ID = 40

Description = 

 

Error - 31.05.2013 01:53:15 | Computer Name = Zombie | Source = VSS | ID = 12292

Description = 

 

Error - 02.06.2013 02:36:11 | Computer Name = Zombie | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 17.06.2013 09:36:33 | Computer Name = Zombie | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 17.06.2013 09:36:37 | Computer Name = Zombie | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 17.06.2013 13:35:37 | Computer Name = Zombie | Source = iaStor | ID = 262153

Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht

 geantwortet.

 

Error - 18.06.2013 13:03:31 | Computer Name = Zombie | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse

 00216B0F626E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server

 hat eine DHCPNACK-Meldung gesendet).

 

Error - 19.06.2013 14:51:14 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006

Description = 

 

Error - 19.06.2013 14:56:01 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006

Description = 

 

Error - 19.06.2013 14:56:01 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006

Description = 

 

Error - 19.06.2013 14:56:01 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 19.06.2013 14:56:26 | Computer Name = Zombie | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 19.06.2013 14:56:39 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001

Description = 

 

 

< End of report >

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-06-20 00:02:12

Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0303 298,09GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\agtdypog.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            8A1327F8                                                                                                                                     ZwAlertResumeThread

SSDT            8A1328D8                                                                                                                                     ZwAlertThread

SSDT            8A131480                                                                                                                                     ZwAllocateVirtualMemory

SSDT            8582B788                                                                                                                                     ZwAlpcConnectPort

SSDT            8A133F10                                                                                                                                     ZwAssignProcessToJobObject

SSDT            8A132548                                                                                                                                     ZwCreateMutant

SSDT            8A133C30                                                                                                                                     ZwCreateSymbolicLinkObject

SSDT            8A130130                                                                                                                                     ZwCreateThread

SSDT            8A133FD0                                                                                                                                     ZwDebugActiveProcess

SSDT            8A131650                                                                                                                                     ZwDuplicateObject

SSDT            8A132008                                                                                                                                     ZwFreeVirtualMemory

SSDT            8A132638                                                                                                                                     ZwImpersonateAnonymousToken

SSDT            8A132718                                                                                                                                     ZwImpersonateThread

SSDT            8A1321C8                                                                                                                                     ZwLoadDriver

SSDT            8A132F08                                                                                                                                     ZwMapViewOfSection

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwNotifyChangeKey [0x963DD14A]

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwNotifyChangeMultipleKeys [0x963DD21A]

SSDT            8A132468                                                                                                                                     ZwOpenEvent

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwOpenProcess [0x963DCD7C]

SSDT            8A131570                                                                                                                                     ZwOpenProcessToken

SSDT            8A1322A8                                                                                                                                     ZwOpenSection

SSDT            8A131740                                                                                                                                     ZwOpenThread

SSDT            8A133E20                                                                                                                                     ZwProtectVirtualMemory

SSDT            8A1329B8                                                                                                                                     ZwResumeThread

SSDT            8A132C58                                                                                                                                     ZwSetContextThread

SSDT            8A132D38                                                                                                                                     ZwSetInformationProcess

SSDT            8A1320E8                                                                                                                                     ZwSetSystemInformation

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwSuspendProcess [0x963DCF6A]

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwSuspendThread [0x963DD000]

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwTerminateProcess [0x963DCE32]

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwTerminateThread [0x963DCECE]

SSDT            8A132E28                                                                                                                                     ZwUnmapViewOfSection

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwWriteVirtualMemory [0x963DD09C]

SSDT            8A133D20                                                                                                                                     ZwCreateThreadEx
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                                                                824BB6E8 1 Byte  [F8]

.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                                                                824BB6E8 8 Bytes  [F8, 27, 13, 8A, D8, 28, 13, ...] {CLC ; DAA ; ADC ECX, [EDX-0x75ecd728]}

.text           ntkrnlpa.exe!KeSetEvent + 131                                                                                                                824BB6FC 4 Bytes  [80, 14, 13, 8A] {ADC BYTE [EBX+EDX], 0x8a}

.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                                824BB708 4 Bytes  [88, B7, 82, 85]

.text           ntkrnlpa.exe!KeSetEvent + 191                                                                                                                824BB75C 4 Bytes  [10, 3F, 13, 8A]

.text           ...                                                                                                                                          
 

---- User code sections - GMER 2.1 ----
 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ntdll.dll!NtTerminateThread                                             77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] USER32.dll!RecordShutdownReason + 36A                                   76F1B7BE 7 Bytes  JMP 00070930 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!OpenSCManagerA + 125                                       75CD2EB8 7 Bytes  JMP 00070768 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!CloseServiceHandle + AA                                    75CD834F 7 Bytes  JMP 00070210 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                75CF9EAF 7 Bytes  JMP 000705A0 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!CreateServiceW + FF                                        75CF9FB3 7 Bytes  JMP 0007012C 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ControlService + C1                                        75CFA079 7 Bytes  JMP 0007084C 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                             75D36629 7 Bytes  JMP 000703D8 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ControlServiceExA + 10E                                    75D3673C 7 Bytes  JMP 00070048 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!SetServiceObjectSecurity + FB                              75D36DD4 7 Bytes  JMP 00070684 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                 75D36F7C 7 Bytes  JMP 000704BC 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ChangeServiceConfig2W + BB                                 75D3729C 2 Bytes  JMP 000702F4 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ChangeServiceConfig2W + BE                                 75D3729F 4 Bytes  [33, 8A, EB, F9]

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ntdll.dll!NtTerminateThread                                                               77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!OpenSCManagerA + 125                                                         75CD2EB8 7 Bytes  JMP 00170768 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!CloseServiceHandle + AA                                                      75CD834F 7 Bytes  JMP 00170210 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                  75CF9EAF 7 Bytes  JMP 001705A0 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!CreateServiceW + FF                                                          75CF9FB3 7 Bytes  JMP 0017012C 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ControlService + C1                                                          75CFA079 7 Bytes  JMP 0017084C 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                               75D36629 7 Bytes  JMP 001703D8 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ControlServiceExA + 10E                                                      75D3673C 7 Bytes  JMP 00170048 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                75D36DD4 7 Bytes  JMP 00170684 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                   75D36F7C 7 Bytes  JMP 001704BC 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                   75D3729C 2 Bytes  JMP 001702F4 

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                   75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }

.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] USER32.dll!RecordShutdownReason + 36A                                                     76F1B7BE 7 Bytes  JMP 00170930 

.text           C:\Windows\system32\nvvsvc.exe[1088] ntdll.dll!NtTerminateThread                                                                             77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!OpenSCManagerA + 125                                                                       75CD2EB8 7 Bytes  JMP 00060768 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!CloseServiceHandle + AA                                                                    75CD834F 7 Bytes  JMP 00060210 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                                75CF9EAF 7 Bytes  JMP 000605A0 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!CreateServiceW + FF                                                                        75CF9FB3 7 Bytes  JMP 0006012C 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ControlService + C1                                                                        75CFA079 7 Bytes  JMP 0006084C 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                             75D36629 7 Bytes  JMP 000603D8 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ControlServiceExA + 10E                                                                    75D3673C 7 Bytes  JMP 00060048 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                              75D36DD4 7 Bytes  JMP 00060684 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                                 75D36F7C 7 Bytes  JMP 000604BC 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                                 75D3729C 2 Bytes  JMP 000602F4 

.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                                 75D3729F 4 Bytes  [32, 8A, EB, F9]

.text           C:\Windows\system32\nvvsvc.exe[1088] USER32.dll!RecordShutdownReason + 36A                                                                   76F1B7BE 7 Bytes  JMP 00060930 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ntdll.dll!NtTerminateThread                                                     77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] USER32.dll!RecordShutdownReason + 36A                                           76F1B7BE 7 Bytes  JMP 00070930 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!OpenSCManagerA + 125                                               75CD2EB8 7 Bytes  JMP 00070768 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!CloseServiceHandle + AA                                            75CD834F 7 Bytes  JMP 00070210 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                        75CF9EAF 7 Bytes  JMP 000705A0 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!CreateServiceW + FF                                                75CF9FB3 7 Bytes  JMP 0007012C 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ControlService + C1                                                75CFA079 7 Bytes  JMP 0007084C 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                     75D36629 7 Bytes  JMP 000703D8 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ControlServiceExA + 10E                                            75D3673C 7 Bytes  JMP 00070048 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity + FB                                      75D36DD4 7 Bytes  JMP 00070684 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                         75D36F7C 7 Bytes  JMP 000704BC 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W + BB                                         75D3729C 2 Bytes  JMP 000702F4 

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W + BE                                         75D3729F 4 Bytes  [33, 8A, EB, F9]

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ntdll.dll!NtTerminateThread                                                   77AA5374 5 Bytes  JMP 0006004C 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!OpenSCManagerA + 125                                             75CD2EB8 7 Bytes  JMP 00080768 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!CloseServiceHandle + AA                                          75CD834F 7 Bytes  JMP 00080210 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                      75CF9EAF 7 Bytes  JMP 000805A0 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!CreateServiceW + FF                                              75CF9FB3 7 Bytes  JMP 0008012C 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ControlService + C1                                              75CFA079 7 Bytes  JMP 0008084C 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                   75D36629 7 Bytes  JMP 000803D8 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ControlServiceExA + 10E                                          75D3673C 7 Bytes  JMP 00080048 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity + FB                                    75D36DD4 7 Bytes  JMP 00080684 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                       75D36F7C 7 Bytes  JMP 000804BC 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W + BB                                       75D3729C 2 Bytes  JMP 000802F4 

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W + BE                                       75D3729F 4 Bytes  [34, 8A, EB, F9] {XOR AL, 0x8a; JMP 0xfffffffd}

.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] USER32.dll!RecordShutdownReason + 36A                                         76F1B7BE 7 Bytes  JMP 00080930 

.text           C:\Windows\system32\nvvsvc.exe[1676] ntdll.dll!NtTerminateThread                                                                             77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!OpenSCManagerA + 125                                                                       75CD2EB8 7 Bytes  JMP 00060768 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!CloseServiceHandle + AA                                                                    75CD834F 7 Bytes  JMP 00060210 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                                75CF9EAF 7 Bytes  JMP 000605A0 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!CreateServiceW + FF                                                                        75CF9FB3 7 Bytes  JMP 0006012C 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ControlService + C1                                                                        75CFA079 7 Bytes  JMP 0006084C 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                             75D36629 7 Bytes  JMP 000603D8 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ControlServiceExA + 10E                                                                    75D3673C 7 Bytes  JMP 00060048 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                              75D36DD4 7 Bytes  JMP 00060684 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                                 75D36F7C 7 Bytes  JMP 000604BC 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                                 75D3729C 2 Bytes  JMP 000602F4 

.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                                 75D3729F 4 Bytes  [32, 8A, EB, F9]

.text           C:\Windows\system32\nvvsvc.exe[1676] USER32.dll!RecordShutdownReason + 36A                                                                   76F1B7BE 7 Bytes  JMP 00060930 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ntdll.dll!NtTerminateThread                                                                  77AA5374 5 Bytes  JMP 0006004C 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!OpenSCManagerA + 125                                                            75CD2EB8 7 Bytes  JMP 00180768 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!CloseServiceHandle + AA                                                         75CD834F 7 Bytes  JMP 00180210 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                     75CF9EAF 7 Bytes  JMP 001805A0 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!CreateServiceW + FF                                                             75CF9FB3 7 Bytes  JMP 0018012C 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ControlService + C1                                                             75CFA079 7 Bytes  JMP 0018084C 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                  75D36629 7 Bytes  JMP 001803D8 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ControlServiceExA + 10E                                                         75D3673C 7 Bytes  JMP 00180048 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                   75D36DD4 7 Bytes  JMP 00180684 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                      75D36F7C 7 Bytes  JMP 001804BC 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                      75D3729C 2 Bytes  JMP 001802F4 

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                      75D3729F 4 Bytes  [44, 8A, EB, F9] {INC ESP; MOV CH, BL; STC }

.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] USER32.dll!RecordShutdownReason + 36A                                                        76F1B7BE 7 Bytes  JMP 00180930 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ntdll.dll!NtTerminateThread                                                77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!OpenSCManagerA + 125                                          75CD2EB8 7 Bytes  JMP 00370768 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!CloseServiceHandle + AA                                       75CD834F 7 Bytes  JMP 00370210 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                   75CF9EAF 7 Bytes  JMP 003705A0 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!CreateServiceW + FF                                           75CF9FB3 7 Bytes  JMP 0037012C 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ControlService + C1                                           75CFA079 7 Bytes  JMP 0037084C 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                75D36629 7 Bytes  JMP 003703D8 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ControlServiceExA + 10E                                       75D3673C 7 Bytes  JMP 00370048 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity + FB                                 75D36DD4 7 Bytes  JMP 00370684 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                    75D36F7C 7 Bytes  JMP 003704BC 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W + BB                                    75D3729C 2 Bytes  JMP 003702F4 

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W + BE                                    75D3729F 4 Bytes  [63, 8A, EB, F9]

.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] USER32.dll!RecordShutdownReason + 36A                                      76F1B7BE 7 Bytes  JMP 00370930 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ntdll.dll!NtTerminateThread                                                             77AA5374 5 Bytes  JMP 0036004C 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] USER32.dll!RecordShutdownReason + 36A                                                   76F1B7BE 7 Bytes  JMP 00380AF4 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!OpenSCManagerA + 125                                                       75CD2EB8 7 Bytes  JMP 00380768 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!CloseServiceHandle + AA                                                    75CD834F 7 Bytes  JMP 00380210 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                75CF9EAF 7 Bytes  JMP 003805A0 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!CreateServiceW + FF                                                        75CF9FB3 7 Bytes  JMP 0038012C 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ControlService + C1                                                        75CFA079 7 Bytes  JMP 0038084C 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                             75D36629 7 Bytes  JMP 003803D8 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ControlServiceExA + 10E                                                    75D3673C 7 Bytes  JMP 00380048 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity + FB                                              75D36DD4 7 Bytes  JMP 00380684 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                 75D36F7C 7 Bytes  JMP 003804BC 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                 75D3729C 2 Bytes  JMP 003802F4 

.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                 75D3729F 4 Bytes  [64, 8A, EB, F9] {MOV CH, BL; STC }

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ntdll.dll!NtTerminateThread                                                77AA5374 5 Bytes  JMP 0017004C 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!OpenSCManagerA + 125                                          75CD2EB8 7 Bytes  JMP 00190768 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!CloseServiceHandle + AA                                       75CD834F 7 Bytes  JMP 00190210 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                   75CF9EAF 7 Bytes  JMP 001905A0 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!CreateServiceW + FF                                           75CF9FB3 7 Bytes  JMP 0019012C 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ControlService + C1                                           75CFA079 7 Bytes  JMP 0019084C 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                75D36629 7 Bytes  JMP 001903D8 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ControlServiceExA + 10E                                       75D3673C 7 Bytes  JMP 00190048 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity + FB                                 75D36DD4 7 Bytes  JMP 00190684 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                    75D36F7C 7 Bytes  JMP 001904BC 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W + BB                                    75D3729C 2 Bytes  JMP 001902F4 

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W + BE                                    75D3729F 4 Bytes  [45, 8A, EB, F9] {INC EBP; MOV CH, BL; STC }

.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] USER32.dll!RecordShutdownReason + 36A                                      76F1B7BE 7 Bytes  JMP 00190930 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ntdll.dll!NtTerminateThread                                                                 77AA5374 5 Bytes  JMP 00BF004C 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!OpenSCManagerA + 125                                                           75CD2EB8 7 Bytes  JMP 00D10768 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!CloseServiceHandle + AA                                                        75CD834F 7 Bytes  JMP 00D10210 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                    75CF9EAF 7 Bytes  JMP 00D105A0 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!CreateServiceW + FF                                                            75CF9FB3 7 Bytes  JMP 00D1012C 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ControlService + C1                                                            75CFA079 7 Bytes  JMP 00D1084C 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                 75D36629 7 Bytes  JMP 00D103D8 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ControlServiceExA + 10E                                                        75D3673C 7 Bytes  JMP 00D10048 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                  75D36DD4 7 Bytes  JMP 00D10684 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                     75D36F7C 7 Bytes  JMP 00D104BC 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                     75D3729C 2 Bytes  JMP 00D102F4 

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                     75D3729F 4 Bytes  [FD, 8A, EB, F9] {STD ; MOV CH, BL; STC }

.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] USER32.dll!RecordShutdownReason + 36A                                                       76F1B7BE 7 Bytes  JMP 00D10930 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ntdll.dll!NtTerminateThread                                          77AA5374 5 Bytes  JMP 0015004C 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] USER32.dll!RecordShutdownReason + 36A                                76F1B7BE 7 Bytes  JMP 003F0AF4 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!OpenSCManagerA + 125                                    75CD2EB8 7 Bytes  JMP 003F0768 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!CloseServiceHandle + AA                                 75CD834F 7 Bytes  JMP 003F0210 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!AreAllAccessesGranted + 3FD                             75CF9EAF 7 Bytes  JMP 003F05A0 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!CreateServiceW + FF                                     75CF9FB3 7 Bytes  JMP 003F012C 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ControlService + C1                                     75CFA079 7 Bytes  JMP 003F084C 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                          75D36629 7 Bytes  JMP 003F03D8 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ControlServiceExA + 10E                                 75D3673C 7 Bytes  JMP 003F0048 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity + FB                           75D36DD4 7 Bytes  JMP 003F0684 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ChangeServiceConfigA + 1A3                              75D36F7C 7 Bytes  JMP 003F04BC 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W + BB                              75D3729C 2 Bytes  JMP 003F02F4 

.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W + BE                              75D3729F 4 Bytes  [6B, 8A, EB, F9]

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ntdll.dll!NtTerminateThread                           77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] USER32.dll!RecordShutdownReason + 36A                 76F1B7BE 7 Bytes  JMP 00170AF4 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!OpenSCManagerA + 125                     75CD2EB8 7 Bytes  JMP 00170768 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!CloseServiceHandle + AA                  75CD834F 7 Bytes  JMP 00170210 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!AreAllAccessesGranted + 3FD              75CF9EAF 7 Bytes  JMP 001705A0 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!CreateServiceW + FF                      75CF9FB3 7 Bytes  JMP 0017012C 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ControlService + C1                      75CFA079 7 Bytes  JMP 0017084C 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F           75D36629 7 Bytes  JMP 001703D8 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ControlServiceExA + 10E                  75D3673C 7 Bytes  JMP 00170048 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity + FB            75D36DD4 7 Bytes  JMP 00170684 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ChangeServiceConfigA + 1A3               75D36F7C 7 Bytes  JMP 001704BC 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W + BB               75D3729C 2 Bytes  JMP 001702F4 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W + BE               75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ntdll.dll!NtTerminateThread                             77AA5374 5 Bytes  JMP 0016004C 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!OpenSCManagerA + 125                       75CD2EB8 7 Bytes  JMP 00180768 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!CloseServiceHandle + AA                    75CD834F 7 Bytes  JMP 00180210 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!AreAllAccessesGranted + 3FD                75CF9EAF 7 Bytes  JMP 001805A0 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!CreateServiceW + FF                        75CF9FB3 7 Bytes  JMP 0018012C 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ControlService + C1                        75CFA079 7 Bytes  JMP 0018084C 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F             75D36629 7 Bytes  JMP 001803D8 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ControlServiceExA + 10E                    75D3673C 7 Bytes  JMP 00180048 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity + FB              75D36DD4 7 Bytes  JMP 00180684 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ChangeServiceConfigA + 1A3                 75D36F7C 7 Bytes  JMP 001804BC 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W + BB                 75D3729C 2 Bytes  JMP 001802F4 

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W + BE                 75D3729F 4 Bytes  [44, 8A, EB, F9] {INC ESP; MOV CH, BL; STC }

.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] USER32.dll!RecordShutdownReason + 36A                   76F1B7BE 7 Bytes  JMP 00180AF4 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ntdll.dll!NtTerminateThread                                                                           77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!OpenSCManagerA + 125                                                                     75CD2EB8 7 Bytes  JMP 00170768 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!CloseServiceHandle + AA                                                                  75CD834F 7 Bytes  JMP 00170210 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                              75CF9EAF 7 Bytes  JMP 001705A0 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!CreateServiceW + FF                                                                      75CF9FB3 7 Bytes  JMP 0017012C 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ControlService + C1                                                                      75CFA079 7 Bytes  JMP 0017084C 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                           75D36629 7 Bytes  JMP 001703D8 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ControlServiceExA + 10E                                                                  75D3673C 7 Bytes  JMP 00170048 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                            75D36DD4 7 Bytes  JMP 00170684 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                               75D36F7C 7 Bytes  JMP 001704BC 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                               75D3729C 2 Bytes  JMP 001702F4 

.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                               75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }

.text           C:\Windows\system32\IoctlSvc.exe[3508] USER32.dll!RecordShutdownReason + 36A                                                                 76F1B7BE 7 Bytes  JMP 00170930 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ntdll.dll!NtTerminateThread                                               77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] USER32.dll!RecordShutdownReason + 36A                                     76F1B7BE 7 Bytes  JMP 00160AF4 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!OpenSCManagerA + 125                                         75CD2EB8 7 Bytes  JMP 00160768 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!CloseServiceHandle + AA                                      75CD834F 7 Bytes  JMP 00160210 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                  75CF9EAF 7 Bytes  JMP 001605A0 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!CreateServiceW + FF                                          75CF9FB3 7 Bytes  JMP 0016012C 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ControlService + C1                                          75CFA079 7 Bytes  JMP 0016084C 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                               75D36629 7 Bytes  JMP 001603D8 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ControlServiceExA + 10E                                      75D3673C 7 Bytes  JMP 00160048 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity + FB                                75D36DD4 7 Bytes  JMP 00160684 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                   75D36F7C 7 Bytes  JMP 001604BC 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + BB                                   75D3729C 2 Bytes  JMP 001602F4 

.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + BE                                   75D3729F 4 Bytes  [42, 8A, EB, F9] {INC EDX; MOV CH, BL; STC }

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ntdll.dll!NtTerminateThread                                             77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!OpenSCManagerA + 125                                       75CD2EB8 7 Bytes  JMP 00170768 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!CloseServiceHandle + AA                                    75CD834F 7 Bytes  JMP 00170210 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                75CF9EAF 7 Bytes  JMP 001705A0 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!CreateServiceW + FF                                        75CF9FB3 7 Bytes  JMP 0017012C 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ControlService + C1                                        75CFA079 7 Bytes  JMP 0017084C 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                             75D36629 7 Bytes  JMP 001703D8 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ControlServiceExA + 10E                                    75D3673C 7 Bytes  JMP 00170048 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity + FB                              75D36DD4 7 Bytes  JMP 00170684 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                 75D36F7C 7 Bytes  JMP 001704BC 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W + BB                                 75D3729C 2 Bytes  JMP 001702F4 

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W + BE                                 75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }

.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] USER32.dll!RecordShutdownReason + 36A                                   76F1B7BE 7 Bytes  JMP 00170930 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ntdll.dll!NtTerminateThread                                        77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] USER32.dll!RecordShutdownReason + 36A                              76F1B7BE 7 Bytes  JMP 00070930 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!OpenSCManagerA + 125                                  75CD2EB8 7 Bytes  JMP 00070768 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!CloseServiceHandle + AA                               75CD834F 7 Bytes  JMP 00070210 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!AreAllAccessesGranted + 3FD                           75CF9EAF 7 Bytes  JMP 000705A0 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!CreateServiceW + FF                                   75CF9FB3 7 Bytes  JMP 0007012C 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ControlService + C1                                   75CFA079 7 Bytes  JMP 0007084C 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                        75D36629 7 Bytes  JMP 000703D8 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ControlServiceExA + 10E                               75D3673C 7 Bytes  JMP 00070048 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity + FB                         75D36DD4 7 Bytes  JMP 00070684 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ChangeServiceConfigA + 1A3                            75D36F7C 7 Bytes  JMP 000704BC 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W + BB                            75D3729C 2 Bytes  JMP 000702F4 

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W + BE                            75D3729F 4 Bytes  [33, 8A, EB, F9]

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ntdll.dll!NtTerminateThread                  77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] USER32.dll!RecordShutdownReason + 36A        76F1B7BE 7 Bytes  JMP 00070AF4 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!OpenSCManagerA + 125            75CD2EB8 7 Bytes  JMP 00070768 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!CloseServiceHandle + AA         75CD834F 7 Bytes  JMP 00070210 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!AreAllAccessesGranted + 3FD     75CF9EAF 7 Bytes  JMP 000705A0 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!CreateServiceW + FF             75CF9FB3 7 Bytes  JMP 0007012C 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ControlService + C1             75CFA079 7 Bytes  JMP 0007084C 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F  75D36629 7 Bytes  JMP 000703D8 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ControlServiceExA + 10E         75D3673C 7 Bytes  JMP 00070048 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity + FB   75D36DD4 7 Bytes  JMP 00070684 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ChangeServiceConfigA + 1A3      75D36F7C 7 Bytes  JMP 000704BC 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W + BB      75D3729C 2 Bytes  JMP 000702F4 

.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W + BE      75D3729F 4 Bytes  [33, 8A, EB, F9]

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ntdll.dll!NtTerminateThread                                                                         77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!OpenSCManagerA + 125                                                                   75CD2EB8 7 Bytes  JMP 00170768 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!CloseServiceHandle + AA                                                                75CD834F 7 Bytes  JMP 00170210 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                            75CF9EAF 7 Bytes  JMP 001705A0 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!CreateServiceW + FF                                                                    75CF9FB3 7 Bytes  JMP 0017012C 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ControlService + C1                                                                    75CFA079 7 Bytes  JMP 0017084C 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                         75D36629 7 Bytes  JMP 001703D8 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ControlServiceExA + 10E                                                                75D3673C 7 Bytes  JMP 00170048 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                          75D36DD4 7 Bytes  JMP 00170684 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                             75D36F7C 7 Bytes  JMP 001704BC 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                             75D3729C 2 Bytes  JMP 001702F4 

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                             75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }

.text           C:\Program Files\Bandoo\Bandoo.exe[3944] USER32.dll!RecordShutdownReason + 36A                                                               76F1B7BE 7 Bytes  JMP 00170930 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ntdll.dll!NtTerminateThread                                                               77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] USER32.dll!RecordShutdownReason + 36A                                                     76F1B7BE 7 Bytes  JMP 00070AF4 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!OpenSCManagerA + 125                                                         75CD2EB8 7 Bytes  JMP 00070768 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!CloseServiceHandle + AA                                                      75CD834F 7 Bytes  JMP 00070210 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                  75CF9EAF 7 Bytes  JMP 000705A0 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!CreateServiceW + FF                                                          75CF9FB3 7 Bytes  JMP 0007012C 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ControlService + C1                                                          75CFA079 7 Bytes  JMP 0007084C 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                               75D36629 7 Bytes  JMP 000703D8 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ControlServiceExA + 10E                                                      75D3673C 7 Bytes  JMP 00070048 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                75D36DD4 7 Bytes  JMP 00070684 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                   75D36F7C 7 Bytes  JMP 000704BC 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                   75D3729C 2 Bytes  JMP 000702F4 

.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                   75D3729F 4 Bytes  [33, 8A, EB, F9]

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ntdll.dll!NtTerminateThread                                                                     77AA5374 5 Bytes  JMP 0017004C 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!OpenSCManagerA + 125                                                               75CD2EB8 7 Bytes  JMP 00190768 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!CloseServiceHandle + AA                                                            75CD834F 7 Bytes  JMP 00190210 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                        75CF9EAF 7 Bytes  JMP 001905A0 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!CreateServiceW + FF                                                                75CF9FB3 7 Bytes  JMP 0019012C 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ControlService + C1                                                                75CFA079 7 Bytes  JMP 0019084C 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                     75D36629 7 Bytes  JMP 001903D8 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ControlServiceExA + 10E                                                            75D3673C 7 Bytes  JMP 00190048 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                      75D36DD4 7 Bytes  JMP 00190684 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                         75D36F7C 7 Bytes  JMP 001904BC 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                         75D3729C 2 Bytes  JMP 001902F4 

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                         75D3729F 4 Bytes  [45, 8A, EB, F9] {INC EBP; MOV CH, BL; STC }

.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] USER32.dll!RecordShutdownReason + 36A                                                           76F1B7BE 7 Bytes  JMP 00190930 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ntdll.dll!NtTerminateThread                                         77AA5374 5 Bytes  JMP 0002004C 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] USER32.dll!RecordShutdownReason + 36A                               76F1B7BE 7 Bytes  JMP 00060AF4 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!OpenSCManagerA + 125                                   75CD2EB8 7 Bytes  JMP 00060768 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!CloseServiceHandle + AA                                75CD834F 7 Bytes  JMP 00060210 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!AreAllAccessesGranted + 3FD                            75CF9EAF 7 Bytes  JMP 000605A0 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!CreateServiceW + FF                                    75CF9FB3 7 Bytes  JMP 0006012C 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ControlService + C1                                    75CFA079 7 Bytes  JMP 0006084C 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                         75D36629 7 Bytes  JMP 000603D8 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ControlServiceExA + 10E                                75D3673C 7 Bytes  JMP 00060048 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!SetServiceObjectSecurity + FB                          75D36DD4 7 Bytes  JMP 00060684 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ChangeServiceConfigA + 1A3                             75D36F7C 7 Bytes  JMP 000604BC 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ChangeServiceConfig2W + BB                             75D3729C 2 Bytes  JMP 000602F4 

.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ChangeServiceConfig2W + BE                             75D3729F 4 Bytes  [32, 8A, EB, F9]

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ntdll.dll!NtTerminateThread                                                                  77AA5374 5 Bytes  JMP 0006004C 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] USER32.dll!RecordShutdownReason + 36A                                                        76F1B7BE 7 Bytes  JMP 000C0048 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!OpenSCManagerA + 125                                                            75CD2EB8 7 Bytes  JMP 000C084A 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!CloseServiceHandle + AA                                                         75CD834F 7 Bytes  JMP 000C02F2 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                     75CF9EAF 7 Bytes  JMP 000C0682 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!CreateServiceW + FF                                                             75CF9FB3 7 Bytes  JMP 000C020E 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ControlService + C1                                                             75CFA079 7 Bytes  JMP 000C092E 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                  75D36629 7 Bytes  JMP 000C04BA 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ControlServiceExA + 10E                                                         75D3673C 7 Bytes  JMP 000C012A 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                   75D36DD4 7 Bytes  JMP 000C0766 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                      75D36F7C 7 Bytes  JMP 000C059E 

.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                      75D3729C 7 Bytes  JMP 000C03D6 
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                      avgtdix.sys

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                      SYMTDIV.SYS

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                      avgtdix.sys

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                      SYMTDIV.SYS

AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                    avgtdix.sys

AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                    SYMTDIV.SYS
 

---- Disk sectors - GMER 2.1 ----
 

Disk            \Device\Harddisk0\DR0                                                                                                                        unknown MBR code
 

---- EOF - GMER 2.1 ----

wenn ich mbar ausführe, bekomme ich diese meldung. was soll ich machen?

da bitte auf nein klicken

Code:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org
 

Database version: v2013.06.19.10
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Christian :: ZOMBIE [administrator]
 

20.06.2013 00:30:42

mbar-log-2013-06-20 (00-30-42).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 227002

Time elapsed: 1 hour(s), 31 minute(s), 53 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

es kam keine meldung für einen neustart. soll ich den selbstständig machen?

mir fällt gerade auf, das mein computer langsamer geworden ist, hab aber keine auslastung. es dauert nur ewig, bis die seite lädt oder ich einen ordner öffnen will.
woran liegt das nun?

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hallo cosinus,

hab meinen computer gerade neu gestartet, die meldung von wss4191.tmp erscheint weiterhin genauso, wie das yontoo in meinen programmen.

wenn du zeit hast, können wir weiter machen.bin heut den ganzen nachmittag zuhause.

Das hab ich ja vor, poste die Logs von aswMBR und tdsskiller bitte

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software

Run date: 2013-06-20 15:42:11

-----------------------------

15:42:11.727    OS Version: Windows 6.0.6002 Service Pack 2

15:42:11.727    Number of processors: 2 586 0x170A

15:42:11.727    ComputerName: ZOMBIE  UserName: 

15:42:12.851    Initialize success

15:42:30.073    AVAST engine defs: 13062001

15:42:33.973    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:42:33.973    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3

15:42:34.254    Disk 0 MBR read successfully

15:42:34.254    Disk 0 MBR scan

15:42:34.254    Disk 0 unknown MBR code

15:42:34.301    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048

15:42:34.332    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147501 MB offset 20973568

15:42:34.410    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       143872 MB offset 323055616

15:42:34.503    Disk 0 Partition 4 00     12  Compaq diag NTFS         3630 MB offset 617705472

15:42:34.644    Disk 0 scanning sectors +625139712

15:42:35.143    Disk 0 scanning C:\Windows\system32\drivers

15:43:04.206    Service scanning

15:43:11.304    Service cmd32 C:\Windows\system32\NapiNSPd.exe **INFECTED** Win32:Agent-ARFM [Adw]

15:43:33.487    Modules scanning

15:44:05.919    Disk 0 trace - called modules:

15:44:05.997    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 

15:44:06.013    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874317e8]

15:44:06.029    3 CLASSPNP.SYS[8afa88b3] -> nt!IofCallDriver -> [0x85f5c6c8]

15:44:06.029    5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f2c028]

15:44:06.621    AVAST engine scan C:\Windows

15:44:11.910    AVAST engine scan C:\Windows\system32

15:45:26.415    File: C:\Windows\system32\NapiNSPd.exe  **INFECTED** Win32:Agent-ARFM [Adw]

15:47:55.520    AVAST engine scan C:\Windows\system32\drivers

15:48:13.195    AVAST engine scan C:\Users\Christian

16:08:01.447    AVAST engine scan C:\ProgramData

16:13:25.287    Scan finished successfully

16:16:54.353    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"

16:16:54.369    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"

sorry hab deine nachricht erst später gesehen.

Code:

16:20:19.0324 3664  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:20:19.0902 3664  ============================================================

16:20:19.0902 3664  Current date / time: 2013/06/20 16:20:19.0902

16:20:19.0902 3664  SystemInfo:

16:20:19.0902 3664  

16:20:19.0902 3664  OS Version: 6.0.6002 ServicePack: 2.0

16:20:19.0902 3664  Product type: Workstation

16:20:19.0902 3664  ComputerName: ZOMBIE

16:20:19.0902 3664  UserName: Christian

16:20:19.0902 3664  Windows directory: C:\Windows

16:20:19.0902 3664  System windows directory: C:\Windows

16:20:19.0902 3664  Processor architecture: Intel x86

16:20:19.0902 3664  Number of processors: 2

16:20:19.0902 3664  Page size: 0x1000

16:20:19.0902 3664  Boot type: Normal boot

16:20:19.0902 3664  ============================================================

16:20:20.0869 3664  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:20:20.0900 3664  ============================================================

16:20:20.0900 3664  \Device\Harddisk0\DR0:

16:20:20.0900 3664  MBR partitions:

16:20:20.0900 3664  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800

16:20:20.0900 3664  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000

16:20:20.0900 3664  ============================================================

16:20:20.0962 3664  C: <-> \Device\Harddisk0\DR0\Partition1

16:20:21.0056 3664  D: <-> \Device\Harddisk0\DR0\Partition2

16:20:21.0056 3664  ============================================================

16:20:21.0056 3664  Initialize success

16:20:21.0056 3664  ============================================================

16:20:47.0373 6940  ============================================================

16:20:47.0373 6940  Scan started

16:20:47.0373 6940  Mode: Manual; SigCheck; TDLFS; 

16:20:47.0373 6940  ============================================================

16:20:47.0904 6940  ================ Scan system memory ========================

16:20:47.0904 6940  System memory - ok

16:20:47.0904 6940  ================ Scan services =============================

16:20:48.0044 6940  [ 83A1124BC4D090EC5DE3B11F90AD8AE6 ] A310            C:\Windows\system32\DRIVERS\AVerA310USB.sys

16:20:48.0184 6940  A310 - ok

16:20:48.0216 6940  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

16:20:48.0247 6940  ACPI - ok

16:20:48.0403 6940  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

16:20:48.0434 6940  AdobeARMservice - ok

16:20:48.0496 6940  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:20:48.0512 6940  AdobeFlashPlayerUpdateSvc - ok

16:20:48.0559 6940  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

16:20:48.0590 6940  adp94xx - ok

16:20:48.0621 6940  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

16:20:48.0652 6940  adpahci - ok

16:20:48.0684 6940  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

16:20:48.0699 6940  adpu160m - ok

16:20:48.0762 6940  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

16:20:48.0777 6940  adpu320 - ok

16:20:48.0808 6940  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

16:20:48.0902 6940  AeLookupSvc - ok

16:20:48.0964 6940  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

16:20:49.0058 6940  AFD - ok

16:20:49.0105 6940  [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys

16:20:49.0354 6940  AgereSoftModem - ok

16:20:49.0386 6940  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

16:20:49.0401 6940  agp440 - ok

16:20:49.0464 6940  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

16:20:49.0495 6940  aic78xx - ok

16:20:49.0526 6940  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

16:20:49.0698 6940  ALG - ok

16:20:49.0698 6940  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

16:20:49.0776 6940  aliide - ok

16:20:49.0791 6940  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

16:20:49.0807 6940  amdagp - ok

16:20:49.0822 6940  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

16:20:49.0838 6940  amdide - ok

16:20:49.0900 6940  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

16:20:49.0947 6940  AmdK7 - ok

16:20:49.0978 6940  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

16:20:50.0010 6940  AmdK8 - ok

16:20:50.0150 6940  [ 548CCBD8B48FDF7E2435AD6017920A7F ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys

16:20:50.0166 6940  Apowersoft_AudioDevice - ok

16:20:50.0197 6940  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

16:20:50.0306 6940  Appinfo - ok

16:20:50.0353 6940  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

16:20:50.0368 6940  arc - ok

16:20:50.0446 6940  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

16:20:50.0462 6940  arcsas - ok

16:20:50.0634 6940  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

16:20:50.0680 6940  AsyncMac - ok

16:20:50.0696 6940  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

16:20:50.0712 6940  atapi - ok

16:20:50.0790 6940  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:20:50.0868 6940  AudioEndpointBuilder - ok

16:20:50.0899 6940  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

16:20:50.0914 6940  Audiosrv - ok

16:20:50.0961 6940  [ 0FE7773CD592DAE0CA994BA987F44E85 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6x.sys

16:20:50.0977 6940  Avgfwfd - ok

16:20:51.0117 6940  [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe

16:20:51.0180 6940  avgfws - ok

16:20:51.0367 6940  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe

16:20:51.0663 6940  AVGIDSAgent - ok

16:20:51.0726 6940  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys

16:20:51.0741 6940  AVGIDSDriver - ok

16:20:51.0772 6940  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys

16:20:51.0788 6940  AVGIDSHX - ok

16:20:51.0804 6940  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys

16:20:51.0819 6940  AVGIDSShim - ok

16:20:51.0835 6940  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys

16:20:51.0850 6940  Avgldx86 - ok

16:20:51.0882 6940  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys

16:20:51.0913 6940  Avglogx - ok

16:20:51.0928 6940  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys

16:20:51.0944 6940  Avgmfx86 - ok

16:20:51.0944 6940  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys

16:20:51.0960 6940  Avgrkx86 - ok

16:20:51.0975 6940  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys

16:20:51.0991 6940  Avgtdix - ok

16:20:52.0022 6940  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys

16:20:52.0038 6940  avgtp - ok

16:20:52.0069 6940  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe

16:20:52.0084 6940  avgwd - ok

16:20:52.0116 6940  [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

16:20:52.0178 6940  b57nd60x - ok

16:20:52.0350 6940  [ 6F9DD1FDEF97F205B536B64339733225 ] Bandoo Coordinator C:\Program Files\Bandoo\Bandoo.exe

16:20:52.0412 6940  Bandoo Coordinator - ok

16:20:52.0459 6940  [ 31079B3566FA19BDEDBA50EB4009D8F9 ] BDASwCap        C:\Windows\system32\drivers\AVerA310Cap.sys

16:20:52.0506 6940  BDASwCap - ok

16:20:52.0537 6940  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

16:20:52.0584 6940  Beep - ok

16:20:52.0615 6940  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

16:20:52.0646 6940  BFE - ok

16:20:52.0818 6940  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys

16:20:52.0880 6940  BHDrvx86 - ok

16:20:52.0958 6940  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

16:20:53.0005 6940  BITS - ok

16:20:53.0036 6940  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

16:20:53.0067 6940  blbdrive - ok

16:20:53.0098 6940  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

16:20:53.0130 6940  bowser - ok

16:20:53.0161 6940  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

16:20:53.0192 6940  BrFiltLo - ok

16:20:53.0208 6940  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

16:20:53.0239 6940  BrFiltUp - ok

16:20:53.0270 6940  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

16:20:53.0301 6940  Browser - ok

16:20:53.0332 6940  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

16:20:53.0379 6940  Brserid - ok

16:20:53.0442 6940  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

16:20:53.0488 6940  BrSerWdm - ok

16:20:53.0520 6940  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

16:20:53.0582 6940  BrUsbMdm - ok

16:20:53.0613 6940  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

16:20:53.0660 6940  BrUsbSer - ok

16:20:53.0660 6940  BTCFilterService - ok

16:20:53.0676 6940  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

16:20:53.0754 6940  BTHMODEM - ok

16:20:53.0847 6940  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NAV       C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys

16:20:53.0863 6940  ccSet_NAV - ok

16:20:53.0941 6940  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NST       C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys

16:20:53.0956 6940  ccSet_NST - ok

16:20:53.0988 6940  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

16:20:54.0019 6940  cdfs - ok

16:20:54.0050 6940  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

16:20:54.0081 6940  cdrom - ok

16:20:54.0112 6940  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

16:20:54.0159 6940  CertPropSvc - ok

16:20:54.0175 6940  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

16:20:54.0222 6940  circlass - ok

16:20:54.0253 6940  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

16:20:54.0268 6940  CLFS - ok

16:20:54.0331 6940  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:20:54.0346 6940  clr_optimization_v2.0.50727_32 - ok

16:20:54.0409 6940  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:20:54.0424 6940  clr_optimization_v4.0.30319_32 - ok

16:20:54.0456 6940  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

16:20:54.0502 6940  CmBatt - ok

16:20:54.0549 6940  [ A72A36082F3FEA437483B440940D0EAC ] cmd32           C:\Windows\system32\NapiNSPd.exe

16:20:54.0549 6940  Suspicious file (NoAccess): C:\Windows\system32\NapiNSPd.exe. md5: A72A36082F3FEA437483B440940D0EAC

16:20:54.0549 6940  cmd32 ( LockedFile.Multi.Generic ) - warning

16:20:54.0549 6940  cmd32 - detected LockedFile.Multi.Generic (1)

16:20:54.0565 6940  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

16:20:54.0580 6940  cmdide - ok

16:20:54.0596 6940  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

16:20:54.0612 6940  Compbatt - ok

16:20:54.0627 6940  COMSysApp - ok

16:20:54.0627 6940  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

16:20:54.0643 6940  crcdisk - ok

16:20:54.0674 6940  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

16:20:54.0721 6940  Crusoe - ok

16:20:54.0752 6940  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll

16:20:54.0799 6940  CryptSvc - ok

16:20:54.0846 6940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

16:20:54.0892 6940  DcomLaunch - ok

16:20:54.0970 6940  [ 59D90B6A7FBC4CC712DD7C5868618480 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

16:20:54.0986 6940  DeviceMonitorService - ok

16:20:55.0002 6940  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

16:20:55.0048 6940  DfsC - ok

16:20:55.0111 6940  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

16:20:55.0267 6940  DFSR - ok

16:20:55.0282 6940  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

16:20:55.0329 6940  Dhcp - ok

16:20:55.0345 6940  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

16:20:55.0360 6940  disk - ok

16:20:55.0392 6940  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

16:20:55.0438 6940  Dnscache - ok

16:20:55.0470 6940  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

16:20:55.0501 6940  dot3svc - ok

16:20:55.0532 6940  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

16:20:55.0579 6940  DPS - ok

16:20:55.0610 6940  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

16:20:55.0641 6940  drmkaud - ok

16:20:55.0672 6940  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

16:20:55.0719 6940  DXGKrnl - ok

16:20:55.0750 6940  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

16:20:55.0797 6940  E1G60 - ok

16:20:55.0828 6940  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

16:20:55.0860 6940  EapHost - ok

16:20:55.0891 6940  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

16:20:55.0906 6940  Ecache - ok

16:20:55.0984 6940  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

16:20:56.0000 6940  eeCtrl - ok

16:20:56.0078 6940  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

16:20:56.0109 6940  ehRecvr - ok

16:20:56.0125 6940  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

16:20:56.0172 6940  ehSched - ok

16:20:56.0187 6940  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

16:20:56.0203 6940  ehstart - ok

16:20:56.0234 6940  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

16:20:56.0265 6940  elxstor - ok

16:20:56.0312 6940  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

16:20:56.0359 6940  EMDMgmt - ok

16:20:56.0421 6940  [ 4186146FD69EACC966DC755655B91C9C ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

16:20:56.0452 6940  ePowerSvc - ok

16:20:56.0530 6940  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:20:56.0546 6940  EraserUtilRebootDrv - ok

16:20:56.0577 6940  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

16:20:56.0608 6940  ErrDev - ok

16:20:56.0655 6940  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

16:20:56.0686 6940  EventSystem - ok

16:20:56.0749 6940  [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe

16:20:56.0811 6940  EvtEng ( UnsignedFile.Multi.Generic ) - warning

16:20:56.0811 6940  EvtEng - detected UnsignedFile.Multi.Generic (1)

16:20:56.0858 6940  ew_hwusbdev - ok

16:20:56.0874 6940  ew_usbenumfilter - ok

16:20:56.0920 6940  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

16:20:56.0967 6940  exfat - ok

16:20:57.0014 6940  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

16:20:57.0045 6940  fastfat - ok

16:20:57.0092 6940  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

16:20:57.0170 6940  fdc - ok

16:20:57.0201 6940  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

16:20:57.0232 6940  fdPHost - ok

16:20:57.0248 6940  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

16:20:57.0295 6940  FDResPub - ok

16:20:57.0326 6940  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

16:20:57.0342 6940  FileInfo - ok

16:20:57.0357 6940  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

16:20:57.0404 6940  Filetrace - ok

16:20:57.0420 6940  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

16:20:57.0451 6940  flpydisk - ok

16:20:57.0482 6940  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

16:20:57.0498 6940  FltMgr - ok

16:20:57.0560 6940  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

16:20:57.0622 6940  FontCache - ok

16:20:57.0669 6940  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:20:57.0685 6940  FontCache3.0.0.0 - ok

16:20:57.0716 6940  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

16:20:57.0763 6940  Fs_Rec - ok

16:20:57.0794 6940  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

16:20:57.0810 6940  gagp30kx - ok

16:20:57.0841 6940  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

16:20:57.0903 6940  gpsvc - ok

16:20:57.0919 6940  gupdate - ok

16:20:57.0919 6940  gupdatem - ok

16:20:57.0934 6940  gusvc - ok

16:20:57.0966 6940  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:20:58.0012 6940  HdAudAddService - ok

16:20:58.0059 6940  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

16:20:58.0106 6940  HDAudBus - ok

16:20:58.0153 6940  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

16:20:58.0215 6940  HidBth - ok

16:20:58.0246 6940  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

16:20:58.0262 6940  HidIr - ok

16:20:58.0278 6940  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll

16:20:58.0324 6940  hidserv - ok

16:20:58.0356 6940  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

16:20:58.0371 6940  HidUsb - ok

16:20:58.0418 6940  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

16:20:58.0465 6940  hkmsvc - ok

16:20:58.0512 6940  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

16:20:58.0527 6940  HpCISSs - ok

16:20:58.0558 6940  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS

16:20:58.0605 6940  HSFHWAZL - ok

16:20:58.0636 6940  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS

16:20:58.0714 6940  HSF_DPV - ok

16:20:58.0746 6940  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

16:20:58.0792 6940  HTTP - ok

16:20:58.0808 6940  huawei_cdcacm - ok

16:20:58.0839 6940  huawei_cdcecm - ok

16:20:58.0839 6940  huawei_enumerator - ok

16:20:58.0855 6940  huawei_ext_ctrl - ok

16:20:58.0902 6940  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

16:20:58.0917 6940  i2omp - ok

16:20:58.0964 6940  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

16:20:58.0995 6940  i8042prt - ok

16:20:59.0026 6940  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

16:20:59.0042 6940  iaStor - ok

16:20:59.0104 6940  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

16:20:59.0120 6940  iaStorV - ok

16:20:59.0182 6940  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:20:59.0229 6940  idsvc - ok

16:20:59.0338 6940  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130619.001\IDSvix86.sys

16:20:59.0370 6940  IDSVix86 - ok

16:20:59.0401 6940  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

16:20:59.0416 6940  iirsp - ok

16:20:59.0448 6940  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

16:20:59.0510 6940  IKEEXT - ok

16:20:59.0526 6940  IntcAzAudAddService - ok

16:20:59.0541 6940  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

16:20:59.0557 6940  intelide - ok

16:20:59.0588 6940  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

16:20:59.0635 6940  intelppm - ok

16:20:59.0650 6940  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

16:20:59.0697 6940  IPBusEnum - ok

16:20:59.0728 6940  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:20:59.0760 6940  IpFilterDriver - ok

16:20:59.0791 6940  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

16:20:59.0838 6940  iphlpsvc - ok

16:20:59.0838 6940  IpInIp - ok

16:20:59.0869 6940  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

16:20:59.0916 6940  IPMIDRV - ok

16:20:59.0931 6940  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

16:20:59.0962 6940  IPNAT - ok

16:20:59.0962 6940  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys

16:20:59.0994 6940  irda - ok

16:21:00.0009 6940  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

16:21:00.0040 6940  IRENUM - ok

16:21:00.0056 6940  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll

16:21:00.0118 6940  Irmon - ok

16:21:00.0134 6940  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

16:21:00.0150 6940  isapnp - ok

16:21:00.0181 6940  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

16:21:00.0196 6940  iScsiPrt - ok

16:21:00.0212 6940  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

16:21:00.0228 6940  iteatapi - ok

16:21:00.0243 6940  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

16:21:00.0259 6940  iteraid - ok

16:21:00.0274 6940  k57nd60x - ok

16:21:00.0290 6940  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

16:21:00.0306 6940  kbdclass - ok

16:21:00.0337 6940  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

16:21:00.0368 6940  kbdhid - ok

16:21:00.0399 6940  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

16:21:00.0430 6940  KeyIso - ok

16:21:00.0462 6940  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys

16:21:00.0508 6940  KMWDFILTER - ok

16:21:00.0571 6940  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

16:21:00.0602 6940  KSecDD - ok

16:21:00.0649 6940  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

16:21:00.0696 6940  KtmRm - ok

16:21:00.0727 6940  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys

16:21:00.0758 6940  L1E - ok

16:21:00.0789 6940  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll

16:21:00.0852 6940  LanmanServer - ok

16:21:00.0883 6940  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:21:00.0930 6940  LanmanWorkstation - ok

16:21:00.0976 6940  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

16:21:00.0992 6940  lltdio - ok

16:21:01.0070 6940  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

16:21:01.0101 6940  lltdsvc - ok

16:21:01.0132 6940  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

16:21:01.0179 6940  lmhosts - ok

16:21:01.0195 6940  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

16:21:01.0210 6940  LSI_FC - ok

16:21:01.0242 6940  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

16:21:01.0257 6940  LSI_SAS - ok

16:21:01.0288 6940  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

16:21:01.0304 6940  LSI_SCSI - ok

16:21:01.0320 6940  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

16:21:01.0366 6940  luafv - ok

16:21:01.0382 6940  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

16:21:01.0398 6940  Mcx2Svc - ok

16:21:01.0429 6940  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

16:21:01.0444 6940  megasas - ok

16:21:01.0476 6940  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

16:21:01.0491 6940  MegaSR - ok

16:21:01.0522 6940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

16:21:01.0569 6940  MMCSS - ok

16:21:01.0585 6940  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

16:21:01.0632 6940  Modem - ok

16:21:01.0647 6940  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

16:21:01.0694 6940  monitor - ok

16:21:01.0694 6940  motandroidusb - ok

16:21:01.0710 6940  motccgp - ok

16:21:01.0710 6940  motccgpfl - ok

16:21:01.0725 6940  motmodem - ok

16:21:01.0803 6940  [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

16:21:01.0819 6940  Motorola Device Manager - ok

16:21:01.0834 6940  MotoSwitchService - ok

16:21:01.0834 6940  Motousbnet - ok

16:21:01.0850 6940  motusbdevice - ok

16:21:01.0866 6940  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

16:21:01.0881 6940  mouclass - ok

16:21:01.0897 6940  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

16:21:01.0928 6940  mouhid - ok

16:21:01.0959 6940  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

16:21:01.0975 6940  MountMgr - ok

16:21:01.0990 6940  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

16:21:02.0006 6940  mpio - ok

16:21:02.0037 6940  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

16:21:02.0053 6940  mpsdrv - ok

16:21:02.0115 6940  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll

16:21:02.0162 6940  MpsSvc - ok

16:21:02.0178 6940  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

16:21:02.0224 6940  Mraid35x - ok

16:21:02.0256 6940  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

16:21:02.0287 6940  MRxDAV - ok

16:21:02.0349 6940  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

16:21:02.0380 6940  mrxsmb - ok

16:21:02.0396 6940  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:21:02.0427 6940  mrxsmb10 - ok

16:21:02.0443 6940  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:21:02.0490 6940  mrxsmb20 - ok

16:21:02.0521 6940  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys

16:21:02.0536 6940  msahci - ok

16:21:02.0552 6940  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

16:21:02.0568 6940  msdsm - ok

16:21:02.0599 6940  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

16:21:02.0630 6940  MSDTC - ok

16:21:02.0646 6940  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

16:21:02.0677 6940  Msfs - ok

16:21:02.0708 6940  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

16:21:02.0724 6940  msisadrv - ok

16:21:02.0770 6940  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

16:21:02.0817 6940  MSiSCSI - ok

16:21:02.0817 6940  msiserver - ok

16:21:02.0833 6940  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

16:21:02.0880 6940  MSKSSRV - ok

16:21:02.0895 6940  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

16:21:02.0926 6940  MSPCLOCK - ok

16:21:02.0942 6940  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

16:21:02.0973 6940  MSPQM - ok

16:21:03.0004 6940  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

16:21:03.0020 6940  MsRPC - ok

16:21:03.0051 6940  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

16:21:03.0067 6940  mssmbios - ok

16:21:03.0082 6940  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

16:21:03.0098 6940  MSTEE - ok

16:21:03.0129 6940  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

16:21:03.0145 6940  Mup - ok

16:21:03.0176 6940  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

16:21:03.0223 6940  napagent - ok

16:21:03.0238 6940  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

16:21:03.0285 6940  NativeWifiP - ok

16:21:03.0472 6940  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NAV             C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

16:21:03.0488 6940  NAV - ok

16:21:03.0566 6940  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.016\NAVENG.SYS

16:21:03.0582 6940  NAVENG - ok

16:21:03.0644 6940  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.016\NAVEX15.SYS

16:21:03.0691 6940  NAVEX15 - ok

16:21:03.0847 6940  [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

16:21:03.0878 6940  NBService - ok

16:21:04.0034 6940  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NCO             C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

16:21:04.0050 6940  NCO - ok

16:21:04.0090 6940  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

16:21:04.0120 6940  NDIS - ok

16:21:04.0170 6940  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

16:21:04.0200 6940  NdisTapi - ok

16:21:04.0220 6940  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

16:21:04.0250 6940  Ndisuio - ok

16:21:04.0270 6940  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

16:21:04.0300 6940  NdisWan - ok

16:21:04.0320 6940  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

16:21:04.0340 6940  NDProxy - ok

16:21:04.0360 6940  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

16:21:04.0390 6940  NetBIOS - ok

16:21:04.0420 6940  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

16:21:04.0460 6940  netbt - ok

16:21:04.0470 6940  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

16:21:04.0490 6940  Netlogon - ok

16:21:04.0550 6940  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

16:21:04.0610 6940  Netman - ok

16:21:04.0630 6940  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

16:21:04.0680 6940  netprofm - ok

16:21:04.0710 6940  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:21:04.0730 6940  NetTcpPortSharing - ok

16:21:04.0840 6940  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys

16:21:05.0050 6940  NETw5v32 - ok

16:21:05.0100 6940  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

16:21:05.0120 6940  nfrd960 - ok

16:21:05.0170 6940  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

16:21:05.0210 6940  NlaSvc - ok

16:21:05.0270 6940  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

16:21:05.0280 6940  NMIndexingService - ok

16:21:05.0310 6940  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

16:21:05.0360 6940  Npfs - ok

16:21:05.0380 6940  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys

16:21:05.0430 6940  NSCIRDA - ok

16:21:05.0460 6940  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

16:21:05.0510 6940  nsi - ok

16:21:05.0540 6940  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

16:21:05.0580 6940  nsiproxy - ok

16:21:05.0640 6940  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

16:21:05.0710 6940  Ntfs - ok

16:21:05.0830 6940  [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

16:21:05.0850 6940  NTI IScheduleSvc - ok

16:21:05.0870 6940  [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr         C:\Windows\system32\Drivers\NTIDrvr.sys

16:21:05.0890 6940  NTIDrvr - ok

16:21:05.0920 6940  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

16:21:05.0970 6940  ntrigdigi - ok

16:21:06.0000 6940  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

16:21:06.0040 6940  Null - ok

16:21:06.0070 6940  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys

16:21:06.0090 6940  NVHDA - ok

16:21:06.0370 6940  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:21:06.0870 6940  nvlddmkm - ok

16:21:06.0910 6940  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

16:21:06.0930 6940  nvraid - ok

16:21:06.0950 6940  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

16:21:06.0960 6940  nvstor - ok

16:21:07.0020 6940  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe

16:21:07.0050 6940  nvsvc - ok

16:21:07.0270 6940  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

16:21:07.0310 6940  nvUpdatusService - ok

16:21:07.0360 6940  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

16:21:07.0390 6940  nv_agp - ok

16:21:07.0410 6940  NwlnkFlt - ok

16:21:07.0430 6940  NwlnkFwd - ok

16:21:07.0510 6940  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:21:07.0540 6940  odserv - ok

16:21:07.0570 6940  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

16:21:07.0600 6940  ohci1394 - ok

16:21:07.0630 6940  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:21:07.0650 6940  ose - ok

16:21:07.0690 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

16:21:07.0730 6940  p2pimsvc - ok

16:21:07.0760 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

16:21:07.0790 6940  p2psvc - ok

16:21:07.0850 6940  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

16:21:07.0890 6940  Parport - ok

16:21:07.0930 6940  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

16:21:07.0950 6940  partmgr - ok

16:21:07.0990 6940  [ 3C6E7D73B0E9BC21D5E4B531AB7EC091 ] Partner Service C:\ProgramData\Partner\partner.exe

16:21:08.0000 6940  Partner Service - ok

16:21:08.0010 6940  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

16:21:08.0070 6940  Parvdm - ok

16:21:08.0110 6940  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

16:21:08.0150 6940  PcaSvc - ok

16:21:08.0190 6940  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

16:21:08.0210 6940  pci - ok

16:21:08.0230 6940  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys

16:21:08.0250 6940  pciide - ok

16:21:08.0260 6940  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

16:21:08.0280 6940  pcmcia - ok

16:21:08.0320 6940  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

16:21:08.0400 6940  PEAUTH - ok

16:21:08.0490 6940  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

16:21:08.0580 6940  pla - ok

16:21:08.0620 6940  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe

16:21:08.0640 6940  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning

16:21:08.0640 6940  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)

16:21:08.0670 6940  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

16:21:08.0700 6940  PlugPlay - ok

16:21:08.0730 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

16:21:08.0760 6940  PNRPAutoReg - ok

16:21:08.0820 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

16:21:08.0850 6940  PNRPsvc - ok

16:21:08.0920 6940  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

16:21:08.0960 6940  PolicyAgent - ok

16:21:08.0990 6940  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

16:21:09.0030 6940  PptpMiniport - ok

16:21:09.0060 6940  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

16:21:09.0090 6940  Processor - ok

16:21:09.0120 6940  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

16:21:09.0150 6940  ProfSvc - ok

16:21:09.0160 6940  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

16:21:09.0180 6940  ProtectedStorage - ok

16:21:09.0200 6940  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

16:21:09.0230 6940  PSched - ok

16:21:09.0300 6940  [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service     C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

16:21:09.0310 6940  PST Service ( UnsignedFile.Multi.Generic ) - warning

16:21:09.0310 6940  PST Service - detected UnsignedFile.Multi.Generic (1)

16:21:09.0370 6940  [ E792A7ED13DA7E738294E942C4824860 ] qciusbnet       C:\Windows\system32\DRIVERS\qciusbnet.sys

16:21:09.0390 6940  qciusbnet ( UnsignedFile.Multi.Generic ) - warning

16:21:09.0390 6940  qciusbnet - detected UnsignedFile.Multi.Generic (1)

16:21:09.0420 6940  [ B8CC38880755C7D157ACD9D7742B8A96 ] qciusbser       C:\Windows\system32\DRIVERS\qciusbser.sys

16:21:09.0430 6940  qciusbser ( UnsignedFile.Multi.Generic ) - warning

16:21:09.0430 6940  qciusbser - detected UnsignedFile.Multi.Generic (1)

16:21:09.0480 6940  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

16:21:09.0560 6940  ql2300 - ok

16:21:09.0670 6940  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

16:21:09.0680 6940  ql40xx - ok

16:21:09.0720 6940  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

16:21:09.0740 6940  QWAVE - ok

16:21:09.0750 6940  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

16:21:09.0770 6940  QWAVEdrv - ok

16:21:09.0810 6940  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

16:21:09.0860 6940  RasAcd - ok

16:21:09.0890 6940  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

16:21:09.0940 6940  RasAuto - ok

16:21:09.0970 6940  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

16:21:10.0000 6940  Rasl2tp - ok

16:21:10.0030 6940  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

16:21:10.0070 6940  RasMan - ok

16:21:10.0090 6940  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

16:21:10.0120 6940  RasPppoe - ok

16:21:10.0130 6940  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

16:21:10.0150 6940  RasSstp - ok

16:21:10.0170 6940  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

16:21:10.0200 6940  rdbss - ok

16:21:10.0210 6940  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

16:21:10.0240 6940  RDPCDD - ok

16:21:10.0310 6940  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

16:21:10.0360 6940  rdpdr - ok

16:21:10.0390 6940  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

16:21:10.0430 6940  RDPENCDD - ok

16:21:10.0480 6940  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

16:21:10.0540 6940  RDPWD - ok

16:21:10.0610 6940  [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

16:21:10.0660 6940  RegSrvc ( UnsignedFile.Multi.Generic ) - warning

16:21:10.0660 6940  RegSrvc - detected UnsignedFile.Multi.Generic (1)

16:21:10.0700 6940  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

16:21:10.0730 6940  RemoteAccess - ok

16:21:10.0820 6940  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

16:21:10.0840 6940  RemoteRegistry - ok

16:21:10.0860 6940  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

16:21:10.0890 6940  RpcLocator - ok

16:21:10.0920 6940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

16:21:10.0950 6940  RpcSs - ok

16:21:10.0970 6940  rrinttaller - ok

16:21:11.0000 6940  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

16:21:11.0050 6940  rspndr - ok

16:21:11.0070 6940  [ 9B09F336DE36A7A6CA871DE8A7847B65 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS

16:21:11.0100 6940  RTSTOR - ok

16:21:11.0120 6940  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

16:21:11.0140 6940  SamSs - ok

16:21:11.0170 6940  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

16:21:11.0180 6940  sbp2port - ok

16:21:11.0230 6940  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

16:21:11.0260 6940  SCardSvr - ok

16:21:11.0380 6940  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

16:21:11.0480 6940  Schedule - ok

16:21:11.0550 6940  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

16:21:11.0570 6940  SCPolicySvc - ok

16:21:11.0610 6940  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys

16:21:11.0640 6940  sdbus - ok

16:21:11.0670 6940  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

16:21:11.0730 6940  SDRSVC - ok

16:21:11.0740 6940  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

16:21:11.0810 6940  secdrv - ok

16:21:11.0830 6940  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

16:21:11.0860 6940  seclogon - ok

16:21:11.0880 6940  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

16:21:11.0910 6940  SENS - ok

16:21:11.0940 6940  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys

16:21:12.0000 6940  Serenum - ok

16:21:12.0020 6940  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys

16:21:12.0070 6940  Serial - ok

16:21:12.0370 6940  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

16:21:12.0400 6940  sermouse - ok

16:21:12.0490 6940  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

16:21:12.0520 6940  SessionEnv - ok

16:21:12.0550 6940  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

16:21:12.0570 6940  sffdisk - ok

16:21:12.0610 6940  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

16:21:12.0640 6940  sffp_mmc - ok

16:21:12.0680 6940  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

16:21:12.0700 6940  sffp_sd - ok

16:21:12.0730 6940  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

16:21:12.0790 6940  sfloppy - ok

16:21:12.0830 6940  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

16:21:12.0880 6940  SharedAccess - ok

16:21:12.0910 6940  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:21:12.0970 6940  ShellHWDetection - ok

16:21:12.0990 6940  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

16:21:13.0010 6940  sisagp - ok

16:21:13.0040 6940  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

16:21:13.0050 6940  SiSRaid2 - ok

16:21:13.0080 6940  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

16:21:13.0100 6940  SiSRaid4 - ok

16:21:13.0140 6940  [ AAF57ECD14A1DBD1B023AB26E634DD80 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

16:21:13.0150 6940  SkypeUpdate - ok

16:21:13.0260 6940  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

16:21:13.0520 6940  slsvc - ok

16:21:13.0560 6940  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

16:21:13.0590 6940  SLUINotify - ok

16:21:13.0600 6940  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

16:21:13.0630 6940  Smb - ok

16:21:13.0680 6940  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

16:21:13.0720 6940  SNMPTRAP - ok

16:21:13.0740 6940  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

16:21:13.0760 6940  spldr - ok

16:21:13.0790 6940  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

16:21:13.0830 6940  Spooler - ok

16:21:14.0060 6940  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS

16:21:14.0210 6940  SRTSP - ok

16:21:14.0290 6940  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS

16:21:14.0300 6940  SRTSPX - ok

16:21:14.0390 6940  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

16:21:14.0450 6940  srv - ok

16:21:14.0480 6940  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

16:21:14.0510 6940  srv2 - ok

16:21:14.0550 6940  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

16:21:14.0590 6940  srvnet - ok

16:21:14.0620 6940  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

16:21:14.0650 6940  SSDPSRV - ok

16:21:14.0680 6940  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

16:21:14.0700 6940  SstpSvc - ok

16:21:14.0740 6940  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

16:21:14.0760 6940  stisvc - ok

16:21:14.0790 6940  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

16:21:14.0810 6940  swenum - ok

16:21:14.0860 6940  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

16:21:14.0890 6940  swprv - ok

16:21:14.0920 6940  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

16:21:14.0930 6940  Symc8xx - ok

16:21:14.0980 6940  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\Windows\system32\drivers\NAV\1404000.028\SYMDS.SYS

16:21:15.0000 6940  SymDS - ok

16:21:15.0060 6940  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\NAV\1404000.028\SYMEFA.SYS

16:21:15.0110 6940  SymEFA - ok

16:21:15.0160 6940  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS

16:21:15.0170 6940  SymEvent - ok

16:21:15.0180 6940  SYMFW - ok

16:21:15.0210 6940  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS

16:21:15.0230 6940  SymIRON - ok

16:21:15.0240 6940  SYMNDISV - ok

16:21:15.0270 6940  [ C834343C3A23DC9BC3AA752F0CAFD04B ] SYMTDIv         C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS

16:21:15.0290 6940  SYMTDIv - ok

16:21:15.0330 6940  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

16:21:15.0340 6940  Sym_hi - ok

16:21:15.0360 6940  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

16:21:15.0380 6940  Sym_u3 - ok

16:21:15.0420 6940  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

16:21:15.0470 6940  SysMain - ok

16:21:15.0520 6940  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:21:15.0540 6940  TabletInputService - ok

16:21:15.0590 6940  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

16:21:15.0620 6940  TapiSrv - ok

16:21:15.0650 6940  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

16:21:15.0680 6940  TBS - ok

16:21:15.0740 6940  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

16:21:15.0790 6940  Tcpip - ok

16:21:15.0840 6940  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

16:21:15.0880 6940  Tcpip6 - ok

16:21:15.0910 6940  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

16:21:15.0950 6940  tcpipreg - ok

16:21:15.0980 6940  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

16:21:16.0020 6940  TDPIPE - ok

16:21:16.0050 6940  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

16:21:16.0080 6940  TDTCP - ok

16:21:16.0110 6940  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

16:21:16.0150 6940  tdx - ok

16:21:16.0180 6940  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

16:21:16.0190 6940  TermDD - ok

16:21:16.0220 6940  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

16:21:16.0250 6940  TermService - ok

16:21:16.0280 6940  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

16:21:16.0300 6940  Themes - ok

16:21:16.0320 6940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

16:21:16.0350 6940  THREADORDER - ok

16:21:16.0380 6940  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

16:21:16.0430 6940  TrkWks - ok

16:21:16.0480 6940  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:21:16.0510 6940  TrustedInstaller - ok

16:21:16.0560 6940  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

16:21:16.0600 6940  tssecsrv - ok

16:21:16.0680 6940  [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

16:21:16.0770 6940  TuneUp.UtilitiesSvc - ok

16:21:16.0820 6940  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

16:21:16.0840 6940  TuneUpUtilitiesDrv - ok

16:21:16.0850 6940  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

16:21:16.0880 6940  tunmp - ok

16:21:16.0920 6940  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

16:21:16.0930 6940  tunnel - ok

16:21:16.0960 6940  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

16:21:16.0980 6940  uagp35 - ok

16:21:17.0010 6940  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

16:21:17.0030 6940  udfs - ok

16:21:17.0080 6940  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

16:21:17.0120 6940  UI0Detect - ok

16:21:17.0140 6940  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

16:21:17.0150 6940  uliagpkx - ok

16:21:17.0170 6940  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

16:21:17.0190 6940  uliahci - ok

16:21:17.0210 6940  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

16:21:17.0230 6940  UlSata - ok

16:21:17.0250 6940  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

16:21:17.0270 6940  ulsata2 - ok

16:21:17.0300 6940  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

16:21:17.0340 6940  umbus - ok

16:21:17.0400 6940  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

16:21:17.0440 6940  upnphost - ok

16:21:17.0480 6940  USBAAPL - ok

16:21:17.0500 6940  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

16:21:17.0570 6940  usbccgp - ok

16:21:17.0590 6940  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

16:21:17.0640 6940  usbcir - ok

16:21:17.0670 6940  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

16:21:17.0710 6940  usbehci - ok

16:21:17.0740 6940  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

16:21:17.0760 6940  usbhub - ok

16:21:17.0790 6940  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys

16:21:17.0840 6940  usbohci - ok

16:21:17.0890 6940  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

16:21:17.0950 6940  usbprint - ok

16:21:17.0990 6940  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

16:21:18.0010 6940  usbscan - ok

16:21:18.0040 6940  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:21:18.0080 6940  USBSTOR - ok

16:21:18.0110 6940  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

16:21:18.0160 6940  usbuhci - ok

16:21:18.0200 6940  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

16:21:18.0240 6940  usbvideo - ok

16:21:18.0270 6940  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

16:21:18.0300 6940  UxSms - ok

16:21:18.0350 6940  [ 6275822AC454A8A831D063841A4DBB5D ] UxTuneUp        C:\Windows\System32\uxtuneup.dll

16:21:18.0370 6940  UxTuneUp - ok

16:21:18.0390 6940  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

16:21:18.0430 6940  vds - ok

16:21:18.0460 6940  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

16:21:18.0500 6940  vga - ok

16:21:18.0530 6940  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

16:21:18.0570 6940  VgaSave - ok

16:21:18.0590 6940  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

16:21:18.0610 6940  viaagp - ok

16:21:18.0640 6940  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

16:21:18.0670 6940  ViaC7 - ok

16:21:18.0700 6940  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

16:21:18.0710 6940  viaide - ok

16:21:18.0730 6940  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

16:21:18.0750 6940  volmgr - ok

16:21:18.0790 6940  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

16:21:18.0810 6940  volmgrx - ok

16:21:18.0850 6940  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys

16:21:18.0870 6940  volsnap - ok

16:21:18.0900 6940  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

16:21:18.0920 6940  vsmraid - ok

16:21:18.0970 6940  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

16:21:19.0030 6940  VSS - ok

16:21:19.0160 6940  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

16:21:19.0220 6940  vToolbarUpdater15.2.0 - ok

16:21:19.0280 6940  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

16:21:19.0310 6940  W32Time - ok

16:21:19.0360 6940  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

16:21:19.0420 6940  WacomPen - ok

16:21:19.0440 6940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

16:21:19.0490 6940  Wanarp - ok

16:21:19.0530 6940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

16:21:19.0560 6940  Wanarpv6 - ok

16:21:19.0640 6940  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

16:21:19.0690 6940  wcncsvc - ok

16:21:19.0740 6940  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:21:19.0760 6940  WcsPlugInService - ok

16:21:19.0800 6940  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

16:21:19.0820 6940  Wd - ok

16:21:19.0870 6940  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys

16:21:19.0890 6940  WDC_SAM - ok

16:21:19.0930 6940  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

16:21:19.0960 6940  Wdf01000 - ok

16:21:20.0000 6940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

16:21:20.0040 6940  WdiServiceHost - ok

16:21:20.0050 6940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

16:21:20.0080 6940  WdiSystemHost - ok

16:21:20.0220 6940  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

16:21:20.0260 6940  WebClient - ok

16:21:20.0300 6940  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

16:21:20.0330 6940  Wecsvc - ok

16:21:20.0360 6940  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

16:21:20.0390 6940  wercplsupport - ok

16:21:20.0430 6940  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

16:21:20.0460 6940  WerSvc - ok

16:21:20.0500 6940  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

16:21:20.0560 6940  winachsf - ok

16:21:20.0610 6940  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys

16:21:20.0640 6940  winbondcir - ok

16:21:20.0720 6940  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

16:21:20.0750 6940  WinDefend - ok

16:21:20.0760 6940  WinHttpAutoProxySvc - ok

16:21:20.0830 6940  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

16:21:20.0860 6940  Winmgmt - ok

16:21:20.0910 6940  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

16:21:20.0970 6940  WinRM - ok

16:21:21.0060 6940  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

16:21:21.0140 6940  Wlansvc - ok

16:21:21.0170 6940  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

16:21:21.0200 6940  WmiAcpi - ok

16:21:21.0240 6940  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

16:21:21.0290 6940  wmiApSrv - ok

16:21:21.0440 6940  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

16:21:21.0500 6940  WMPNetworkSvc - ok

16:21:21.0570 6940  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

16:21:21.0620 6940  WPCSvc - ok

16:21:21.0660 6940  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

16:21:21.0710 6940  WPDBusEnum - ok

16:21:21.0750 6940  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys

16:21:21.0760 6940  WpdUsb - ok

16:21:21.0930 6940  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:21:21.0980 6940  WPFFontCache_v0400 - ok

16:21:22.0030 6940  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

16:21:22.0070 6940  ws2ifsl - ok

16:21:22.0100 6940  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll

16:21:22.0140 6940  wscsvc - ok

16:21:22.0150 6940  WSearch - ok

16:21:22.0250 6940  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

16:21:22.0370 6940  wuauserv - ok

16:21:22.0470 6940  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

16:21:22.0550 6940  WudfPf - ok

16:21:22.0580 6940  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

16:21:22.0620 6940  WUDFRd - ok

16:21:22.0650 6940  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

16:21:22.0670 6940  wudfsvc - ok

16:21:22.0700 6940  ================ Scan global ===============================

16:21:22.0740 6940  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

16:21:22.0780 6940  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

16:21:22.0800 6940  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

16:21:22.0840 6940  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

16:21:22.0840 6940  [Global] - ok

16:21:22.0840 6940  ================ Scan MBR ==================================

16:21:22.0940 6940  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0

16:21:24.0070 6940  \Device\Harddisk0\DR0 - ok

16:21:24.0070 6940  ================ Scan VBR ==================================

16:21:24.0080 6940  [ CD5783D61A1439AC2A83E92986F0ACE7 ] \Device\Harddisk0\DR0\Partition1

16:21:24.0080 6940  \Device\Harddisk0\DR0\Partition1 - ok

16:21:24.0120 6940  [ F689CDF0D867CD316C5D3531BD990EAC ] \Device\Harddisk0\DR0\Partition2

16:21:24.0120 6940  \Device\Harddisk0\DR0\Partition2 - ok

16:21:24.0120 6940  ============================================================

16:21:24.0120 6940  Scan finished

16:21:24.0120 6940  ============================================================

16:21:24.0130 7220  Detected object count: 7

16:21:24.0130 7220  Actual detected object count: 7

16:22:55.0578 7220  cmd32 ( LockedFile.Multi.Generic ) - skipped by user

16:22:55.0578 7220  cmd32 ( LockedFile.Multi.Generic ) - User select action: Skip 

16:22:55.0578 7220  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

16:22:55.0578 7220  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:22:55.0593 7220  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user

16:22:55.0593 7220  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:22:55.0593 7220  PST Service ( UnsignedFile.Multi.Generic ) - skipped by user

16:22:55.0593 7220  PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:22:55.0593 7220  qciusbnet ( UnsignedFile.Multi.Generic ) - skipped by user

16:22:55.0593 7220  qciusbnet ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:22:55.0593 7220  qciusbser ( UnsignedFile.Multi.Generic ) - skipped by user

16:22:55.0593 7220  qciusbser ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:22:55.0593 7220  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

16:22:55.0593 7220  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Code:

C:\Windows\system32\NapiNSPd.exe

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

sobald ich den scan starte, wird die seite weiß und nichts passiert.

Zitat:

cmd32 ( LockedFile.Multi.Generic ) - skipped by user

Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

als ich den computer neu gestartet habe, bekam ich die meldung, ob ich cmd.exe ausführen will. ich habe mit nein bestätigt und dann den scan gemacht

Code:

19:17:43.0308 4696  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:17:44.0291 4696  ============================================================

19:17:44.0291 4696  Current date / time: 2013/06/20 19:17:44.0291

19:17:44.0291 4696  SystemInfo:

19:17:44.0291 4696  

19:17:44.0291 4696  OS Version: 6.0.6002 ServicePack: 2.0

19:17:44.0291 4696  Product type: Workstation

19:17:44.0291 4696  ComputerName: ZOMBIE

19:17:44.0291 4696  UserName: Christian

19:17:44.0291 4696  Windows directory: C:\Windows

19:17:44.0291 4696  System windows directory: C:\Windows

19:17:44.0291 4696  Processor architecture: Intel x86

19:17:44.0291 4696  Number of processors: 2

19:17:44.0291 4696  Page size: 0x1000

19:17:44.0291 4696  Boot type: Normal boot

19:17:44.0291 4696  ============================================================

19:17:45.0398 4696  BG loaded

19:17:45.0913 4696  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

19:17:45.0960 4696  ============================================================

19:17:45.0960 4696  \Device\Harddisk0\DR0:

19:17:45.0976 4696  MBR partitions:

19:17:45.0976 4696  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800

19:17:45.0976 4696  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000

19:17:45.0976 4696  ============================================================

19:17:46.0038 4696  C: <-> \Device\Harddisk0\DR0\Partition1

19:17:46.0288 4696  D: <-> \Device\Harddisk0\DR0\Partition2

19:17:46.0288 4696  ============================================================

19:17:46.0288 4696  Initialize success

19:17:46.0288 4696  ============================================================

19:17:55.0554 5896  ============================================================

19:17:55.0554 5896  Scan started

19:17:55.0554 5896  Mode: Manual; SigCheck; TDLFS; 

19:17:55.0554 5896  ============================================================

19:17:56.0974 5896  ================ Scan system memory ========================

19:17:56.0974 5896  System memory - ok

19:17:56.0974 5896  ================ Scan services =============================

19:17:57.0098 5896  [ 83A1124BC4D090EC5DE3B11F90AD8AE6 ] A310            C:\Windows\system32\DRIVERS\AVerA310USB.sys

19:17:57.0286 5896  A310 - ok

19:17:57.0317 5896  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

19:17:57.0332 5896  ACPI - ok

19:17:57.0410 5896  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

19:17:57.0442 5896  AdobeARMservice - ok

19:17:57.0488 5896  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

19:17:57.0504 5896  AdobeFlashPlayerUpdateSvc - ok

19:17:57.0535 5896  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

19:17:57.0566 5896  adp94xx - ok

19:17:57.0582 5896  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

19:17:57.0613 5896  adpahci - ok

19:17:57.0629 5896  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

19:17:57.0644 5896  adpu160m - ok

19:17:57.0676 5896  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

19:17:57.0691 5896  adpu320 - ok

19:17:57.0707 5896  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

19:17:57.0847 5896  AeLookupSvc - ok

19:17:57.0894 5896  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

19:17:57.0925 5896  AFD - ok

19:17:57.0972 5896  [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys

19:17:58.0144 5896  AgereSoftModem - ok

19:17:58.0175 5896  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

19:17:58.0190 5896  agp440 - ok

19:17:58.0222 5896  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

19:17:58.0237 5896  aic78xx - ok

19:17:58.0253 5896  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

19:17:58.0331 5896  ALG - ok

19:17:58.0346 5896  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

19:17:58.0362 5896  aliide - ok

19:17:58.0378 5896  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

19:17:58.0393 5896  amdagp - ok

19:17:58.0409 5896  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

19:17:58.0424 5896  amdide - ok

19:17:58.0456 5896  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

19:17:58.0518 5896  AmdK7 - ok

19:17:58.0534 5896  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

19:17:58.0580 5896  AmdK8 - ok

19:17:58.0643 5896  [ 548CCBD8B48FDF7E2435AD6017920A7F ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys

19:17:58.0658 5896  Apowersoft_AudioDevice - ok

19:17:58.0690 5896  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

19:17:58.0752 5896  Appinfo - ok

19:17:58.0783 5896  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

19:17:58.0799 5896  arc - ok

19:17:58.0830 5896  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

19:17:58.0846 5896  arcsas - ok

19:17:58.0877 5896  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

19:17:58.0924 5896  AsyncMac - ok

19:17:58.0955 5896  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

19:17:58.0970 5896  atapi - ok

19:17:59.0002 5896  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:17:59.0048 5896  AudioEndpointBuilder - ok

19:17:59.0048 5896  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

19:17:59.0080 5896  Audiosrv - ok

19:17:59.0111 5896  [ 0FE7773CD592DAE0CA994BA987F44E85 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6x.sys

19:17:59.0126 5896  Avgfwfd - ok

19:17:59.0204 5896  [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe

19:17:59.0282 5896  avgfws - ok

19:17:59.0470 5896  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe

19:17:59.0782 5896  AVGIDSAgent - ok

19:17:59.0797 5896  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys

19:17:59.0828 5896  AVGIDSDriver - ok

19:17:59.0844 5896  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys

19:17:59.0860 5896  AVGIDSHX - ok

19:17:59.0875 5896  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys

19:17:59.0891 5896  AVGIDSShim - ok

19:17:59.0922 5896  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys

19:17:59.0938 5896  Avgldx86 - ok

19:17:59.0969 5896  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys

19:17:59.0984 5896  Avglogx - ok

19:18:00.0000 5896  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys

19:18:00.0016 5896  Avgmfx86 - ok

19:18:00.0031 5896  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys

19:18:00.0047 5896  Avgrkx86 - ok

19:18:00.0062 5896  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys

19:18:00.0078 5896  Avgtdix - ok

19:18:00.0109 5896  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys

19:18:00.0125 5896  avgtp - ok

19:18:00.0140 5896  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe

19:18:00.0156 5896  avgwd - ok

19:18:00.0203 5896  [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

19:18:00.0265 5896  b57nd60x - ok

19:18:00.0374 5896  [ 6F9DD1FDEF97F205B536B64339733225 ] Bandoo Coordinator C:\Program Files\Bandoo\Bandoo.exe

19:18:00.0530 5896  Bandoo Coordinator - ok

19:18:00.0546 5896  [ 31079B3566FA19BDEDBA50EB4009D8F9 ] BDASwCap        C:\Windows\system32\drivers\AVerA310Cap.sys

19:18:00.0593 5896  BDASwCap - ok

19:18:00.0640 5896  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

19:18:00.0671 5896  Beep - ok

19:18:00.0702 5896  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

19:18:00.0749 5896  BFE - ok

19:18:00.0920 5896  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys

19:18:00.0983 5896  BHDrvx86 - ok

19:18:01.0061 5896  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

19:18:01.0123 5896  BITS - ok

19:18:01.0170 5896  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

19:18:01.0201 5896  blbdrive - ok

19:18:01.0248 5896  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

19:18:01.0279 5896  bowser - ok

19:18:01.0310 5896  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

19:18:01.0357 5896  BrFiltLo - ok

19:18:01.0373 5896  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

19:18:01.0404 5896  BrFiltUp - ok

19:18:01.0435 5896  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

19:18:01.0482 5896  Browser - ok

19:18:01.0498 5896  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

19:18:01.0560 5896  Brserid - ok

19:18:01.0576 5896  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

19:18:01.0638 5896  BrSerWdm - ok

19:18:01.0654 5896  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

19:18:01.0732 5896  BrUsbMdm - ok

19:18:01.0747 5896  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

19:18:01.0794 5896  BrUsbSer - ok

19:18:01.0794 5896  BTCFilterService - ok

19:18:01.0810 5896  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

19:18:01.0888 5896  BTHMODEM - ok

19:18:01.0981 5896  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NAV       C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys

19:18:01.0997 5896  ccSet_NAV - ok

19:18:02.0075 5896  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NST       C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys

19:18:02.0090 5896  ccSet_NST - ok

19:18:02.0122 5896  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

19:18:02.0168 5896  cdfs - ok

19:18:02.0215 5896  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

19:18:02.0246 5896  cdrom - ok

19:18:02.0278 5896  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

19:18:02.0309 5896  CertPropSvc - ok

19:18:02.0340 5896  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

19:18:02.0387 5896  circlass - ok

19:18:02.0402 5896  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

19:18:02.0434 5896  CLFS - ok

19:18:02.0496 5896  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:18:02.0512 5896  clr_optimization_v2.0.50727_32 - ok

19:18:02.0605 5896  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:18:02.0621 5896  clr_optimization_v4.0.30319_32 - ok

19:18:02.0652 5896  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

19:18:02.0699 5896  CmBatt - ok

19:18:02.0714 5896  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

19:18:02.0730 5896  cmdide - ok

19:18:02.0761 5896  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

19:18:02.0777 5896  Compbatt - ok

19:18:02.0777 5896  COMSysApp - ok

19:18:02.0792 5896  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

19:18:02.0824 5896  crcdisk - ok

19:18:02.0839 5896  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

19:18:02.0902 5896  Crusoe - ok

19:18:02.0964 5896  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll

19:18:02.0995 5896  CryptSvc - ok

19:18:03.0042 5896  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

19:18:03.0104 5896  DcomLaunch - ok

19:18:03.0182 5896  [ 59D90B6A7FBC4CC712DD7C5868618480 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

19:18:03.0198 5896  DeviceMonitorService - ok

19:18:03.0229 5896  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

19:18:03.0276 5896  DfsC - ok

19:18:03.0338 5896  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

19:18:03.0463 5896  DFSR - ok

19:18:03.0494 5896  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

19:18:03.0526 5896  Dhcp - ok

19:18:03.0572 5896  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

19:18:03.0588 5896  disk - ok

19:18:03.0619 5896  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

19:18:03.0682 5896  Dnscache - ok

19:18:03.0713 5896  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

19:18:03.0760 5896  dot3svc - ok

19:18:03.0775 5896  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

19:18:03.0822 5896  DPS - ok

19:18:03.0853 5896  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

19:18:03.0884 5896  drmkaud - ok

19:18:03.0931 5896  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

19:18:03.0962 5896  DXGKrnl - ok

19:18:04.0009 5896  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

19:18:04.0040 5896  E1G60 - ok

19:18:04.0087 5896  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

19:18:04.0165 5896  EapHost - ok

19:18:04.0196 5896  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

19:18:04.0274 5896  Ecache - ok

19:18:04.0352 5896  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

19:18:04.0384 5896  eeCtrl - ok

19:18:04.0446 5896  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

19:18:04.0462 5896  ehRecvr - ok

19:18:04.0477 5896  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

19:18:04.0524 5896  ehSched - ok

19:18:04.0540 5896  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

19:18:04.0571 5896  ehstart - ok

19:18:04.0618 5896  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

19:18:04.0633 5896  elxstor - ok

19:18:04.0696 5896  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

19:18:04.0727 5896  EMDMgmt - ok

19:18:04.0805 5896  [ 4186146FD69EACC966DC755655B91C9C ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

19:18:04.0852 5896  ePowerSvc - ok

19:18:04.0914 5896  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:18:04.0945 5896  EraserUtilRebootDrv - ok

19:18:04.0961 5896  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

19:18:05.0008 5896  ErrDev - ok

19:18:05.0039 5896  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

19:18:05.0086 5896  EventSystem - ok

19:18:05.0164 5896  [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe

19:18:05.0210 5896  EvtEng ( UnsignedFile.Multi.Generic ) - warning

19:18:05.0210 5896  EvtEng - detected UnsignedFile.Multi.Generic (1)

19:18:05.0257 5896  ew_hwusbdev - ok

19:18:05.0273 5896  ew_usbenumfilter - ok

19:18:05.0320 5896  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

19:18:05.0366 5896  exfat - ok

19:18:05.0413 5896  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

19:18:05.0476 5896  fastfat - ok

19:18:05.0491 5896  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

19:18:05.0538 5896  fdc - ok

19:18:05.0569 5896  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

19:18:05.0585 5896  fdPHost - ok

19:18:05.0600 5896  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

19:18:05.0647 5896  FDResPub - ok

19:18:05.0663 5896  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

19:18:05.0678 5896  FileInfo - ok

19:18:05.0710 5896  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

19:18:05.0756 5896  Filetrace - ok

19:18:05.0803 5896  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

19:18:05.0834 5896  flpydisk - ok

19:18:05.0850 5896  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

19:18:05.0866 5896  FltMgr - ok

19:18:05.0928 5896  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

19:18:05.0959 5896  FontCache - ok

19:18:06.0022 5896  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:18:06.0037 5896  FontCache3.0.0.0 - ok

19:18:06.0068 5896  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

19:18:06.0100 5896  Fs_Rec - ok

19:18:06.0131 5896  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

19:18:06.0146 5896  gagp30kx - ok

19:18:06.0178 5896  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

19:18:06.0224 5896  gpsvc - ok

19:18:06.0256 5896  gupdate - ok

19:18:06.0256 5896  gupdatem - ok

19:18:06.0256 5896  gusvc - ok

19:18:06.0302 5896  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:18:06.0349 5896  HdAudAddService - ok

19:18:06.0412 5896  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

19:18:06.0458 5896  HDAudBus - ok

19:18:06.0505 5896  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

19:18:06.0568 5896  HidBth - ok

19:18:06.0599 5896  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

19:18:06.0630 5896  HidIr - ok

19:18:06.0677 5896  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll

19:18:06.0708 5896  hidserv - ok

19:18:06.0755 5896  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

19:18:06.0802 5896  HidUsb - ok

19:18:06.0833 5896  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

19:18:06.0895 5896  hkmsvc - ok

19:18:06.0942 5896  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

19:18:06.0958 5896  HpCISSs - ok

19:18:06.0989 5896  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS

19:18:07.0036 5896  HSFHWAZL - ok

19:18:07.0067 5896  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS

19:18:07.0160 5896  HSF_DPV - ok

19:18:07.0207 5896  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

19:18:07.0238 5896  HTTP - ok

19:18:07.0285 5896  huawei_cdcacm - ok

19:18:07.0301 5896  huawei_cdcecm - ok

19:18:07.0316 5896  huawei_enumerator - ok

19:18:07.0332 5896  huawei_ext_ctrl - ok

19:18:07.0379 5896  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

19:18:07.0394 5896  i2omp - ok

19:18:07.0426 5896  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

19:18:07.0457 5896  i8042prt - ok

19:18:07.0519 5896  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

19:18:07.0550 5896  iaStor - ok

19:18:07.0582 5896  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

19:18:07.0597 5896  iaStorV - ok

19:18:07.0675 5896  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:18:07.0706 5896  idsvc - ok

19:18:07.0800 5896  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130619.001\IDSvix86.sys

19:18:07.0831 5896  IDSVix86 - ok

19:18:07.0862 5896  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

19:18:07.0878 5896  iirsp - ok

19:18:07.0940 5896  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

19:18:07.0987 5896  IKEEXT - ok

19:18:08.0003 5896  IntcAzAudAddService - ok

19:18:08.0018 5896  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

19:18:08.0034 5896  intelide - ok

19:18:08.0050 5896  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

19:18:08.0081 5896  intelppm - ok

19:18:08.0112 5896  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

19:18:08.0143 5896  IPBusEnum - ok

19:18:08.0159 5896  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:18:08.0206 5896  IpFilterDriver - ok

19:18:08.0221 5896  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

19:18:08.0268 5896  iphlpsvc - ok

19:18:08.0284 5896  IpInIp - ok

19:18:08.0315 5896  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

19:18:08.0362 5896  IPMIDRV - ok

19:18:08.0377 5896  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

19:18:08.0408 5896  IPNAT - ok

19:18:08.0440 5896  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys

19:18:08.0471 5896  irda - ok

19:18:08.0486 5896  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

19:18:08.0502 5896  IRENUM - ok

19:18:08.0533 5896  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll

19:18:08.0580 5896  Irmon - ok

19:18:08.0596 5896  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

19:18:08.0627 5896  isapnp - ok

19:18:08.0658 5896  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

19:18:08.0674 5896  iScsiPrt - ok

19:18:08.0705 5896  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

19:18:08.0720 5896  iteatapi - ok

19:18:08.0736 5896  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

19:18:08.0752 5896  iteraid - ok

19:18:08.0752 5896  k57nd60x - ok

19:18:08.0767 5896  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

19:18:08.0783 5896  kbdclass - ok

19:18:08.0814 5896  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

19:18:08.0845 5896  kbdhid - ok

19:18:08.0876 5896  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

19:18:08.0908 5896  KeyIso - ok

19:18:08.0939 5896  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys

19:18:08.0954 5896  KMWDFILTER - ok

19:18:09.0017 5896  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

19:18:09.0048 5896  KSecDD - ok

19:18:09.0095 5896  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

19:18:09.0142 5896  KtmRm - ok

19:18:09.0204 5896  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys

19:18:09.0251 5896  L1E - ok

19:18:09.0282 5896  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll

19:18:09.0313 5896  LanmanServer - ok

19:18:09.0344 5896  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:18:09.0391 5896  LanmanWorkstation - ok

19:18:09.0438 5896  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

19:18:09.0469 5896  lltdio - ok

19:18:09.0516 5896  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

19:18:09.0563 5896  lltdsvc - ok

19:18:09.0578 5896  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

19:18:09.0625 5896  lmhosts - ok

19:18:09.0656 5896  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

19:18:09.0688 5896  LSI_FC - ok

19:18:09.0703 5896  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

19:18:09.0719 5896  LSI_SAS - ok

19:18:09.0750 5896  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

19:18:09.0766 5896  LSI_SCSI - ok

19:18:09.0781 5896  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

19:18:09.0828 5896  luafv - ok

19:18:09.0859 5896  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

19:18:09.0890 5896  Mcx2Svc - ok

19:18:09.0906 5896  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

19:18:09.0922 5896  megasas - ok

19:18:09.0953 5896  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

19:18:09.0984 5896  MegaSR - ok

19:18:10.0015 5896  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

19:18:10.0062 5896  MMCSS - ok

19:18:10.0078 5896  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

19:18:10.0124 5896  Modem - ok

19:18:10.0156 5896  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

19:18:10.0202 5896  monitor - ok

19:18:10.0202 5896  motandroidusb - ok

19:18:10.0218 5896  motccgp - ok

19:18:10.0218 5896  motccgpfl - ok

19:18:10.0234 5896  motmodem - ok

19:18:10.0312 5896  [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

19:18:10.0343 5896  Motorola Device Manager - ok

19:18:10.0343 5896  MotoSwitchService - ok

19:18:10.0358 5896  Motousbnet - ok

19:18:10.0358 5896  motusbdevice - ok

19:18:10.0374 5896  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

19:18:10.0390 5896  mouclass - ok

19:18:10.0405 5896  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

19:18:10.0452 5896  mouhid - ok

19:18:10.0483 5896  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

19:18:10.0499 5896  MountMgr - ok

19:18:10.0514 5896  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

19:18:10.0546 5896  mpio - ok

19:18:10.0546 5896  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

19:18:10.0577 5896  mpsdrv - ok

19:18:10.0608 5896  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll

19:18:10.0655 5896  MpsSvc - ok

19:18:10.0702 5896  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

19:18:10.0717 5896  Mraid35x - ok

19:18:10.0748 5896  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

19:18:10.0780 5896  MRxDAV - ok

19:18:10.0795 5896  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

19:18:10.0842 5896  mrxsmb - ok

19:18:10.0858 5896  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:18:10.0889 5896  mrxsmb10 - ok

19:18:10.0936 5896  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:18:10.0982 5896  mrxsmb20 - ok

19:18:11.0014 5896  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys

19:18:11.0029 5896  msahci - ok

19:18:11.0045 5896  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

19:18:11.0060 5896  msdsm - ok

19:18:11.0092 5896  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

19:18:11.0138 5896  MSDTC - ok

19:18:11.0154 5896  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

19:18:11.0201 5896  Msfs - ok

19:18:11.0216 5896  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

19:18:11.0232 5896  msisadrv - ok

19:18:11.0279 5896  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

19:18:11.0326 5896  MSiSCSI - ok

19:18:11.0326 5896  msiserver - ok

19:18:11.0341 5896  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

19:18:11.0388 5896  MSKSSRV - ok

19:18:11.0404 5896  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

19:18:11.0435 5896  MSPCLOCK - ok

19:18:11.0450 5896  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

19:18:11.0482 5896  MSPQM - ok

19:18:11.0513 5896  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

19:18:11.0528 5896  MsRPC - ok

19:18:11.0560 5896  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

19:18:11.0575 5896  mssmbios - ok

19:18:11.0591 5896  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

19:18:11.0622 5896  MSTEE - ok

19:18:11.0638 5896  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

19:18:11.0653 5896  Mup - ok

19:18:11.0684 5896  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

19:18:11.0731 5896  napagent - ok

19:18:11.0747 5896  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

19:18:11.0794 5896  NativeWifiP - ok

19:18:11.0981 5896  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NAV             C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

19:18:12.0012 5896  NAV - ok

19:18:12.0090 5896  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.021\NAVENG.SYS

19:18:12.0106 5896  NAVENG - ok

19:18:12.0277 5896  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.021\NAVEX15.SYS

19:18:12.0386 5896  NAVEX15 - ok

19:18:12.0542 5896  [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

19:18:12.0574 5896  NBService - ok

19:18:12.0714 5896  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NCO             C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

19:18:12.0745 5896  NCO - ok

19:18:12.0776 5896  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

19:18:12.0808 5896  NDIS - ok

19:18:12.0886 5896  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

19:18:12.0917 5896  NdisTapi - ok

19:18:12.0932 5896  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

19:18:12.0964 5896  Ndisuio - ok

19:18:12.0979 5896  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

19:18:13.0026 5896  NdisWan - ok

19:18:13.0042 5896  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

19:18:13.0073 5896  NDProxy - ok

19:18:13.0088 5896  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

19:18:13.0120 5896  NetBIOS - ok

19:18:13.0151 5896  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

19:18:13.0182 5896  netbt - ok

19:18:13.0198 5896  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

19:18:13.0213 5896  Netlogon - ok

19:18:13.0276 5896  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

19:18:13.0338 5896  Netman - ok

19:18:13.0354 5896  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

19:18:13.0385 5896  netprofm - ok

19:18:13.0416 5896  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:18:13.0432 5896  NetTcpPortSharing - ok

19:18:13.0572 5896  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys

19:18:13.0806 5896  NETw5v32 - ok

19:18:13.0822 5896  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

19:18:13.0853 5896  nfrd960 - ok

19:18:13.0884 5896  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

19:18:13.0915 5896  NlaSvc - ok

19:18:13.0978 5896  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

19:18:14.0009 5896  NMIndexingService - ok

19:18:14.0056 5896  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

19:18:14.0149 5896  Npfs - ok

19:18:14.0196 5896  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys

19:18:14.0274 5896  NSCIRDA - ok

19:18:14.0305 5896  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

19:18:14.0352 5896  nsi - ok

19:18:14.0368 5896  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

19:18:14.0414 5896  nsiproxy - ok

19:18:14.0477 5896  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

19:18:14.0539 5896  Ntfs - ok

19:18:14.0633 5896  [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

19:18:14.0648 5896  NTI IScheduleSvc - ok

19:18:14.0680 5896  [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr         C:\Windows\system32\Drivers\NTIDrvr.sys

19:18:14.0695 5896  NTIDrvr - ok

19:18:14.0726 5896  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

19:18:14.0773 5896  ntrigdigi - ok

19:18:14.0789 5896  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

19:18:14.0836 5896  Null - ok

19:18:14.0867 5896  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys

19:18:14.0898 5896  NVHDA - ok

19:18:15.0194 5896  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:18:15.0772 5896  nvlddmkm - ok

19:18:15.0787 5896  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

19:18:15.0818 5896  nvraid - ok

19:18:15.0834 5896  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

19:18:15.0850 5896  nvstor - ok

19:18:15.0896 5896  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe

19:18:15.0943 5896  nvsvc - ok

19:18:16.0084 5896  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

19:18:16.0130 5896  nvUpdatusService - ok

19:18:16.0193 5896  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

19:18:16.0208 5896  nv_agp - ok

19:18:16.0208 5896  NwlnkFlt - ok

19:18:16.0224 5896  NwlnkFwd - ok

19:18:16.0302 5896  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:18:16.0318 5896  odserv - ok

19:18:16.0364 5896  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

19:18:16.0427 5896  ohci1394 - ok

19:18:16.0458 5896  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:18:16.0474 5896  ose - ok

19:18:16.0536 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

19:18:16.0598 5896  p2pimsvc - ok

19:18:16.0630 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

19:18:16.0661 5896  p2psvc - ok

19:18:16.0708 5896  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

19:18:16.0754 5896  Parport - ok

19:18:16.0801 5896  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

19:18:16.0817 5896  partmgr - ok

19:18:16.0848 5896  [ 3C6E7D73B0E9BC21D5E4B531AB7EC091 ] Partner Service C:\ProgramData\Partner\partner.exe

19:18:16.0864 5896  Partner Service - ok

19:18:16.0879 5896  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

19:18:16.0942 5896  Parvdm - ok

19:18:16.0973 5896  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

19:18:17.0020 5896  PcaSvc - ok

19:18:17.0051 5896  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

19:18:17.0066 5896  pci - ok

19:18:17.0082 5896  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys

19:18:17.0113 5896  pciide - ok

19:18:17.0129 5896  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

19:18:17.0144 5896  pcmcia - ok

19:18:17.0176 5896  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

19:18:17.0285 5896  PEAUTH - ok

19:18:17.0363 5896  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

19:18:17.0472 5896  pla - ok

19:18:17.0534 5896  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe

19:18:17.0566 5896  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning

19:18:17.0566 5896  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)

19:18:17.0581 5896  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

19:18:17.0628 5896  PlugPlay - ok

19:18:17.0675 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

19:18:17.0690 5896  PNRPAutoReg - ok

19:18:17.0737 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

19:18:17.0768 5896  PNRPsvc - ok

19:18:17.0831 5896  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

19:18:17.0878 5896  PolicyAgent - ok

19:18:17.0909 5896  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

19:18:17.0940 5896  PptpMiniport - ok

19:18:17.0971 5896  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

19:18:18.0002 5896  Processor - ok

19:18:18.0034 5896  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

19:18:18.0065 5896  ProfSvc - ok

19:18:18.0080 5896  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

19:18:18.0096 5896  ProtectedStorage - ok

19:18:18.0112 5896  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

19:18:18.0158 5896  PSched - ok

19:18:18.0205 5896  [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service     C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

19:18:18.0221 5896  PST Service ( UnsignedFile.Multi.Generic ) - warning

19:18:18.0221 5896  PST Service - detected UnsignedFile.Multi.Generic (1)

19:18:18.0283 5896  [ E792A7ED13DA7E738294E942C4824860 ] qciusbnet       C:\Windows\system32\DRIVERS\qciusbnet.sys

19:18:18.0299 5896  qciusbnet ( UnsignedFile.Multi.Generic ) - warning

19:18:18.0299 5896  qciusbnet - detected UnsignedFile.Multi.Generic (1)

19:18:18.0314 5896  [ B8CC38880755C7D157ACD9D7742B8A96 ] qciusbser       C:\Windows\system32\DRIVERS\qciusbser.sys

19:18:18.0330 5896  qciusbser ( UnsignedFile.Multi.Generic ) - warning

19:18:18.0330 5896  qciusbser - detected UnsignedFile.Multi.Generic (1)

19:18:18.0377 5896  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

19:18:18.0408 5896  ql2300 - ok

19:18:18.0470 5896  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

19:18:18.0486 5896  ql40xx - ok

19:18:18.0517 5896  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

19:18:18.0548 5896  QWAVE - ok

19:18:18.0580 5896  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

19:18:18.0595 5896  QWAVEdrv - ok

19:18:18.0626 5896  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

19:18:18.0673 5896  RasAcd - ok

19:18:18.0689 5896  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

19:18:18.0736 5896  RasAuto - ok

19:18:18.0782 5896  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

19:18:18.0814 5896  Rasl2tp - ok

19:18:18.0845 5896  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

19:18:18.0876 5896  RasMan - ok

19:18:18.0892 5896  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

19:18:18.0938 5896  RasPppoe - ok

19:18:18.0954 5896  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

19:18:18.0985 5896  RasSstp - ok

19:18:19.0001 5896  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

19:18:19.0110 5896  rdbss - ok

19:18:19.0141 5896  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

19:18:19.0188 5896  RDPCDD - ok

19:18:19.0235 5896  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

19:18:19.0282 5896  rdpdr - ok

19:18:19.0297 5896  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

19:18:19.0344 5896  RDPENCDD - ok

19:18:19.0406 5896  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

19:18:19.0438 5896  RDPWD - ok

19:18:19.0484 5896  [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

19:18:19.0516 5896  RegSrvc ( UnsignedFile.Multi.Generic ) - warning

19:18:19.0516 5896  RegSrvc - detected UnsignedFile.Multi.Generic (1)

19:18:19.0578 5896  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

19:18:19.0609 5896  RemoteAccess - ok

19:18:19.0656 5896  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

19:18:19.0687 5896  RemoteRegistry - ok

19:18:19.0703 5896  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

19:18:19.0734 5896  RpcLocator - ok

19:18:19.0750 5896  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

19:18:19.0796 5896  RpcSs - ok

19:18:19.0796 5896  rrinttaller - ok

19:18:19.0859 5896  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

19:18:19.0890 5896  rspndr - ok

19:18:19.0937 5896  [ 9B09F336DE36A7A6CA871DE8A7847B65 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS

19:18:19.0968 5896  RTSTOR - ok

19:18:19.0984 5896  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

19:18:19.0999 5896  SamSs - ok

19:18:20.0030 5896  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

19:18:20.0046 5896  sbp2port - ok

19:18:20.0077 5896  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

19:18:20.0108 5896  SCardSvr - ok

19:18:20.0155 5896  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

19:18:20.0233 5896  Schedule - ok

19:18:20.0311 5896  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

19:18:20.0342 5896  SCPolicySvc - ok

19:18:20.0374 5896  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys

19:18:20.0436 5896  sdbus - ok

19:18:20.0467 5896  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

19:18:20.0530 5896  SDRSVC - ok

19:18:20.0561 5896  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

19:18:20.0623 5896  secdrv - ok

19:18:20.0654 5896  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

19:18:20.0686 5896  seclogon - ok

19:18:20.0717 5896  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

19:18:20.0764 5896  SENS - ok

19:18:20.0795 5896  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys

19:18:20.0873 5896  Serenum - ok

19:18:20.0904 5896  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys

19:18:20.0966 5896  Serial - ok

19:18:20.0982 5896  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

19:18:21.0013 5896  sermouse - ok

19:18:21.0076 5896  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

19:18:21.0107 5896  SessionEnv - ok

19:18:21.0122 5896  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

19:18:21.0154 5896  sffdisk - ok

19:18:21.0169 5896  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

19:18:21.0200 5896  sffp_mmc - ok

19:18:21.0232 5896  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

19:18:21.0263 5896  sffp_sd - ok

19:18:21.0278 5896  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

19:18:21.0341 5896  sfloppy - ok

19:18:21.0372 5896  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

19:18:21.0419 5896  SharedAccess - ok

19:18:21.0466 5896  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:18:21.0528 5896  ShellHWDetection - ok

19:18:21.0559 5896  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

19:18:21.0575 5896  sisagp - ok

19:18:21.0606 5896  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

19:18:21.0622 5896  SiSRaid2 - ok

19:18:21.0637 5896  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

19:18:21.0653 5896  SiSRaid4 - ok

19:18:21.0715 5896  [ AAF57ECD14A1DBD1B023AB26E634DD80 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

19:18:21.0731 5896  SkypeUpdate - ok

19:18:21.0824 5896  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

19:18:22.0058 5896  slsvc - ok

19:18:22.0090 5896  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

19:18:22.0121 5896  SLUINotify - ok

19:18:22.0136 5896  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

19:18:22.0183 5896  Smb - ok

19:18:22.0246 5896  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

19:18:22.0292 5896  SNMPTRAP - ok

19:18:22.0308 5896  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

19:18:22.0324 5896  spldr - ok

19:18:22.0355 5896  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

19:18:22.0386 5896  Spooler - ok

19:18:22.0511 5896  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS

19:18:22.0542 5896  SRTSP - ok

19:18:22.0604 5896  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS

19:18:22.0620 5896  SRTSPX - ok

19:18:22.0651 5896  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

19:18:22.0698 5896  srv - ok

19:18:22.0729 5896  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

19:18:22.0745 5896  srv2 - ok

19:18:22.0760 5896  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

19:18:22.0807 5896  srvnet - ok

19:18:22.0838 5896  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

19:18:22.0885 5896  SSDPSRV - ok

19:18:22.0901 5896  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

19:18:22.0916 5896  SstpSvc - ok

19:18:22.0963 5896  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

19:18:23.0010 5896  stisvc - ok

19:18:23.0041 5896  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

19:18:23.0057 5896  swenum - ok

19:18:23.0104 5896  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

19:18:23.0150 5896  swprv - ok

19:18:23.0182 5896  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

19:18:23.0197 5896  Symc8xx - ok

19:18:23.0244 5896  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\Windows\system32\drivers\NAV\1404000.028\SYMDS.SYS

19:18:23.0260 5896  SymDS - ok

19:18:23.0338 5896  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\NAV\1404000.028\SYMEFA.SYS

19:18:23.0384 5896  SymEFA - ok

19:18:23.0431 5896  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS

19:18:23.0447 5896  SymEvent - ok

19:18:23.0447 5896  SYMFW - ok

19:18:23.0478 5896  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS

19:18:23.0509 5896  SymIRON - ok

19:18:23.0509 5896  SYMNDISV - ok

19:18:23.0556 5896  [ C834343C3A23DC9BC3AA752F0CAFD04B ] SYMTDIv         C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS

19:18:23.0572 5896  SYMTDIv - ok

19:18:23.0618 5896  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

19:18:23.0634 5896  Sym_hi - ok

19:18:23.0650 5896  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

19:18:23.0665 5896  Sym_u3 - ok

19:18:23.0696 5896  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

19:18:23.0743 5896  SysMain - ok

19:18:23.0790 5896  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:18:23.0821 5896  TabletInputService - ok

19:18:23.0852 5896  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

19:18:23.0884 5896  TapiSrv - ok

19:18:23.0915 5896  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

19:18:23.0946 5896  TBS - ok

19:18:24.0008 5896  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

19:18:24.0055 5896  Tcpip - ok

19:18:24.0164 5896  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

19:18:24.0211 5896  Tcpip6 - ok

19:18:24.0258 5896  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

19:18:24.0289 5896  tcpipreg - ok

19:18:24.0320 5896  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

19:18:24.0352 5896  TDPIPE - ok

19:18:24.0367 5896  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

19:18:24.0414 5896  TDTCP - ok

19:18:24.0445 5896  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

19:18:24.0476 5896  tdx - ok

19:18:24.0508 5896  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

19:18:24.0523 5896  TermDD - ok

19:18:24.0539 5896  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

19:18:24.0586 5896  TermService - ok

19:18:24.0617 5896  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

19:18:24.0632 5896  Themes - ok

19:18:24.0648 5896  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

19:18:24.0679 5896  THREADORDER - ok

19:18:24.0710 5896  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

19:18:24.0757 5896  TrkWks - ok

19:18:24.0804 5896  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:18:24.0835 5896  TrustedInstaller - ok

19:18:24.0866 5896  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

19:18:24.0913 5896  tssecsrv - ok

19:18:25.0007 5896  [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

19:18:25.0085 5896  TuneUp.UtilitiesSvc - ok

19:18:25.0132 5896  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

19:18:25.0147 5896  TuneUpUtilitiesDrv - ok

19:18:25.0163 5896  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

19:18:25.0210 5896  tunmp - ok

19:18:25.0241 5896  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

19:18:25.0272 5896  tunnel - ok

19:18:25.0303 5896  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

19:18:25.0319 5896  uagp35 - ok

19:18:25.0350 5896  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

19:18:25.0366 5896  udfs - ok

19:18:25.0412 5896  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

19:18:25.0490 5896  UI0Detect - ok

19:18:25.0506 5896  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

19:18:25.0522 5896  uliagpkx - ok

19:18:25.0553 5896  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

19:18:25.0568 5896  uliahci - ok

19:18:25.0600 5896  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

19:18:25.0615 5896  UlSata - ok

19:18:25.0631 5896  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

19:18:25.0662 5896  ulsata2 - ok

19:18:25.0678 5896  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

19:18:25.0724 5896  umbus - ok

19:18:25.0756 5896  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

19:18:25.0802 5896  upnphost - ok

19:18:25.0818 5896  USBAAPL - ok

19:18:25.0849 5896  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

19:18:25.0880 5896  usbccgp - ok

19:18:25.0912 5896  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

19:18:25.0958 5896  usbcir - ok

19:18:25.0990 5896  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

19:18:26.0021 5896  usbehci - ok

19:18:26.0052 5896  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

19:18:26.0083 5896  usbhub - ok

19:18:26.0099 5896  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys

19:18:26.0146 5896  usbohci - ok

19:18:26.0208 5896  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

19:18:26.0255 5896  usbprint - ok

19:18:26.0286 5896  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

19:18:26.0317 5896  usbscan - ok

19:18:26.0348 5896  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:18:26.0380 5896  USBSTOR - ok

19:18:26.0411 5896  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

19:18:26.0458 5896  usbuhci - ok

19:18:26.0489 5896  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

19:18:26.0536 5896  usbvideo - ok

19:18:26.0567 5896  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

19:18:26.0598 5896  UxSms - ok

19:18:26.0645 5896  [ 6275822AC454A8A831D063841A4DBB5D ] UxTuneUp        C:\Windows\System32\uxtuneup.dll

19:18:26.0660 5896  UxTuneUp - ok

19:18:26.0707 5896  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

19:18:26.0738 5896  vds - ok

19:18:26.0770 5896  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

19:18:26.0801 5896  vga - ok

19:18:26.0816 5896  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

19:18:26.0863 5896  VgaSave - ok

19:18:26.0879 5896  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

19:18:26.0910 5896  viaagp - ok

19:18:26.0926 5896  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

19:18:26.0957 5896  ViaC7 - ok

19:18:26.0988 5896  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

19:18:27.0004 5896  viaide - ok

19:18:27.0035 5896  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

19:18:27.0050 5896  volmgr - ok

19:18:27.0097 5896  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

19:18:27.0113 5896  volmgrx - ok

19:18:27.0160 5896  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys

19:18:27.0175 5896  volsnap - ok

19:18:27.0206 5896  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

19:18:27.0222 5896  vsmraid - ok

19:18:27.0284 5896  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

19:18:27.0347 5896  VSS - ok

19:18:27.0472 5896  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

19:18:27.0534 5896  vToolbarUpdater15.2.0 - ok

19:18:27.0628 5896  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

19:18:27.0659 5896  W32Time - ok

19:18:27.0706 5896  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

19:18:27.0768 5896  WacomPen - ok

19:18:27.0799 5896  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

19:18:27.0830 5896  Wanarp - ok

19:18:27.0846 5896  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

19:18:27.0877 5896  Wanarpv6 - ok

19:18:27.0924 5896  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

19:18:27.0955 5896  wcncsvc - ok

19:18:28.0002 5896  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:18:28.0018 5896  WcsPlugInService - ok

19:18:28.0064 5896  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

19:18:28.0080 5896  Wd - ok

19:18:28.0111 5896  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys

19:18:28.0174 5896  WDC_SAM - ok

19:18:28.0205 5896  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

19:18:28.0252 5896  Wdf01000 - ok

19:18:28.0283 5896  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

19:18:28.0330 5896  WdiServiceHost - ok

19:18:28.0330 5896  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

19:18:28.0361 5896  WdiSystemHost - ok

19:18:28.0408 5896  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

19:18:28.0439 5896  WebClient - ok

19:18:28.0470 5896  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

19:18:28.0501 5896  Wecsvc - ok

19:18:28.0548 5896  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

19:18:28.0579 5896  wercplsupport - ok

19:18:28.0610 5896  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

19:18:28.0626 5896  WerSvc - ok

19:18:28.0673 5896  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

19:18:28.0782 5896  winachsf - ok

19:18:28.0813 5896  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys

19:18:28.0829 5896  winbondcir - ok

19:18:28.0876 5896  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

19:18:28.0907 5896  WinDefend - ok

19:18:28.0938 5896  WinHttpAutoProxySvc - ok

19:18:28.0985 5896  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

19:18:29.0016 5896  Winmgmt - ok

19:18:29.0141 5896  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

19:18:29.0234 5896  WinRM - ok

19:18:29.0297 5896  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

19:18:29.0344 5896  Wlansvc - ok

19:18:29.0375 5896  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

19:18:29.0422 5896  WmiAcpi - ok

19:18:29.0468 5896  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

19:18:29.0515 5896  wmiApSrv - ok

19:18:29.0578 5896  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

19:18:29.0640 5896  WMPNetworkSvc - ok

19:18:29.0718 5896  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

19:18:29.0749 5896  WPCSvc - ok

19:18:29.0780 5896  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

19:18:29.0827 5896  WPDBusEnum - ok

19:18:29.0858 5896  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys

19:18:29.0874 5896  WpdUsb - ok

19:18:29.0968 5896  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:18:30.0014 5896  WPFFontCache_v0400 - ok

19:18:30.0061 5896  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

19:18:30.0092 5896  ws2ifsl - ok

19:18:30.0124 5896  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll

19:18:30.0155 5896  wscsvc - ok

19:18:30.0170 5896  WSearch - ok

19:18:30.0326 5896  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

19:18:30.0404 5896  wuauserv - ok

19:18:30.0467 5896  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

19:18:30.0498 5896  WudfPf - ok

19:18:30.0514 5896  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

19:18:30.0560 5896  WUDFRd - ok

19:18:30.0592 5896  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

19:18:30.0623 5896  wudfsvc - ok

19:18:30.0654 5896  ================ Scan global ===============================

19:18:30.0716 5896  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

19:18:30.0748 5896  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

19:18:30.0763 5896  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

19:18:30.0810 5896  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

19:18:30.0810 5896  [Global] - ok

19:18:30.0810 5896  ================ Scan MBR ==================================

19:18:30.0904 5896  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0

19:18:32.0011 5896  \Device\Harddisk0\DR0 - ok

19:18:32.0011 5896  ================ Scan VBR ==================================

19:18:32.0011 5896  [ CD5783D61A1439AC2A83E92986F0ACE7 ] \Device\Harddisk0\DR0\Partition1

19:18:32.0011 5896  \Device\Harddisk0\DR0\Partition1 - ok

19:18:32.0058 5896  [ F689CDF0D867CD316C5D3531BD990EAC ] \Device\Harddisk0\DR0\Partition2

19:18:32.0058 5896  \Device\Harddisk0\DR0\Partition2 - ok

19:18:32.0058 5896  ============================================================

19:18:32.0058 5896  Scan finished

19:18:32.0058 5896  ============================================================

19:18:32.0074 5288  Detected object count: 6

19:18:32.0074 5288  Actual detected object count: 6

19:22:23.0999 5288  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

19:22:23.0999 5288  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:22:23.0999 5288  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user

19:22:23.0999 5288  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:22:23.0999 5288  PST Service ( UnsignedFile.Multi.Generic ) - skipped by user

19:22:23.0999 5288  PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:22:23.0999 5288  qciusbnet ( UnsignedFile.Multi.Generic ) - skipped by user

19:22:23.0999 5288  qciusbnet ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:22:23.0999 5288  qciusbser ( UnsignedFile.Multi.Generic ) - skipped by user

19:22:23.0999 5288  qciusbser ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:22:24.0014 5288  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

19:22:24.0014 5288  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:22:59.0357 5576  Deinitialize success

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

also es ist die meldung von der avg-firewall gekommen. hab sie deaktiviert, und dann lief alles automatisch weiter.

Code:

ComboFix 13-06-20.01 - Christian 20.06.2013  19:44:46.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1726 [GMT 2:00]

ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\Christian\AppData\Roaming\Christianv3.4.2.2.vbs

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-05-20 bis 2013-06-20  ))))))))))))))))))))))))))))))

.

.

2013-06-20 17:54 . 2013-06-20 17:54        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-06-20 17:54 . 2013-06-20 17:59        --------        d-----w-        c:\users\Christian\AppData\Local\temp

2013-06-20 17:54 . 2013-06-20 17:54        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-06-20 17:02 . 2013-06-20 17:02        --------        d-----w-        C:\TDSSKiller_Quarantine

2013-06-19 22:27 . 2013-06-20 02:51        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-19 20:36 . 2013-06-19 20:36        --------        d-----w-        c:\program files\CCleaner

2013-06-19 19:21 . 2013-06-19 19:21        --------        d-----w-        c:\users\Christian\AppData\Roaming\Malwarebytes

2013-06-19 19:20 . 2013-06-19 19:20        --------        d-----w-        c:\programdata\Malwarebytes

2013-06-19 19:20 . 2013-06-19 19:20        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2013-06-19 19:20 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-06-18 19:01 . 2013-06-19 18:53        --------        d-----w-        c:\windows\system32\drivers\NAV\1404000.028

2013-06-18 11:28 . 2013-06-18 11:28        --------        d-----w-        c:\windows\system32\drivers\NST\7DD04000.00A

2013-06-14 13:34 . 2013-05-08 04:37        905576        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-06-14 13:34 . 2013-05-02 04:04        443904        ----a-w-        c:\windows\system32\win32spl.dll

2013-06-14 13:34 . 2013-05-02 04:03        37376        ----a-w-        c:\windows\system32\printcom.dll

2013-06-13 22:11 . 2013-04-24 01:46        812544        ----a-w-        c:\windows\system32\certutil.exe

2013-06-13 22:11 . 2013-04-24 04:00        985600        ----a-w-        c:\windows\system32\crypt32.dll

2013-06-13 22:11 . 2013-04-24 04:00        98304        ----a-w-        c:\windows\system32\cryptnet.dll

2013-06-13 22:11 . 2013-04-24 04:00        133120        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-06-13 22:11 . 2013-04-24 04:00        41984        ----a-w-        c:\windows\system32\certenc.dll

2013-06-13 22:11 . 2013-05-02 22:03        3603832        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2013-06-13 22:11 . 2013-05-02 22:03        3551096        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-06-13 22:11 . 2013-04-17 12:30        24576        ----a-w-        c:\windows\system32\cryptdlg.dll

2013-05-30 21:18 . 2013-05-30 21:18        --------        d-----w-        c:\program files\Common Files\Skype

2013-05-21 18:20 . 2013-05-21 18:20        319488        ----a-w-        c:\windows\HideWin.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-19 02:21 . 2012-03-18 09:46        142496        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS

2013-06-11 21:26 . 2012-04-02 14:41        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-06-11 21:26 . 2012-03-18 17:12        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-21 18:20 . 2012-03-17 21:41        319456        ----a-w-        c:\windows\DIFxAPI.dll

2013-05-20 17:47 . 2012-10-25 07:56        37664        ----a-w-        c:\windows\system32\drivers\avgtpx86.sys

2013-04-15 14:20 . 2013-05-15 05:14        638328        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2013-04-13 10:56 . 2013-05-15 05:14        37376        ----a-w-        c:\windows\system32\cdd.dll

2013-04-09 01:36 . 2013-05-15 05:14        2049024        ----a-w-        c:\windows\system32\win32k.sys

2013-04-04 03:35 . 2013-04-23 22:19        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2012-03-17 21:40        157168        ----a-w-        c:\programdata\Partner\partner.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-05-20 17:47        1991344        ----a-w-        c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-20 1991344]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-17 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]

"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]

.

c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Googlebar.url [2012-12-7 179]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2012-03-17 21:40        68856        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"EPSON Stylus DX9400F Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "c:\windows\TEMP\E_SC7C9.tmp" /EF "HKCU"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k

"Acer ePower Management"=c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe

"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-08-19 26496]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:26]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g

TCP: DhcpNameServer = 80.58.61.250 80.58.61.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-86303293.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2013-06-20 19:59

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]

"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\progra~1\AVG\AVG2013\avgrsx.exe

c:\program files\AVG\AVG2013\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\AVG\AVG2013\avgfws.exe

c:\program files\AVG\AVG2013\avgidsagent.exe

c:\program files\AVG\AVG2013\avgwdsvc.exe

c:\program files\Motorola Media Link\Lite\NServiceEntry.exe

c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

c:\program files\AVG\AVG2013\avgnsx.exe

c:\program files\AVG\AVG2013\avgemcx.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files\Bandoo\Bandoo.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

c:\program files\AVG\AVG2013\avgcsrvx.exe

c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\conime.exe

c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-06-20  20:04:03 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-06-20 18:03

.

Vor Suchlauf: 14 Verzeichnis(se), 34.201.075.712 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 41.884.090.368 Bytes frei

.

- - End Of File - - 9CDBEE693BDB2507CE65CDC68112BA35

BB9D3A6A13C5010348DA7C900BB6AF50

und mein avg internet security ist nicht mehr vorhanden. genauso wie meine sidebar.

mehr sehe ich jetzt nicht. ach ja, mußte internet explorer wieder als standard-browser bestätigen

Mach bitte ein neues Log mit aswMBR

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software

Run date: 2013-06-20 21:25:12

-----------------------------

21:25:12.801    OS Version: Windows 6.0.6002 Service Pack 2

21:25:12.801    Number of processors: 2 586 0x170A

21:25:12.801    ComputerName: ZOMBIE  UserName: 

21:25:13.581    Initialize success

21:25:31.131    AVAST engine defs: 13062001

21:25:36.123    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:25:36.123    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3

21:25:36.326    Disk 0 MBR read successfully

21:25:36.342    Disk 0 MBR scan

21:25:36.342    Disk 0 unknown MBR code

21:25:36.404    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048

21:25:36.435    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147501 MB offset 20973568

21:25:36.482    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       143872 MB offset 323055616

21:25:36.560    Disk 0 Partition 4 00     12  Compaq diag NTFS         3630 MB offset 617705472

21:25:36.716    Disk 0 scanning sectors +625139712

21:25:37.012    Disk 0 scanning C:\Windows\system32\drivers

21:25:53.065    Service scanning

21:26:24.982    Modules scanning

21:26:39.584    Disk 0 trace - called modules:

21:26:39.662    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 

21:26:39.678    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8746e620]

21:26:39.678    3 CLASSPNP.SYS[8afa08b3] -> nt!IofCallDriver -> [0x85f433b0]

21:26:39.693    5 acpi.sys[806a36bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f16028]

21:26:40.536    AVAST engine scan C:\Windows

21:26:52.220    AVAST engine scan C:\Windows\system32

21:31:52.364    AVAST engine scan C:\Windows\system32\drivers

21:32:17.277    AVAST engine scan C:\Users\Christian

22:03:28.591    AVAST engine scan C:\ProgramData

22:12:33.608    Scan finished successfully

02:44:26.263    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"

02:44:26.263    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista (TM) Home Premium x86

Ran by Christian on 21.06.2013 at 15:35:11,21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Program Files\sweetim"
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21.06.2013 at 15:38:11,09

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

# AdwCleaner v2.303 - Datei am 21/06/2013 um 15:42:07 erstellt

# Aktualisiert am 08/06/2013 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : Christian - ZOMBIE

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 

Gestoppt & Gelöscht : Partner Service
 

***** [Dateien / Ordner] *****
 

Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search

Ordner Gelöscht : C:\Program Files\AVG Secure Search

Ordner Gelöscht : C:\Program Files\Red Sky

Ordner Gelöscht : C:\ProgramData\AVG Secure Search

Ordner Gelöscht : C:\Users\Christian\AppData\Local\AVG Secure Search

Ordner Gelöscht : C:\Users\Christian\AppData\Local\PutLockerDownloader

Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\AVG Secure Search

Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon

Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
 

***** [Registrierungsdatenbank] *****
 

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\bandoo\bndhook.dll

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Tutorials

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dloejdefkancmfajekobpfoacecnhpgp

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Schlüssel Gelöscht : HKLM\Software\Tutorials

Schlüssel Gelöscht : HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16490
 

[OK] Die Registrierungsdatenbank ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [21421 octets] - [21/06/2013 15:42:07]
 

########## EOF - C:\AdwCleaner[S1].txt - [21482 octets] ##########

Code:

OTL logfile created on: 21.06.2013 15:58:19 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,09% Memory free

6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,38% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,04 Gb Total Space | 38,95 Gb Free Space | 27,04% Space Free | Partition Type: NTFS

Drive D: | 140,50 Gb Total Space | 17,50 Gb Free Space | 12,45% Space Free | Partition Type: NTFS

 

Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)

PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)

PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)

PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (rrinttaller) -- C:\Windows\system32\KBDIOASA.exe File not found

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found

SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found

SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe (Symantec Corporation)

SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)

SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)

SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (PST Service) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)

SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS File not found

DRV - (SYMFW) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMFW.SYS File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found

DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found

DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found

DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found

DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found

DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found

DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found

DRV - (k57nd60x) -- system32\DRIVERS\k57nd60x.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found

DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found

DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found

DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found

DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found

DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found

DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130620.017\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130620.017\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1404000.028\symds.sys (Symantec Corporation)

DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)

DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1404000.028\srtsp.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1404000.028\symtdiv.sys (Symantec Corporation)

DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys (Symantec Corporation)

DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1404000.028\ccsetx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1404000.028\ironx86.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1404000.028\srtspx.sys (Symantec Corporation)

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130620.001\IDSvix86.sys (Symantec Corporation)

DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (qciusbnet) -- C:\Windows\System32\drivers\qciusbnet.sys (Yota)

DRV - (qciusbser) -- C:\Windows\System32\drivers\qciusbser.sys (Yota)

DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)

DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)

DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475

IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\ [2013.06.21 15:45:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com [2012.12.29 16:24:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\ [2012.10.19 22:23:13 | 000,000,000 | ---D | M]

 

[2012.12.29 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions

[2012.12.29 16:24:09 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions\ffox@bandoo.com

[2012.12.28 22:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\extensions

[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi

 

O1 HOSTS File: ([2013.06.20 19:59:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP File not found

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [EPSON Stylus DX9400F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: []  File not found

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: [ScrSav]  File not found

O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{953825AE-A4D2-4671-AE71-709636AB8FB8}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C20B90ED-AF1B-4DB2-8A95-C308F300E354}: DhcpNameServer = 83.149.24.244 83.149.24.243

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F670E7BE-CF05-491F-AB7C-F22E3D093A60}: DhcpNameServer = 212.166.64.1 212.166.64.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.21 15:28:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.06.21 15:28:00 | 000,000,000 | ---D | C] -- C:\JRT

[2013.06.21 15:27:01 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe

[2013.06.20 20:04:07 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.06.20 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp

[2013.06.20 19:59:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.06.20 19:42:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.06.20 19:42:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.06.20 19:42:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.06.20 19:42:02 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.06.20 19:41:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.06.20 19:40:09 | 005,081,444 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe

[2013.06.20 19:02:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013.06.20 15:30:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe

[2013.06.20 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013.06.19 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\erledigt

[2013.06.19 22:45:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2013.06.19 22:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013.06.19 21:21:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes

[2013.06.19 21:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.06.19 21:20:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.06.19 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.06.19 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013.06.15 03:02:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013.06.15 03:02:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013.06.15 03:02:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013.06.15 03:02:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013.06.15 03:02:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013.06.15 03:02:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013.06.15 03:02:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013.06.15 03:02:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013.06.14 15:34:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll

[2013.06.14 00:11:58 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe

[2013.06.14 00:11:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll

[2013.06.14 00:11:53 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013.06.14 00:11:52 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013.06.14 00:11:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll

[2013.05.30 23:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.21 15:44:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.06.21 15:44:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.06.21 15:44:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.06.21 15:44:29 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.21 15:42:33 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013.06.21 15:34:01 | 000,648,201 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe

[2013.06.21 15:27:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe

[2013.06.21 15:24:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.06.21 06:17:26 | 000,239,104 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.06.20 19:59:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.06.20 19:40:28 | 005,081,444 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe

[2013.06.20 15:31:53 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe

[2013.06.20 04:55:05 | 000,001,356 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat

[2013.06.19 22:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2013.06.19 20:54:24 | 002,198,189 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\Cat.DB

[2013.06.19 20:53:15 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\VT20130115.021

[2013.06.19 19:43:40 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.06.19 19:43:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.06.19 19:43:40 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.06.19 19:43:40 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.06.19 19:01:15 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.06.19 04:21:01 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2013.06.19 04:21:01 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2013.06.19 04:21:01 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2013.06.16 09:34:32 | 000,000,386 | ---- | M] () -- C:\Users\Christian\Desktop\Filme.lnk

[2013.06.11 23:26:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.06.11 23:26:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013.06.04 08:44:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\isolate.ini

[2013.05.31 03:50:15 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NST\7DD04000.00A\isolate.ini

[2013.05.24 04:09:47 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symds.cat

[2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys

[2013.05.23 07:25:28 | 000,007,583 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.cat

[2013.05.23 07:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.inf

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.21 15:42:25 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013.06.21 15:34:01 | 000,648,201 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe

[2013.06.20 19:42:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.06.20 19:42:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.06.20 19:42:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.06.20 19:42:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.06.20 19:42:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.06.19 19:01:15 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.06.16 09:34:29 | 000,000,386 | ---- | C] () -- C:\Users\Christian\Desktop\Filme.lnk

[2012.10.18 06:24:14 | 000,001,940 | ---- | C] () -- C:\Users\Christian\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2012.09.13 17:10:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys

[2012.03.18 09:41:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2012.03.18 09:40:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2012.03.18 08:20:02 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[2012.03.18 01:35:17 | 000,239,104 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.17 23:41:13 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT

[2012.03.17 23:41:13 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2012.03.17 23:41:13 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2012.03.17 23:38:40 | 000,001,356 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

Code:

OTL Extras logfile created on: 21.06.2013 15:58:19 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,09% Memory free

6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,38% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,04 Gb Total Space | 38,95 Gb Free Space | 27,04% Space Free | Partition Type: NTFS

Drive D: | 140,50 Gb Total Space | 17,50 Gb Free Space | 12,45% Space Free | Partition Type: NTFS

 

Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AD73A1E-741E-4AF6-9BCD-0B8358CC70A5}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C6BE6929-6642-4AAA-9979-4B9CF7FE0B40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02C22316-AB3B-4722-B3C2-B9BA96824656}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{0425EF1B-2DC2-448A-871B-4E4BECE05C19}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{0662F95D-047F-4791-A585-9225F4DA83BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 

"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0F1EDBD9-A70F-4D4B-B225-C27437358C1B}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{0F69A0CC-3771-42EA-88B1-CDCFDF8D7B88}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{12A0BBAD-0799-4F05-A074-EDBCBDE89D63}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{1951B165-0BAC-48FE-96FB-A83CEA21C260}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{298B1586-8C60-4C8A-A1FD-BA5FD8404DD8}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftdump.dll | 

"{3430496B-E98D-481A-BDEF-BE8AAE95758E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{34AC874B-EBD0-46BF-B71E-2BA12D4F93CF}" = dir=in | app=c:\program files\motorola media link\lite\mml.exe | 

"{3EB5EE15-943D-4F61-AC0D-E74B3963D21C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 

"{41AC618E-0EAA-460D-A25B-F523B59564C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{42357D3C-60CA-4C33-AD80-8BCA2F972B91}" = dir=in | app=c:\program files\apowersoft\video download capture\videodownloadcapture.exe | 

"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{625DC748-AF7B-499E-86A5-FE77129BF5E2}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 

"{6F76510F-55DD-4E55-BD64-3D091694B3C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{75DF6C8A-9721-420B-95C8-592BFC7C92CE}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | 

"{76768208-7E5F-4099-89DD-EE08335E142C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 

"{7B0EC1FA-8128-4772-9190-FE64AFF2A091}" = dir=in | app=c:\program files\apowersoft\video download capture\video-download-capture.exe | 

"{85EEF39B-5664-48EE-9CAD-2646BFBB5DF3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftsrv.dll | 

"{894AC073-E399-4435-B13F-C38B6A1CE359}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | 

"{8D37EE0D-DF0C-4FFC-AE68-49162188A2E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{91930A40-AC44-4C53-86D0-E6744673989A}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 

"{9695C4A4-4944-426C-A3F7-315398F90864}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 

"{A25B67E1-7831-4902-B3DA-7B1F2BFA7EE3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftplayer.dll | 

"{A4B4287C-1D8B-4F3A-A7CC-080ECBF90909}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{B0E4C9B3-2DC4-43B0-BE4D-4185417C6F47}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{B276CEDB-0938-408F-A4A9-6AB0C6885FEB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 

"{C4BFCEB1-CAD9-4EB9-8412-8646C1555D4C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 

"{CE20492F-1F0E-43EC-B5E0-C131FC7A2241}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{D77B2D3A-3337-421F-90B5-F7F9176029BC}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 

"{DD3BB85A-FDFD-4FEF-AAEA-0ABD23A0D060}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{F88EB40C-9D41-4894-9606-1E094FA7E90B}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftac.dll | 

"TCP Query User{4393ACD0-89A4-4D55-B02F-1F4EB866C677}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 

"TCP Query User{6C06F792-DE6F-4778-9BA3-0BC4B37DB972}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 

"UDP Query User{2A9B3E17-0FB5-4605-80FF-92BC6CC3868E}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 

"UDP Query User{B4C5656B-57D4-40C6-9CC2-23038CD08064}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager

"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013

"{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software

"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V4.3.3

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager

"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013

"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition

"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor

"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D732E36A-B0C2-4DFF-8C60-4AC06233B2BC}" = Motorola Mobile Drivers Installation 6.0.0

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam

"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.8

"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AVG" = AVG 2013

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516

"CCleaner" = CCleaner

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"EPSON Scanner" = EPSON Scan

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"Lingoes Translator_is1" = Lingoes 2.8.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NAV" = Norton AntiVirus

"NST" = Norton Identity Safe

"ProInst" = Intel PROSet Wireless

"TreeSize Professional_is1" = TreeSize Professional V5.5

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft

"VLC media player" = VLC media player 2.0.7

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR Archivierer

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 21.06.2013 09:45:45 | Computer Name = Zombie | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 21.06.2013 09:45:46 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006

Description = 

 

Error - 21.06.2013 09:45:46 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006

Description = 

 

Error - 21.06.2013 09:45:46 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 21.06.2013 09:46:35 | Computer Name = Zombie | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 21.06.2013 09:46:37 | Computer Name = Zombie | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 21.06.2013 09:46:37 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001

Description = 

 

 

< End of report >

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

SRV - (rrinttaller) -- C:\Windows\system32\KBDIOASA.exe File not found

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: []  File not found

O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: [ScrSav]  File not found

:Files

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

wo sollte denn der benutzername stehen? in den paar Zeilen, kann ich nichts erkennen.

Da steht ja auch "sollte dein Benutzername..." :pfeiff:

Code:

All processes killed

========== OTL ==========

Service rrinttaller stopped successfully!

Service rrinttaller deleted successfully!

File  C:\Windows\system32\KBDIOASA.exe File not found not found.

Registry value HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Christian\Desktop\cmd.bat deleted successfully.

C:\Users\Christian\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Christian

->Temp folder emptied: 90377242 bytes

->Temporary Internet Files folder emptied: 370456546 bytes

->Java cache emptied: 80460 bytes

->Flash cache emptied: 246943369 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 58339 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 58339 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 5 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 25350 bytes

RecycleBin emptied: 1937431170 bytes

 

Total Files Cleaned = 2.523,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 06222013_124144
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.06.22.02
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Christian :: ZOMBIE [Administrator]
 

Schutz: Aktiviert
 

22.06.2013 13:12:45

MBAM-log-2013-06-22 (15-12-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 370527

Laufzeit: 1 Stunde(n), 58 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

D:\Installer\NERO 7.5.9 + PlugIns + ASPI + Keygen\nero 7 new keygen.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.

H:\Christian\Installer\NERO 7.5.9 + PlugIns + ASPI + Keygen\nero 7 new keygen.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.
 

(Ende)

ergebnis nach vollscan

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=37754102487a7645a1e1a40ea4546293

# engine=14133

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-06-22 03:27:49

# local_time=2013-06-22 05:27:49 (+0100, Mitteleuropäische Sommerzeit   )

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1040 16777213 100 100 30684 59048853 0 0

# compatibility_mode=3590 16777213 100 90 93974 190933055 0 0

# compatibility_mode=5892 16776574 100 100 20645691 209447597 0 0

# scanned=156022

# found=1

# cleaned=0

# scan_time=7671

sh=40A0193D22A3F750B0FC3D7D4FA75F708E73F3A3 ft=1 fh=64bc18ebab54f4d8 vn="Win32/BHO.OGC trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.06.2013_19.01.07\susp0000\svc0000\tsk0000.dta"

Zitat:

D:\Installer\NERO 7.5.9 + PlugIns + ASPI + Keygen\nero 7 new keygen.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.
H:\Christian\Installer\NERO 7.5.9 + PlugIns + ASPI + Keygen\nero 7 new keygen.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.

:pfui:

Wo hast du diesen Mist her? Was sind Laufwerk D und H?

meine festplatte ist auf zwei "partitionen" (heißt doch so, oder?) aufgeteilt, C: und D:. Laufwerk H: ist meine externe festplatte.
Die datei hab ich von nem bekannten vor jahren bekommen.

Lösch diesen Crack-/Keygenmist und lass in Zukunft die Finger davon :pfui:
Hätte ich die zu Anfang gesehen, hätte ich dir nur einen Hinweis zur Datensicherung und Neuinstallation von Windows gegeben...

alles klar. wenn dann alles deinstalliert ist, muß ich nochwas machen, oder wars das dann? soll man die programme ab und zu mal laufen lassen, oder kann ich sie deinstallieren?