Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: wss4191.tmp und yontoo

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.06.2013, 17:44   #16
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



sobald ich den scan starte, wird die seite weiß und nichts passiert.

Alt 20.06.2013, 18:00   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Zitat:
cmd32 ( LockedFile.Multi.Generic ) - skipped by user
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________

__________________

Alt 20.06.2013, 18:27   #18
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



als ich den computer neu gestartet habe, bekam ich die meldung, ob ich cmd.exe ausführen will. ich habe mit nein bestätigt und dann den scan gemacht

Code:
ATTFilter
19:17:43.0308 4696  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:17:44.0291 4696  ============================================================
19:17:44.0291 4696  Current date / time: 2013/06/20 19:17:44.0291
19:17:44.0291 4696  SystemInfo:
19:17:44.0291 4696  
19:17:44.0291 4696  OS Version: 6.0.6002 ServicePack: 2.0
19:17:44.0291 4696  Product type: Workstation
19:17:44.0291 4696  ComputerName: ZOMBIE
19:17:44.0291 4696  UserName: Christian
19:17:44.0291 4696  Windows directory: C:\Windows
19:17:44.0291 4696  System windows directory: C:\Windows
19:17:44.0291 4696  Processor architecture: Intel x86
19:17:44.0291 4696  Number of processors: 2
19:17:44.0291 4696  Page size: 0x1000
19:17:44.0291 4696  Boot type: Normal boot
19:17:44.0291 4696  ============================================================
19:17:45.0398 4696  BG loaded
19:17:45.0913 4696  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:17:45.0960 4696  ============================================================
19:17:45.0960 4696  \Device\Harddisk0\DR0:
19:17:45.0976 4696  MBR partitions:
19:17:45.0976 4696  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
19:17:45.0976 4696  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000
19:17:45.0976 4696  ============================================================
19:17:46.0038 4696  C: <-> \Device\Harddisk0\DR0\Partition1
19:17:46.0288 4696  D: <-> \Device\Harddisk0\DR0\Partition2
19:17:46.0288 4696  ============================================================
19:17:46.0288 4696  Initialize success
19:17:46.0288 4696  ============================================================
19:17:55.0554 5896  ============================================================
19:17:55.0554 5896  Scan started
19:17:55.0554 5896  Mode: Manual; SigCheck; TDLFS; 
19:17:55.0554 5896  ============================================================
19:17:56.0974 5896  ================ Scan system memory ========================
19:17:56.0974 5896  System memory - ok
19:17:56.0974 5896  ================ Scan services =============================
19:17:57.0098 5896  [ 83A1124BC4D090EC5DE3B11F90AD8AE6 ] A310            C:\Windows\system32\DRIVERS\AVerA310USB.sys
19:17:57.0286 5896  A310 - ok
19:17:57.0317 5896  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:17:57.0332 5896  ACPI - ok
19:17:57.0410 5896  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:17:57.0442 5896  AdobeARMservice - ok
19:17:57.0488 5896  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:17:57.0504 5896  AdobeFlashPlayerUpdateSvc - ok
19:17:57.0535 5896  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:17:57.0566 5896  adp94xx - ok
19:17:57.0582 5896  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:17:57.0613 5896  adpahci - ok
19:17:57.0629 5896  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:17:57.0644 5896  adpu160m - ok
19:17:57.0676 5896  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:17:57.0691 5896  adpu320 - ok
19:17:57.0707 5896  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:17:57.0847 5896  AeLookupSvc - ok
19:17:57.0894 5896  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
19:17:57.0925 5896  AFD - ok
19:17:57.0972 5896  [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
19:17:58.0144 5896  AgereSoftModem - ok
19:17:58.0175 5896  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:17:58.0190 5896  agp440 - ok
19:17:58.0222 5896  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:17:58.0237 5896  aic78xx - ok
19:17:58.0253 5896  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
19:17:58.0331 5896  ALG - ok
19:17:58.0346 5896  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:17:58.0362 5896  aliide - ok
19:17:58.0378 5896  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:17:58.0393 5896  amdagp - ok
19:17:58.0409 5896  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:17:58.0424 5896  amdide - ok
19:17:58.0456 5896  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:17:58.0518 5896  AmdK7 - ok
19:17:58.0534 5896  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:17:58.0580 5896  AmdK8 - ok
19:17:58.0643 5896  [ 548CCBD8B48FDF7E2435AD6017920A7F ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
19:17:58.0658 5896  Apowersoft_AudioDevice - ok
19:17:58.0690 5896  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
19:17:58.0752 5896  Appinfo - ok
19:17:58.0783 5896  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
19:17:58.0799 5896  arc - ok
19:17:58.0830 5896  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:17:58.0846 5896  arcsas - ok
19:17:58.0877 5896  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:58.0924 5896  AsyncMac - ok
19:17:58.0955 5896  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:17:58.0970 5896  atapi - ok
19:17:59.0002 5896  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:17:59.0048 5896  AudioEndpointBuilder - ok
19:17:59.0048 5896  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:17:59.0080 5896  Audiosrv - ok
19:17:59.0111 5896  [ 0FE7773CD592DAE0CA994BA987F44E85 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6x.sys
19:17:59.0126 5896  Avgfwfd - ok
19:17:59.0204 5896  [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe
19:17:59.0282 5896  avgfws - ok
19:17:59.0470 5896  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
19:17:59.0782 5896  AVGIDSAgent - ok
19:17:59.0797 5896  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
19:17:59.0828 5896  AVGIDSDriver - ok
19:17:59.0844 5896  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
19:17:59.0860 5896  AVGIDSHX - ok
19:17:59.0875 5896  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
19:17:59.0891 5896  AVGIDSShim - ok
19:17:59.0922 5896  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
19:17:59.0938 5896  Avgldx86 - ok
19:17:59.0969 5896  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
19:17:59.0984 5896  Avglogx - ok
19:18:00.0000 5896  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
19:18:00.0016 5896  Avgmfx86 - ok
19:18:00.0031 5896  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
19:18:00.0047 5896  Avgrkx86 - ok
19:18:00.0062 5896  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
19:18:00.0078 5896  Avgtdix - ok
19:18:00.0109 5896  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
19:18:00.0125 5896  avgtp - ok
19:18:00.0140 5896  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
19:18:00.0156 5896  avgwd - ok
19:18:00.0203 5896  [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:18:00.0265 5896  b57nd60x - ok
19:18:00.0374 5896  [ 6F9DD1FDEF97F205B536B64339733225 ] Bandoo Coordinator C:\Program Files\Bandoo\Bandoo.exe
19:18:00.0530 5896  Bandoo Coordinator - ok
19:18:00.0546 5896  [ 31079B3566FA19BDEDBA50EB4009D8F9 ] BDASwCap        C:\Windows\system32\drivers\AVerA310Cap.sys
19:18:00.0593 5896  BDASwCap - ok
19:18:00.0640 5896  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:18:00.0671 5896  Beep - ok
19:18:00.0702 5896  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
19:18:00.0749 5896  BFE - ok
19:18:00.0920 5896  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
19:18:00.0983 5896  BHDrvx86 - ok
19:18:01.0061 5896  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
19:18:01.0123 5896  BITS - ok
19:18:01.0170 5896  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:18:01.0201 5896  blbdrive - ok
19:18:01.0248 5896  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:18:01.0279 5896  bowser - ok
19:18:01.0310 5896  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:18:01.0357 5896  BrFiltLo - ok
19:18:01.0373 5896  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:18:01.0404 5896  BrFiltUp - ok
19:18:01.0435 5896  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
19:18:01.0482 5896  Browser - ok
19:18:01.0498 5896  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:18:01.0560 5896  Brserid - ok
19:18:01.0576 5896  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:18:01.0638 5896  BrSerWdm - ok
19:18:01.0654 5896  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:18:01.0732 5896  BrUsbMdm - ok
19:18:01.0747 5896  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:18:01.0794 5896  BrUsbSer - ok
19:18:01.0794 5896  BTCFilterService - ok
19:18:01.0810 5896  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:18:01.0888 5896  BTHMODEM - ok
19:18:01.0981 5896  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NAV       C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys
19:18:01.0997 5896  ccSet_NAV - ok
19:18:02.0075 5896  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NST       C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys
19:18:02.0090 5896  ccSet_NST - ok
19:18:02.0122 5896  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:18:02.0168 5896  cdfs - ok
19:18:02.0215 5896  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:18:02.0246 5896  cdrom - ok
19:18:02.0278 5896  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:18:02.0309 5896  CertPropSvc - ok
19:18:02.0340 5896  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:18:02.0387 5896  circlass - ok
19:18:02.0402 5896  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
19:18:02.0434 5896  CLFS - ok
19:18:02.0496 5896  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:18:02.0512 5896  clr_optimization_v2.0.50727_32 - ok
19:18:02.0605 5896  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:18:02.0621 5896  clr_optimization_v4.0.30319_32 - ok
19:18:02.0652 5896  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:18:02.0699 5896  CmBatt - ok
19:18:02.0714 5896  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:18:02.0730 5896  cmdide - ok
19:18:02.0761 5896  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:18:02.0777 5896  Compbatt - ok
19:18:02.0777 5896  COMSysApp - ok
19:18:02.0792 5896  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:18:02.0824 5896  crcdisk - ok
19:18:02.0839 5896  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:18:02.0902 5896  Crusoe - ok
19:18:02.0964 5896  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:18:02.0995 5896  CryptSvc - ok
19:18:03.0042 5896  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:18:03.0104 5896  DcomLaunch - ok
19:18:03.0182 5896  [ 59D90B6A7FBC4CC712DD7C5868618480 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
19:18:03.0198 5896  DeviceMonitorService - ok
19:18:03.0229 5896  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:18:03.0276 5896  DfsC - ok
19:18:03.0338 5896  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
19:18:03.0463 5896  DFSR - ok
19:18:03.0494 5896  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:18:03.0526 5896  Dhcp - ok
19:18:03.0572 5896  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
19:18:03.0588 5896  disk - ok
19:18:03.0619 5896  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:18:03.0682 5896  Dnscache - ok
19:18:03.0713 5896  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:18:03.0760 5896  dot3svc - ok
19:18:03.0775 5896  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
19:18:03.0822 5896  DPS - ok
19:18:03.0853 5896  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:18:03.0884 5896  drmkaud - ok
19:18:03.0931 5896  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:18:03.0962 5896  DXGKrnl - ok
19:18:04.0009 5896  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:18:04.0040 5896  E1G60 - ok
19:18:04.0087 5896  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
19:18:04.0165 5896  EapHost - ok
19:18:04.0196 5896  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:18:04.0274 5896  Ecache - ok
19:18:04.0352 5896  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:18:04.0384 5896  eeCtrl - ok
19:18:04.0446 5896  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:18:04.0462 5896  ehRecvr - ok
19:18:04.0477 5896  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
19:18:04.0524 5896  ehSched - ok
19:18:04.0540 5896  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
19:18:04.0571 5896  ehstart - ok
19:18:04.0618 5896  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:18:04.0633 5896  elxstor - ok
19:18:04.0696 5896  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:18:04.0727 5896  EMDMgmt - ok
19:18:04.0805 5896  [ 4186146FD69EACC966DC755655B91C9C ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
19:18:04.0852 5896  ePowerSvc - ok
19:18:04.0914 5896  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:18:04.0945 5896  EraserUtilRebootDrv - ok
19:18:04.0961 5896  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:18:05.0008 5896  ErrDev - ok
19:18:05.0039 5896  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
19:18:05.0086 5896  EventSystem - ok
19:18:05.0164 5896  [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:18:05.0210 5896  EvtEng ( UnsignedFile.Multi.Generic ) - warning
19:18:05.0210 5896  EvtEng - detected UnsignedFile.Multi.Generic (1)
19:18:05.0257 5896  ew_hwusbdev - ok
19:18:05.0273 5896  ew_usbenumfilter - ok
19:18:05.0320 5896  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
19:18:05.0366 5896  exfat - ok
19:18:05.0413 5896  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:18:05.0476 5896  fastfat - ok
19:18:05.0491 5896  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:18:05.0538 5896  fdc - ok
19:18:05.0569 5896  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:18:05.0585 5896  fdPHost - ok
19:18:05.0600 5896  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:18:05.0647 5896  FDResPub - ok
19:18:05.0663 5896  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:18:05.0678 5896  FileInfo - ok
19:18:05.0710 5896  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:18:05.0756 5896  Filetrace - ok
19:18:05.0803 5896  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:18:05.0834 5896  flpydisk - ok
19:18:05.0850 5896  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:18:05.0866 5896  FltMgr - ok
19:18:05.0928 5896  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
19:18:05.0959 5896  FontCache - ok
19:18:06.0022 5896  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:18:06.0037 5896  FontCache3.0.0.0 - ok
19:18:06.0068 5896  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:18:06.0100 5896  Fs_Rec - ok
19:18:06.0131 5896  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:18:06.0146 5896  gagp30kx - ok
19:18:06.0178 5896  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:18:06.0224 5896  gpsvc - ok
19:18:06.0256 5896  gupdate - ok
19:18:06.0256 5896  gupdatem - ok
19:18:06.0256 5896  gusvc - ok
19:18:06.0302 5896  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:18:06.0349 5896  HdAudAddService - ok
19:18:06.0412 5896  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:18:06.0458 5896  HDAudBus - ok
19:18:06.0505 5896  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:18:06.0568 5896  HidBth - ok
19:18:06.0599 5896  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:18:06.0630 5896  HidIr - ok
19:18:06.0677 5896  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
19:18:06.0708 5896  hidserv - ok
19:18:06.0755 5896  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:18:06.0802 5896  HidUsb - ok
19:18:06.0833 5896  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:18:06.0895 5896  hkmsvc - ok
19:18:06.0942 5896  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:18:06.0958 5896  HpCISSs - ok
19:18:06.0989 5896  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:18:07.0036 5896  HSFHWAZL - ok
19:18:07.0067 5896  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:18:07.0160 5896  HSF_DPV - ok
19:18:07.0207 5896  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:18:07.0238 5896  HTTP - ok
19:18:07.0285 5896  huawei_cdcacm - ok
19:18:07.0301 5896  huawei_cdcecm - ok
19:18:07.0316 5896  huawei_enumerator - ok
19:18:07.0332 5896  huawei_ext_ctrl - ok
19:18:07.0379 5896  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:18:07.0394 5896  i2omp - ok
19:18:07.0426 5896  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:18:07.0457 5896  i8042prt - ok
19:18:07.0519 5896  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:18:07.0550 5896  iaStor - ok
19:18:07.0582 5896  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:18:07.0597 5896  iaStorV - ok
19:18:07.0675 5896  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:18:07.0706 5896  idsvc - ok
19:18:07.0800 5896  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130619.001\IDSvix86.sys
19:18:07.0831 5896  IDSVix86 - ok
19:18:07.0862 5896  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:18:07.0878 5896  iirsp - ok
19:18:07.0940 5896  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:18:07.0987 5896  IKEEXT - ok
19:18:08.0003 5896  IntcAzAudAddService - ok
19:18:08.0018 5896  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:18:08.0034 5896  intelide - ok
19:18:08.0050 5896  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:18:08.0081 5896  intelppm - ok
19:18:08.0112 5896  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:18:08.0143 5896  IPBusEnum - ok
19:18:08.0159 5896  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:18:08.0206 5896  IpFilterDriver - ok
19:18:08.0221 5896  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:18:08.0268 5896  iphlpsvc - ok
19:18:08.0284 5896  IpInIp - ok
19:18:08.0315 5896  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:18:08.0362 5896  IPMIDRV - ok
19:18:08.0377 5896  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:18:08.0408 5896  IPNAT - ok
19:18:08.0440 5896  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
19:18:08.0471 5896  irda - ok
19:18:08.0486 5896  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:18:08.0502 5896  IRENUM - ok
19:18:08.0533 5896  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll
19:18:08.0580 5896  Irmon - ok
19:18:08.0596 5896  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:18:08.0627 5896  isapnp - ok
19:18:08.0658 5896  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:18:08.0674 5896  iScsiPrt - ok
19:18:08.0705 5896  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:18:08.0720 5896  iteatapi - ok
19:18:08.0736 5896  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:18:08.0752 5896  iteraid - ok
19:18:08.0752 5896  k57nd60x - ok
19:18:08.0767 5896  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:18:08.0783 5896  kbdclass - ok
19:18:08.0814 5896  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:18:08.0845 5896  kbdhid - ok
19:18:08.0876 5896  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
19:18:08.0908 5896  KeyIso - ok
19:18:08.0939 5896  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:18:08.0954 5896  KMWDFILTER - ok
19:18:09.0017 5896  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:18:09.0048 5896  KSecDD - ok
19:18:09.0095 5896  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:18:09.0142 5896  KtmRm - ok
19:18:09.0204 5896  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys
19:18:09.0251 5896  L1E - ok
19:18:09.0282 5896  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:18:09.0313 5896  LanmanServer - ok
19:18:09.0344 5896  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:18:09.0391 5896  LanmanWorkstation - ok
19:18:09.0438 5896  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:18:09.0469 5896  lltdio - ok
19:18:09.0516 5896  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:18:09.0563 5896  lltdsvc - ok
19:18:09.0578 5896  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:18:09.0625 5896  lmhosts - ok
19:18:09.0656 5896  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:18:09.0688 5896  LSI_FC - ok
19:18:09.0703 5896  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:18:09.0719 5896  LSI_SAS - ok
19:18:09.0750 5896  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:18:09.0766 5896  LSI_SCSI - ok
19:18:09.0781 5896  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
19:18:09.0828 5896  luafv - ok
19:18:09.0859 5896  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:18:09.0890 5896  Mcx2Svc - ok
19:18:09.0906 5896  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:18:09.0922 5896  megasas - ok
19:18:09.0953 5896  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
19:18:09.0984 5896  MegaSR - ok
19:18:10.0015 5896  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
19:18:10.0062 5896  MMCSS - ok
19:18:10.0078 5896  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
19:18:10.0124 5896  Modem - ok
19:18:10.0156 5896  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:18:10.0202 5896  monitor - ok
19:18:10.0202 5896  motandroidusb - ok
19:18:10.0218 5896  motccgp - ok
19:18:10.0218 5896  motccgpfl - ok
19:18:10.0234 5896  motmodem - ok
19:18:10.0312 5896  [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
19:18:10.0343 5896  Motorola Device Manager - ok
19:18:10.0343 5896  MotoSwitchService - ok
19:18:10.0358 5896  Motousbnet - ok
19:18:10.0358 5896  motusbdevice - ok
19:18:10.0374 5896  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:18:10.0390 5896  mouclass - ok
19:18:10.0405 5896  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:18:10.0452 5896  mouhid - ok
19:18:10.0483 5896  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:18:10.0499 5896  MountMgr - ok
19:18:10.0514 5896  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:18:10.0546 5896  mpio - ok
19:18:10.0546 5896  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:18:10.0577 5896  mpsdrv - ok
19:18:10.0608 5896  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:18:10.0655 5896  MpsSvc - ok
19:18:10.0702 5896  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:18:10.0717 5896  Mraid35x - ok
19:18:10.0748 5896  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:18:10.0780 5896  MRxDAV - ok
19:18:10.0795 5896  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:18:10.0842 5896  mrxsmb - ok
19:18:10.0858 5896  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:18:10.0889 5896  mrxsmb10 - ok
19:18:10.0936 5896  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:18:10.0982 5896  mrxsmb20 - ok
19:18:11.0014 5896  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
19:18:11.0029 5896  msahci - ok
19:18:11.0045 5896  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:18:11.0060 5896  msdsm - ok
19:18:11.0092 5896  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
19:18:11.0138 5896  MSDTC - ok
19:18:11.0154 5896  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:18:11.0201 5896  Msfs - ok
19:18:11.0216 5896  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:18:11.0232 5896  msisadrv - ok
19:18:11.0279 5896  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:18:11.0326 5896  MSiSCSI - ok
19:18:11.0326 5896  msiserver - ok
19:18:11.0341 5896  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:18:11.0388 5896  MSKSSRV - ok
19:18:11.0404 5896  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:18:11.0435 5896  MSPCLOCK - ok
19:18:11.0450 5896  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:18:11.0482 5896  MSPQM - ok
19:18:11.0513 5896  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:18:11.0528 5896  MsRPC - ok
19:18:11.0560 5896  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:18:11.0575 5896  mssmbios - ok
19:18:11.0591 5896  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:18:11.0622 5896  MSTEE - ok
19:18:11.0638 5896  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
19:18:11.0653 5896  Mup - ok
19:18:11.0684 5896  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
19:18:11.0731 5896  napagent - ok
19:18:11.0747 5896  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:18:11.0794 5896  NativeWifiP - ok
19:18:11.0981 5896  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NAV             C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
19:18:12.0012 5896  NAV - ok
19:18:12.0090 5896  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.021\NAVENG.SYS
19:18:12.0106 5896  NAVENG - ok
19:18:12.0277 5896  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.021\NAVEX15.SYS
19:18:12.0386 5896  NAVEX15 - ok
19:18:12.0542 5896  [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:18:12.0574 5896  NBService - ok
19:18:12.0714 5896  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NCO             C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
19:18:12.0745 5896  NCO - ok
19:18:12.0776 5896  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:18:12.0808 5896  NDIS - ok
19:18:12.0886 5896  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:18:12.0917 5896  NdisTapi - ok
19:18:12.0932 5896  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:18:12.0964 5896  Ndisuio - ok
19:18:12.0979 5896  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:18:13.0026 5896  NdisWan - ok
19:18:13.0042 5896  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:18:13.0073 5896  NDProxy - ok
19:18:13.0088 5896  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:18:13.0120 5896  NetBIOS - ok
19:18:13.0151 5896  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:18:13.0182 5896  netbt - ok
19:18:13.0198 5896  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
19:18:13.0213 5896  Netlogon - ok
19:18:13.0276 5896  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
19:18:13.0338 5896  Netman - ok
19:18:13.0354 5896  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
19:18:13.0385 5896  netprofm - ok
19:18:13.0416 5896  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:18:13.0432 5896  NetTcpPortSharing - ok
19:18:13.0572 5896  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
19:18:13.0806 5896  NETw5v32 - ok
19:18:13.0822 5896  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:18:13.0853 5896  nfrd960 - ok
19:18:13.0884 5896  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:18:13.0915 5896  NlaSvc - ok
19:18:13.0978 5896  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:18:14.0009 5896  NMIndexingService - ok
19:18:14.0056 5896  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:18:14.0149 5896  Npfs - ok
19:18:14.0196 5896  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
19:18:14.0274 5896  NSCIRDA - ok
19:18:14.0305 5896  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
19:18:14.0352 5896  nsi - ok
19:18:14.0368 5896  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:18:14.0414 5896  nsiproxy - ok
19:18:14.0477 5896  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:18:14.0539 5896  Ntfs - ok
19:18:14.0633 5896  [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
19:18:14.0648 5896  NTI IScheduleSvc - ok
19:18:14.0680 5896  [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr         C:\Windows\system32\Drivers\NTIDrvr.sys
19:18:14.0695 5896  NTIDrvr - ok
19:18:14.0726 5896  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
19:18:14.0773 5896  ntrigdigi - ok
19:18:14.0789 5896  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
19:18:14.0836 5896  Null - ok
19:18:14.0867 5896  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
19:18:14.0898 5896  NVHDA - ok
19:18:15.0194 5896  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:18:15.0772 5896  nvlddmkm - ok
19:18:15.0787 5896  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:18:15.0818 5896  nvraid - ok
19:18:15.0834 5896  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:18:15.0850 5896  nvstor - ok
19:18:15.0896 5896  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:18:15.0943 5896  nvsvc - ok
19:18:16.0084 5896  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:18:16.0130 5896  nvUpdatusService - ok
19:18:16.0193 5896  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:18:16.0208 5896  nv_agp - ok
19:18:16.0208 5896  NwlnkFlt - ok
19:18:16.0224 5896  NwlnkFwd - ok
19:18:16.0302 5896  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:18:16.0318 5896  odserv - ok
19:18:16.0364 5896  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:18:16.0427 5896  ohci1394 - ok
19:18:16.0458 5896  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:18:16.0474 5896  ose - ok
19:18:16.0536 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:18:16.0598 5896  p2pimsvc - ok
19:18:16.0630 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:18:16.0661 5896  p2psvc - ok
19:18:16.0708 5896  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
19:18:16.0754 5896  Parport - ok
19:18:16.0801 5896  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:18:16.0817 5896  partmgr - ok
19:18:16.0848 5896  [ 3C6E7D73B0E9BC21D5E4B531AB7EC091 ] Partner Service C:\ProgramData\Partner\partner.exe
19:18:16.0864 5896  Partner Service - ok
19:18:16.0879 5896  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:18:16.0942 5896  Parvdm - ok
19:18:16.0973 5896  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:18:17.0020 5896  PcaSvc - ok
19:18:17.0051 5896  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
19:18:17.0066 5896  pci - ok
19:18:17.0082 5896  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
19:18:17.0113 5896  pciide - ok
19:18:17.0129 5896  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:18:17.0144 5896  pcmcia - ok
19:18:17.0176 5896  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:18:17.0285 5896  PEAUTH - ok
19:18:17.0363 5896  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
19:18:17.0472 5896  pla - ok
19:18:17.0534 5896  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
19:18:17.0566 5896  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
19:18:17.0566 5896  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
19:18:17.0581 5896  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:18:17.0628 5896  PlugPlay - ok
19:18:17.0675 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:18:17.0690 5896  PNRPAutoReg - ok
19:18:17.0737 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:18:17.0768 5896  PNRPsvc - ok
19:18:17.0831 5896  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:18:17.0878 5896  PolicyAgent - ok
19:18:17.0909 5896  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:18:17.0940 5896  PptpMiniport - ok
19:18:17.0971 5896  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
19:18:18.0002 5896  Processor - ok
19:18:18.0034 5896  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:18:18.0065 5896  ProfSvc - ok
19:18:18.0080 5896  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:18:18.0096 5896  ProtectedStorage - ok
19:18:18.0112 5896  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:18:18.0158 5896  PSched - ok
19:18:18.0205 5896  [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service     C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
19:18:18.0221 5896  PST Service ( UnsignedFile.Multi.Generic ) - warning
19:18:18.0221 5896  PST Service - detected UnsignedFile.Multi.Generic (1)
19:18:18.0283 5896  [ E792A7ED13DA7E738294E942C4824860 ] qciusbnet       C:\Windows\system32\DRIVERS\qciusbnet.sys
19:18:18.0299 5896  qciusbnet ( UnsignedFile.Multi.Generic ) - warning
19:18:18.0299 5896  qciusbnet - detected UnsignedFile.Multi.Generic (1)
19:18:18.0314 5896  [ B8CC38880755C7D157ACD9D7742B8A96 ] qciusbser       C:\Windows\system32\DRIVERS\qciusbser.sys
19:18:18.0330 5896  qciusbser ( UnsignedFile.Multi.Generic ) - warning
19:18:18.0330 5896  qciusbser - detected UnsignedFile.Multi.Generic (1)
19:18:18.0377 5896  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:18:18.0408 5896  ql2300 - ok
19:18:18.0470 5896  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:18:18.0486 5896  ql40xx - ok
19:18:18.0517 5896  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
19:18:18.0548 5896  QWAVE - ok
19:18:18.0580 5896  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:18:18.0595 5896  QWAVEdrv - ok
19:18:18.0626 5896  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:18:18.0673 5896  RasAcd - ok
19:18:18.0689 5896  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
19:18:18.0736 5896  RasAuto - ok
19:18:18.0782 5896  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:18:18.0814 5896  Rasl2tp - ok
19:18:18.0845 5896  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
19:18:18.0876 5896  RasMan - ok
19:18:18.0892 5896  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:18:18.0938 5896  RasPppoe - ok
19:18:18.0954 5896  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:18:18.0985 5896  RasSstp - ok
19:18:19.0001 5896  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:18:19.0110 5896  rdbss - ok
19:18:19.0141 5896  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:19.0188 5896  RDPCDD - ok
19:18:19.0235 5896  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
19:18:19.0282 5896  rdpdr - ok
19:18:19.0297 5896  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:18:19.0344 5896  RDPENCDD - ok
19:18:19.0406 5896  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:18:19.0438 5896  RDPWD - ok
19:18:19.0484 5896  [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:18:19.0516 5896  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
19:18:19.0516 5896  RegSrvc - detected UnsignedFile.Multi.Generic (1)
19:18:19.0578 5896  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:18:19.0609 5896  RemoteAccess - ok
19:18:19.0656 5896  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:18:19.0687 5896  RemoteRegistry - ok
19:18:19.0703 5896  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
19:18:19.0734 5896  RpcLocator - ok
19:18:19.0750 5896  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
19:18:19.0796 5896  RpcSs - ok
19:18:19.0796 5896  rrinttaller - ok
19:18:19.0859 5896  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:18:19.0890 5896  rspndr - ok
19:18:19.0937 5896  [ 9B09F336DE36A7A6CA871DE8A7847B65 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
19:18:19.0968 5896  RTSTOR - ok
19:18:19.0984 5896  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
19:18:19.0999 5896  SamSs - ok
19:18:20.0030 5896  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:18:20.0046 5896  sbp2port - ok
19:18:20.0077 5896  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:18:20.0108 5896  SCardSvr - ok
19:18:20.0155 5896  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
19:18:20.0233 5896  Schedule - ok
19:18:20.0311 5896  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:18:20.0342 5896  SCPolicySvc - ok
19:18:20.0374 5896  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:18:20.0436 5896  sdbus - ok
19:18:20.0467 5896  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:18:20.0530 5896  SDRSVC - ok
19:18:20.0561 5896  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:18:20.0623 5896  secdrv - ok
19:18:20.0654 5896  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
19:18:20.0686 5896  seclogon - ok
19:18:20.0717 5896  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
19:18:20.0764 5896  SENS - ok
19:18:20.0795 5896  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:18:20.0873 5896  Serenum - ok
19:18:20.0904 5896  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
19:18:20.0966 5896  Serial - ok
19:18:20.0982 5896  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:18:21.0013 5896  sermouse - ok
19:18:21.0076 5896  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:18:21.0107 5896  SessionEnv - ok
19:18:21.0122 5896  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:18:21.0154 5896  sffdisk - ok
19:18:21.0169 5896  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:18:21.0200 5896  sffp_mmc - ok
19:18:21.0232 5896  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:18:21.0263 5896  sffp_sd - ok
19:18:21.0278 5896  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:18:21.0341 5896  sfloppy - ok
19:18:21.0372 5896  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:18:21.0419 5896  SharedAccess - ok
19:18:21.0466 5896  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:18:21.0528 5896  ShellHWDetection - ok
19:18:21.0559 5896  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:18:21.0575 5896  sisagp - ok
19:18:21.0606 5896  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:18:21.0622 5896  SiSRaid2 - ok
19:18:21.0637 5896  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:18:21.0653 5896  SiSRaid4 - ok
19:18:21.0715 5896  [ AAF57ECD14A1DBD1B023AB26E634DD80 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:18:21.0731 5896  SkypeUpdate - ok
19:18:21.0824 5896  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
19:18:22.0058 5896  slsvc - ok
19:18:22.0090 5896  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:18:22.0121 5896  SLUINotify - ok
19:18:22.0136 5896  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:18:22.0183 5896  Smb - ok
19:18:22.0246 5896  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:18:22.0292 5896  SNMPTRAP - ok
19:18:22.0308 5896  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
19:18:22.0324 5896  spldr - ok
19:18:22.0355 5896  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
19:18:22.0386 5896  Spooler - ok
19:18:22.0511 5896  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS
19:18:22.0542 5896  SRTSP - ok
19:18:22.0604 5896  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS
19:18:22.0620 5896  SRTSPX - ok
19:18:22.0651 5896  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:18:22.0698 5896  srv - ok
19:18:22.0729 5896  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:18:22.0745 5896  srv2 - ok
19:18:22.0760 5896  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:18:22.0807 5896  srvnet - ok
19:18:22.0838 5896  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:18:22.0885 5896  SSDPSRV - ok
19:18:22.0901 5896  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:18:22.0916 5896  SstpSvc - ok
19:18:22.0963 5896  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
19:18:23.0010 5896  stisvc - ok
19:18:23.0041 5896  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:18:23.0057 5896  swenum - ok
19:18:23.0104 5896  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
19:18:23.0150 5896  swprv - ok
19:18:23.0182 5896  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:18:23.0197 5896  Symc8xx - ok
19:18:23.0244 5896  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\Windows\system32\drivers\NAV\1404000.028\SYMDS.SYS
19:18:23.0260 5896  SymDS - ok
19:18:23.0338 5896  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\NAV\1404000.028\SYMEFA.SYS
19:18:23.0384 5896  SymEFA - ok
19:18:23.0431 5896  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
19:18:23.0447 5896  SymEvent - ok
19:18:23.0447 5896  SYMFW - ok
19:18:23.0478 5896  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS
19:18:23.0509 5896  SymIRON - ok
19:18:23.0509 5896  SYMNDISV - ok
19:18:23.0556 5896  [ C834343C3A23DC9BC3AA752F0CAFD04B ] SYMTDIv         C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS
19:18:23.0572 5896  SYMTDIv - ok
19:18:23.0618 5896  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:18:23.0634 5896  Sym_hi - ok
19:18:23.0650 5896  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:18:23.0665 5896  Sym_u3 - ok
19:18:23.0696 5896  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
19:18:23.0743 5896  SysMain - ok
19:18:23.0790 5896  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:18:23.0821 5896  TabletInputService - ok
19:18:23.0852 5896  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:18:23.0884 5896  TapiSrv - ok
19:18:23.0915 5896  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
19:18:23.0946 5896  TBS - ok
19:18:24.0008 5896  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:18:24.0055 5896  Tcpip - ok
19:18:24.0164 5896  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:18:24.0211 5896  Tcpip6 - ok
19:18:24.0258 5896  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:18:24.0289 5896  tcpipreg - ok
19:18:24.0320 5896  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:18:24.0352 5896  TDPIPE - ok
19:18:24.0367 5896  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:18:24.0414 5896  TDTCP - ok
19:18:24.0445 5896  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:18:24.0476 5896  tdx - ok
19:18:24.0508 5896  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:18:24.0523 5896  TermDD - ok
19:18:24.0539 5896  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
19:18:24.0586 5896  TermService - ok
19:18:24.0617 5896  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
19:18:24.0632 5896  Themes - ok
19:18:24.0648 5896  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:18:24.0679 5896  THREADORDER - ok
19:18:24.0710 5896  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
19:18:24.0757 5896  TrkWks - ok
19:18:24.0804 5896  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:18:24.0835 5896  TrustedInstaller - ok
19:18:24.0866 5896  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:24.0913 5896  tssecsrv - ok
19:18:25.0007 5896  [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
19:18:25.0085 5896  TuneUp.UtilitiesSvc - ok
19:18:25.0132 5896  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
19:18:25.0147 5896  TuneUpUtilitiesDrv - ok
19:18:25.0163 5896  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:18:25.0210 5896  tunmp - ok
19:18:25.0241 5896  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:18:25.0272 5896  tunnel - ok
19:18:25.0303 5896  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:18:25.0319 5896  uagp35 - ok
19:18:25.0350 5896  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:18:25.0366 5896  udfs - ok
19:18:25.0412 5896  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:18:25.0490 5896  UI0Detect - ok
19:18:25.0506 5896  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:18:25.0522 5896  uliagpkx - ok
19:18:25.0553 5896  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:18:25.0568 5896  uliahci - ok
19:18:25.0600 5896  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:18:25.0615 5896  UlSata - ok
19:18:25.0631 5896  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:18:25.0662 5896  ulsata2 - ok
19:18:25.0678 5896  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:18:25.0724 5896  umbus - ok
19:18:25.0756 5896  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
19:18:25.0802 5896  upnphost - ok
19:18:25.0818 5896  USBAAPL - ok
19:18:25.0849 5896  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:25.0880 5896  usbccgp - ok
19:18:25.0912 5896  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:18:25.0958 5896  usbcir - ok
19:18:25.0990 5896  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:18:26.0021 5896  usbehci - ok
19:18:26.0052 5896  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:18:26.0083 5896  usbhub - ok
19:18:26.0099 5896  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:18:26.0146 5896  usbohci - ok
19:18:26.0208 5896  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:18:26.0255 5896  usbprint - ok
19:18:26.0286 5896  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:18:26.0317 5896  usbscan - ok
19:18:26.0348 5896  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:26.0380 5896  USBSTOR - ok
19:18:26.0411 5896  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:18:26.0458 5896  usbuhci - ok
19:18:26.0489 5896  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:18:26.0536 5896  usbvideo - ok
19:18:26.0567 5896  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
19:18:26.0598 5896  UxSms - ok
19:18:26.0645 5896  [ 6275822AC454A8A831D063841A4DBB5D ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
19:18:26.0660 5896  UxTuneUp - ok
19:18:26.0707 5896  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
19:18:26.0738 5896  vds - ok
19:18:26.0770 5896  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:26.0801 5896  vga - ok
19:18:26.0816 5896  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:18:26.0863 5896  VgaSave - ok
19:18:26.0879 5896  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:18:26.0910 5896  viaagp - ok
19:18:26.0926 5896  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:18:26.0957 5896  ViaC7 - ok
19:18:26.0988 5896  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
19:18:27.0004 5896  viaide - ok
19:18:27.0035 5896  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:18:27.0050 5896  volmgr - ok
19:18:27.0097 5896  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:18:27.0113 5896  volmgrx - ok
19:18:27.0160 5896  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:18:27.0175 5896  volsnap - ok
19:18:27.0206 5896  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:18:27.0222 5896  vsmraid - ok
19:18:27.0284 5896  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
19:18:27.0347 5896  VSS - ok
19:18:27.0472 5896  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
19:18:27.0534 5896  vToolbarUpdater15.2.0 - ok
19:18:27.0628 5896  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
19:18:27.0659 5896  W32Time - ok
19:18:27.0706 5896  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:18:27.0768 5896  WacomPen - ok
19:18:27.0799 5896  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:18:27.0830 5896  Wanarp - ok
19:18:27.0846 5896  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:18:27.0877 5896  Wanarpv6 - ok
19:18:27.0924 5896  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:18:27.0955 5896  wcncsvc - ok
19:18:28.0002 5896  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:18:28.0018 5896  WcsPlugInService - ok
19:18:28.0064 5896  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
19:18:28.0080 5896  Wd - ok
19:18:28.0111 5896  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
19:18:28.0174 5896  WDC_SAM - ok
19:18:28.0205 5896  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:18:28.0252 5896  Wdf01000 - ok
19:18:28.0283 5896  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:18:28.0330 5896  WdiServiceHost - ok
19:18:28.0330 5896  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:18:28.0361 5896  WdiSystemHost - ok
19:18:28.0408 5896  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
19:18:28.0439 5896  WebClient - ok
19:18:28.0470 5896  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:18:28.0501 5896  Wecsvc - ok
19:18:28.0548 5896  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:18:28.0579 5896  wercplsupport - ok
19:18:28.0610 5896  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:18:28.0626 5896  WerSvc - ok
19:18:28.0673 5896  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:18:28.0782 5896  winachsf - ok
19:18:28.0813 5896  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
19:18:28.0829 5896  winbondcir - ok
19:18:28.0876 5896  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:18:28.0907 5896  WinDefend - ok
19:18:28.0938 5896  WinHttpAutoProxySvc - ok
19:18:28.0985 5896  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:18:29.0016 5896  Winmgmt - ok
19:18:29.0141 5896  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:18:29.0234 5896  WinRM - ok
19:18:29.0297 5896  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:18:29.0344 5896  Wlansvc - ok
19:18:29.0375 5896  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:18:29.0422 5896  WmiAcpi - ok
19:18:29.0468 5896  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:18:29.0515 5896  wmiApSrv - ok
19:18:29.0578 5896  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:18:29.0640 5896  WMPNetworkSvc - ok
19:18:29.0718 5896  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:18:29.0749 5896  WPCSvc - ok
19:18:29.0780 5896  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:18:29.0827 5896  WPDBusEnum - ok
19:18:29.0858 5896  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:18:29.0874 5896  WpdUsb - ok
19:18:29.0968 5896  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:18:30.0014 5896  WPFFontCache_v0400 - ok
19:18:30.0061 5896  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:18:30.0092 5896  ws2ifsl - ok
19:18:30.0124 5896  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
19:18:30.0155 5896  wscsvc - ok
19:18:30.0170 5896  WSearch - ok
19:18:30.0326 5896  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:18:30.0404 5896  wuauserv - ok
19:18:30.0467 5896  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:18:30.0498 5896  WudfPf - ok
19:18:30.0514 5896  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:30.0560 5896  WUDFRd - ok
19:18:30.0592 5896  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:18:30.0623 5896  wudfsvc - ok
19:18:30.0654 5896  ================ Scan global ===============================
19:18:30.0716 5896  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:18:30.0748 5896  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:18:30.0763 5896  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:18:30.0810 5896  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:18:30.0810 5896  [Global] - ok
19:18:30.0810 5896  ================ Scan MBR ==================================
19:18:30.0904 5896  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
19:18:32.0011 5896  \Device\Harddisk0\DR0 - ok
19:18:32.0011 5896  ================ Scan VBR ==================================
19:18:32.0011 5896  [ CD5783D61A1439AC2A83E92986F0ACE7 ] \Device\Harddisk0\DR0\Partition1
19:18:32.0011 5896  \Device\Harddisk0\DR0\Partition1 - ok
19:18:32.0058 5896  [ F689CDF0D867CD316C5D3531BD990EAC ] \Device\Harddisk0\DR0\Partition2
19:18:32.0058 5896  \Device\Harddisk0\DR0\Partition2 - ok
19:18:32.0058 5896  ============================================================
19:18:32.0058 5896  Scan finished
19:18:32.0058 5896  ============================================================
19:18:32.0074 5288  Detected object count: 6
19:18:32.0074 5288  Actual detected object count: 6
19:22:23.0999 5288  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:23.0999 5288  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:23.0999 5288  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:23.0999 5288  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:23.0999 5288  PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:23.0999 5288  PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:23.0999 5288  qciusbnet ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:23.0999 5288  qciusbnet ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:23.0999 5288  qciusbser ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:23.0999 5288  qciusbser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:24.0014 5288  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:24.0014 5288  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:59.0357 5576  Deinitialize success
         
__________________

Alt 20.06.2013, 18:32   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.06.2013, 19:10   #20
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



also es ist die meldung von der avg-firewall gekommen. hab sie deaktiviert, und dann lief alles automatisch weiter.

Code:
ATTFilter
ComboFix 13-06-20.01 - Christian 20.06.2013  19:44:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1726 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Christian\AppData\Roaming\Christianv3.4.2.2.vbs
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-20 bis 2013-06-20  ))))))))))))))))))))))))))))))
.
.
2013-06-20 17:54 . 2013-06-20 17:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-20 17:54 . 2013-06-20 17:59	--------	d-----w-	c:\users\Christian\AppData\Local\temp
2013-06-20 17:54 . 2013-06-20 17:54	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-20 17:02 . 2013-06-20 17:02	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-06-19 22:27 . 2013-06-20 02:51	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-19 20:36 . 2013-06-19 20:36	--------	d-----w-	c:\program files\CCleaner
2013-06-19 19:21 . 2013-06-19 19:21	--------	d-----w-	c:\users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 19:20 . 2013-06-19 19:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-19 19:20 . 2013-06-19 19:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-06-19 19:20 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-18 19:01 . 2013-06-19 18:53	--------	d-----w-	c:\windows\system32\drivers\NAV\1404000.028
2013-06-18 11:28 . 2013-06-18 11:28	--------	d-----w-	c:\windows\system32\drivers\NST\7DD04000.00A
2013-06-14 13:34 . 2013-05-08 04:37	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-14 13:34 . 2013-05-02 04:04	443904	----a-w-	c:\windows\system32\win32spl.dll
2013-06-14 13:34 . 2013-05-02 04:03	37376	----a-w-	c:\windows\system32\printcom.dll
2013-06-13 22:11 . 2013-04-24 01:46	812544	----a-w-	c:\windows\system32\certutil.exe
2013-06-13 22:11 . 2013-04-24 04:00	985600	----a-w-	c:\windows\system32\crypt32.dll
2013-06-13 22:11 . 2013-04-24 04:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-13 22:11 . 2013-04-24 04:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-13 22:11 . 2013-04-24 04:00	41984	----a-w-	c:\windows\system32\certenc.dll
2013-06-13 22:11 . 2013-05-02 22:03	3603832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-13 22:11 . 2013-05-02 22:03	3551096	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-13 22:11 . 2013-04-17 12:30	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-30 21:18 . 2013-05-30 21:18	--------	d-----w-	c:\program files\Common Files\Skype
2013-05-21 18:20 . 2013-05-21 18:20	319488	----a-w-	c:\windows\HideWin.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 02:21 . 2012-03-18 09:46	142496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-11 21:26 . 2012-04-02 14:41	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 21:26 . 2012-03-18 17:12	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-21 18:20 . 2012-03-17 21:41	319456	----a-w-	c:\windows\DIFxAPI.dll
2013-05-20 17:47 . 2012-10-25 07:56	37664	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-04-15 14:20 . 2013-05-15 05:14	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 05:14	37376	----a-w-	c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 05:14	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-23 22:19	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-03-17 21:40	157168	----a-w-	c:\programdata\Partner\partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-05-20 17:47	1991344	----a-w-	c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-20 1991344]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Googlebar.url [2012-12-7 179]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-03-17 21:40	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"EPSON Stylus DX9400F Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "c:\windows\TEMP\E_SC7C9.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"Acer ePower Management"=c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-08-19 26496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-86303293.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-20 19:59
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Motorola Media Link\Lite\NServiceEntry.exe
c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files\Bandoo\Bandoo.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-20  20:04:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-20 18:03
.
Vor Suchlauf: 14 Verzeichnis(se), 34.201.075.712 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 41.884.090.368 Bytes frei
.
- - End Of File - - 9CDBEE693BDB2507CE65CDC68112BA35
BB9D3A6A13C5010348DA7C900BB6AF50
         
und mein avg internet security ist nicht mehr vorhanden. genauso wie meine sidebar.

mehr sehe ich jetzt nicht. ach ja, mußte internet explorer wieder als standard-browser bestätigen


Alt 20.06.2013, 20:20   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Mach bitte ein neues Log mit aswMBR
__________________
--> wss4191.tmp und yontoo

Alt 21.06.2013, 01:47   #22
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-20 21:25:12
-----------------------------
21:25:12.801    OS Version: Windows 6.0.6002 Service Pack 2
21:25:12.801    Number of processors: 2 586 0x170A
21:25:12.801    ComputerName: ZOMBIE  UserName: 
21:25:13.581    Initialize success
21:25:31.131    AVAST engine defs: 13062001
21:25:36.123    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:25:36.123    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
21:25:36.326    Disk 0 MBR read successfully
21:25:36.342    Disk 0 MBR scan
21:25:36.342    Disk 0 unknown MBR code
21:25:36.404    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
21:25:36.435    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147501 MB offset 20973568
21:25:36.482    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       143872 MB offset 323055616
21:25:36.560    Disk 0 Partition 4 00     12  Compaq diag NTFS         3630 MB offset 617705472
21:25:36.716    Disk 0 scanning sectors +625139712
21:25:37.012    Disk 0 scanning C:\Windows\system32\drivers
21:25:53.065    Service scanning
21:26:24.982    Modules scanning
21:26:39.584    Disk 0 trace - called modules:
21:26:39.662    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
21:26:39.678    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8746e620]
21:26:39.678    3 CLASSPNP.SYS[8afa08b3] -> nt!IofCallDriver -> [0x85f433b0]
21:26:39.693    5 acpi.sys[806a36bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f16028]
21:26:40.536    AVAST engine scan C:\Windows
21:26:52.220    AVAST engine scan C:\Windows\system32
21:31:52.364    AVAST engine scan C:\Windows\system32\drivers
21:32:17.277    AVAST engine scan C:\Users\Christian
22:03:28.591    AVAST engine scan C:\ProgramData
22:12:33.608    Scan finished successfully
02:44:26.263    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
02:44:26.263    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"
         

Alt 21.06.2013, 11:25   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.06.2013, 14:43   #24
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Christian on 21.06.2013 at 15:35:11,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\sweetim"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2013 at 15:38:11,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 21/06/2013 um 15:42:07 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Christian - ZOMBIE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Partner Service

***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Red Sky
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Users\Christian\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Christian\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\bandoo\bndhook.dll
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dloejdefkancmfajekobpfoacecnhpgp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [21421 octets] - [21/06/2013 15:42:07]

########## EOF - C:\AdwCleaner[S1].txt - [21482 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 21.06.2013 15:58:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,09% Memory free
6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 38,95 Gb Free Space | 27,04% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 17,50 Gb Free Space | 12,45% Space Free | Partition Type: NTFS
 
Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (rrinttaller) -- C:\Windows\system32\KBDIOASA.exe File not found
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe (Symantec Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (PST Service) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS File not found
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMFW.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found
DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found
DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found
DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found
DRV - (k57nd60x) -- system32\DRIVERS\k57nd60x.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found
DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found
DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130620.017\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130620.017\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1404000.028\symds.sys (Symantec Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1404000.028\srtsp.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1404000.028\symtdiv.sys (Symantec Corporation)
DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1404000.028\ccsetx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1404000.028\ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1404000.028\srtspx.sys (Symantec Corporation)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130620.001\IDSvix86.sys (Symantec Corporation)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (qciusbnet) -- C:\Windows\System32\drivers\qciusbnet.sys (Yota)
DRV - (qciusbser) -- C:\Windows\System32\drivers\qciusbser.sys (Yota)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\ [2013.06.21 15:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com [2012.12.29 16:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\ [2012.10.19 22:23:13 | 000,000,000 | ---D | M]
 
[2012.12.29 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions
[2012.12.29 16:24:09 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions\ffox@bandoo.com
[2012.12.28 22:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
 
O1 HOSTS File: ([2013.06.20 19:59:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP File not found
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [EPSON Stylus DX9400F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: [ScrSav]  File not found
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{953825AE-A4D2-4671-AE71-709636AB8FB8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C20B90ED-AF1B-4DB2-8A95-C308F300E354}: DhcpNameServer = 83.149.24.244 83.149.24.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F670E7BE-CF05-491F-AB7C-F22E3D093A60}: DhcpNameServer = 212.166.64.1 212.166.64.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.21 15:28:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.21 15:28:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.21 15:27:01 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe
[2013.06.20 20:04:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.20 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp
[2013.06.20 19:59:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.06.20 19:42:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.20 19:42:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.20 19:42:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.20 19:42:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.20 19:41:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.20 19:40:09 | 005,081,444 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe
[2013.06.20 19:02:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.06.20 15:30:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe
[2013.06.20 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.19 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\erledigt
[2013.06.19 22:45:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.06.19 22:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.19 21:21:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2013.06.19 21:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.19 21:20:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.19 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.19 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.15 03:02:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.15 03:02:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.15 03:02:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.15 03:02:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.15 03:02:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.15 03:02:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.15 03:02:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.15 03:02:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.14 15:34:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013.06.14 00:11:58 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.14 00:11:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.14 00:11:53 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.14 00:11:52 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.14 00:11:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.05.30 23:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.21 15:44:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 15:44:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 15:44:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.21 15:44:29 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.21 15:42:33 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.21 15:34:01 | 000,648,201 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2013.06.21 15:27:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe
[2013.06.21 15:24:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.21 06:17:26 | 000,239,104 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.20 19:59:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.20 19:40:28 | 005,081,444 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe
[2013.06.20 15:31:53 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe
[2013.06.20 04:55:05 | 000,001,356 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2013.06.19 22:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.06.19 20:54:24 | 002,198,189 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\Cat.DB
[2013.06.19 20:53:15 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\VT20130115.021
[2013.06.19 19:43:40 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.19 19:43:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.19 19:43:40 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.19 19:43:40 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.19 19:01:15 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.19 04:21:01 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.06.19 04:21:01 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.06.19 04:21:01 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.06.16 09:34:32 | 000,000,386 | ---- | M] () -- C:\Users\Christian\Desktop\Filme.lnk
[2013.06.11 23:26:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 23:26:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.04 08:44:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\isolate.ini
[2013.05.31 03:50:15 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NST\7DD04000.00A\isolate.ini
[2013.05.24 04:09:47 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symds.cat
[2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys
[2013.05.23 07:25:28 | 000,007,583 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.cat
[2013.05.23 07:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.inf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.21 15:42:25 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.21 15:34:01 | 000,648,201 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2013.06.20 19:42:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.20 19:42:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.20 19:42:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.20 19:42:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.20 19:42:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.19 19:01:15 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.16 09:34:29 | 000,000,386 | ---- | C] () -- C:\Users\Christian\Desktop\Filme.lnk
[2012.10.18 06:24:14 | 000,001,940 | ---- | C] () -- C:\Users\Christian\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012.09.13 17:10:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.03.18 09:41:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.18 09:40:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.18 08:20:02 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012.03.18 01:35:17 | 000,239,104 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.17 23:41:13 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2012.03.17 23:41:13 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012.03.17 23:41:13 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.03.17 23:38:40 | 000,001,356 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 21.06.2013 15:58:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,09% Memory free
6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 38,95 Gb Free Space | 27,04% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 17,50 Gb Free Space | 12,45% Space Free | Partition Type: NTFS
 
Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD73A1E-741E-4AF6-9BCD-0B8358CC70A5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6BE6929-6642-4AAA-9979-4B9CF7FE0B40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C22316-AB3B-4722-B3C2-B9BA96824656}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{0425EF1B-2DC2-448A-871B-4E4BECE05C19}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{0662F95D-047F-4791-A585-9225F4DA83BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0F1EDBD9-A70F-4D4B-B225-C27437358C1B}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{0F69A0CC-3771-42EA-88B1-CDCFDF8D7B88}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{12A0BBAD-0799-4F05-A074-EDBCBDE89D63}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{1951B165-0BAC-48FE-96FB-A83CEA21C260}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{298B1586-8C60-4C8A-A1FD-BA5FD8404DD8}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftdump.dll | 
"{3430496B-E98D-481A-BDEF-BE8AAE95758E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{34AC874B-EBD0-46BF-B71E-2BA12D4F93CF}" = dir=in | app=c:\program files\motorola media link\lite\mml.exe | 
"{3EB5EE15-943D-4F61-AC0D-E74B3963D21C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{41AC618E-0EAA-460D-A25B-F523B59564C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{42357D3C-60CA-4C33-AD80-8BCA2F972B91}" = dir=in | app=c:\program files\apowersoft\video download capture\videodownloadcapture.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{625DC748-AF7B-499E-86A5-FE77129BF5E2}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{6F76510F-55DD-4E55-BD64-3D091694B3C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{75DF6C8A-9721-420B-95C8-592BFC7C92CE}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | 
"{76768208-7E5F-4099-89DD-EE08335E142C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{7B0EC1FA-8128-4772-9190-FE64AFF2A091}" = dir=in | app=c:\program files\apowersoft\video download capture\video-download-capture.exe | 
"{85EEF39B-5664-48EE-9CAD-2646BFBB5DF3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftsrv.dll | 
"{894AC073-E399-4435-B13F-C38B6A1CE359}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | 
"{8D37EE0D-DF0C-4FFC-AE68-49162188A2E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{91930A40-AC44-4C53-86D0-E6744673989A}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{9695C4A4-4944-426C-A3F7-315398F90864}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{A25B67E1-7831-4902-B3DA-7B1F2BFA7EE3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftplayer.dll | 
"{A4B4287C-1D8B-4F3A-A7CC-080ECBF90909}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B0E4C9B3-2DC4-43B0-BE4D-4185417C6F47}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{B276CEDB-0938-408F-A4A9-6AB0C6885FEB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{C4BFCEB1-CAD9-4EB9-8412-8646C1555D4C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{CE20492F-1F0E-43EC-B5E0-C131FC7A2241}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{D77B2D3A-3337-421F-90B5-F7F9176029BC}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{DD3BB85A-FDFD-4FEF-AAEA-0ABD23A0D060}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F88EB40C-9D41-4894-9606-1E094FA7E90B}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftac.dll | 
"TCP Query User{4393ACD0-89A4-4D55-B02F-1F4EB866C677}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{6C06F792-DE6F-4778-9BA3-0BC4B37DB972}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 
"UDP Query User{2A9B3E17-0FB5-4605-80FF-92BC6CC3868E}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 
"UDP Query User{B4C5656B-57D4-40C6-9CC2-23038CD08064}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V4.3.3
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D732E36A-B0C2-4DFF-8C60-4AC06233B2BC}" = Motorola Mobile Drivers Installation 6.0.0
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.8
"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"CCleaner" = CCleaner
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"Lingoes Translator_is1" = Lingoes 2.8.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"ProInst" = Intel PROSet Wireless
"TreeSize Professional_is1" = TreeSize Professional V5.5
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.06.2013 09:45:45 | Computer Name = Zombie | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.06.2013 09:45:46 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 21.06.2013 09:45:46 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 21.06.2013 09:45:46 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 21.06.2013 09:46:35 | Computer Name = Zombie | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.06.2013 09:46:37 | Computer Name = Zombie | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.06.2013 09:46:37 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         

Alt 21.06.2013, 19:36   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
SRV - (rrinttaller) -- C:\Windows\system32\KBDIOASA.exe File not found
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: [ScrSav]  File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.06.2013, 09:03   #26
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



wo sollte denn der benutzername stehen? in den paar Zeilen, kann ich nichts erkennen.

Alt 22.06.2013, 11:34   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Da steht ja auch "sollte dein Benutzername..."
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.06.2013, 12:02   #28
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Code:
ATTFilter
All processes killed
========== OTL ==========
Service rrinttaller stopped successfully!
Service rrinttaller deleted successfully!
File  C:\Windows\system32\KBDIOASA.exe File not found not found.
Registry value HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christian\Desktop\cmd.bat deleted successfully.
C:\Users\Christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christian
->Temp folder emptied: 90377242 bytes
->Temporary Internet Files folder emptied: 370456546 bytes
->Java cache emptied: 80460 bytes
->Flash cache emptied: 246943369 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 58339 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 58339 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25350 bytes
RecycleBin emptied: 1937431170 bytes
 
Total Files Cleaned = 2.523,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06222013_124144

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 22.06.2013, 12:04   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.06.2013, 14:15   #30
zombie8580
 
wss4191.tmp und yontoo - Standard

wss4191.tmp und yontoo



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.22.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Christian :: ZOMBIE [Administrator]

Schutz: Aktiviert

22.06.2013 13:12:45
MBAM-log-2013-06-22 (15-12-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 370527
Laufzeit: 1 Stunde(n), 58 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\Installer\NERO 7.5.9 + PlugIns + ASPI + Keygen\nero 7 new keygen.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.
H:\Christian\Installer\NERO 7.5.9 + PlugIns + ASPI + Keygen\nero 7 new keygen.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.

(Ende)
         
ergebnis nach vollscan

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=37754102487a7645a1e1a40ea4546293
# engine=14133
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-22 03:27:49
# local_time=2013-06-22 05:27:49 (+0100, Mitteleuropäische Sommerzeit   )
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1040 16777213 100 100 30684 59048853 0 0
# compatibility_mode=3590 16777213 100 90 93974 190933055 0 0
# compatibility_mode=5892 16776574 100 100 20645691 209447597 0 0
# scanned=156022
# found=1
# cleaned=0
# scan_time=7671
sh=40A0193D22A3F750B0FC3D7D4FA75F708E73F3A3 ft=1 fh=64bc18ebab54f4d8 vn="Win32/BHO.OGC trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.06.2013_19.01.07\susp0000\svc0000\tsk0000.dta"
         

Antwort

Themen zu wss4191.tmp und yontoo
1.tmp, compu, computer, deinstalliere, deinstallieren, gefunde, installiere, installieren, lieber, melde, meldung, neu, nichts, probleme, programme, programmen, schicke, starte, super, wenig, yontoo




Ähnliche Themen: wss4191.tmp und yontoo


  1. Pup.Optional.Yontoo
    Plagegeister aller Art und deren Bekämpfung - 26.10.2015 (15)
  2. Yontoo 2.051 entfernen
    Log-Analyse und Auswertung - 15.06.2015 (1)
  3. Yontoo nervt
    Plagegeister aller Art und deren Bekämpfung - 04.04.2015 (16)
  4. Adware/Yontoo.76776
    Log-Analyse und Auswertung - 25.12.2014 (5)
  5. Wie entferne ich Yontoo?
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (10)
  6. Yontoo 2.051
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (9)
  7. Yontoo entfernen
    Anleitungen, FAQs & Links - 31.10.2013 (2)
  8. v9.com und adware yontoo.gen
    Log-Analyse und Auswertung - 07.07.2013 (14)
  9. Sicherheitsrisiko Yontoo
    Antiviren-, Firewall- und andere Schutzprogramme - 26.06.2013 (3)
  10. AdWare.IS.Yontoo.a
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)
  11. Wie werde ich Yontoo los?
    Log-Analyse und Auswertung - 20.05.2013 (7)
  12. Was ist Yontoo 1.10.02 für ein Programm
    Diskussionsforum - 19.05.2013 (4)
  13. Yontoo - ein ernstzunehmender Schädling?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (10)
  14. Yontoo 1.10.02, RootKitAccess
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (55)
  15. Yontoo 2.051 / YontooDesktop.exe*32
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (17)
  16. Yontoo 2.04 and many more..
    Log-Analyse und Auswertung - 01.03.2013 (6)
  17. ADWARE/Yontoo.E.1 gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (15)

Zum Thema wss4191.tmp und yontoo - sobald ich den scan starte, wird die seite weiß und nichts passiert. - wss4191.tmp und yontoo...
Archiv
Du betrachtest: wss4191.tmp und yontoo auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.