wss4191.tmp und yontoo

zombie8580 · 19.06.2013, 21:18

Hallo,

sobald ich den computer neu starte, bekomme ich die Meldung zum installieren von wss4191.tmp von perion. von perion hab ich aber nichts installiert.
desweiteren habe ich in meinen programmen "yontoo" gefunden, daß ich nicht deinstallieren kann.

wäre super, wenn mir jemand helfen könnte.

ich hab schon etwas gelesen, aber ich denke, da ich beide probleme habe, melde ich lieber hier. ach ja, und wie kann ich dann jemanden diese .txt-dateien schicken. dafür kenne ich mich zu wenig damit aus, sorry

cosinus · 19.06.2013, 21:22

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

zombie8580 · 19.06.2013, 21:28

ich habe avg internet security 2013 und norton anti-virus. hab aber nie ne meldung bekommen.

cosinus · 19.06.2013, 21:40

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

zombie8580 · 19.06.2013, 22:03

Code:

ATTFilter

OTL logfile created on: 19.06.2013 22:48:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 39,20% Memory free
6,19 Gb Paging File | 4,05 Gb Available in Paging File | 65,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 32,14 Gb Free Space | 22,31% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 22,42 Gb Free Space | 15,95% Space Free | Partition Type: NTFS
 
Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
PRC - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (rrinttaller) -- C:\Windows\system32\KBDIOASA.exe File not found
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe (Symantec Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (cmd32) -- C:\Windows\System32\NapiNSPd.exe ()
SRV - (Bandoo Coordinator) -- C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (PST Service) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS File not found
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NAV\1008030.006\SYMFW.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found
DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found
DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found
DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found
DRV - (k57nd60x) -- system32\DRIVERS\k57nd60x.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found
DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found
DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1404000.028\symds.sys (Symantec Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1404000.028\srtsp.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1404000.028\symtdiv.sys (Symantec Corporation)
DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1404000.028\ccsetx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1404000.028\ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1404000.028\srtspx.sys (Symantec Corporation)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130618.001\IDSvix86.sys (Symantec Corporation)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (qciusbnet) -- C:\Windows\System32\drivers\qciusbnet.sys (Yota)
DRV - (qciusbser) -- C:\Windows\System32\drivers\qciusbser.sys (Yota)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
 
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={12096131-13C2-442D-AE38-ED64DF40BC0E}&mid=5c5a5a5dbf6647d094f8d16acd837683-34b10f71087b93e4f11146a951b354a2922d70ff&lang=de&ds=AVG&pr=pr&d=2012-10-25 09:56:58&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=SWL&chn=retail&geo=DE&ver=2013&locale=de_DE&tpr=111
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=20.3.0.36
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{7E4C0B80-0109-4672-87D3-9BF3AC158549}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deES475
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={12096131-13C2-442D-AE38-ED64DF40BC0E}&mid=5c5a5a5dbf6647d094f8d16acd837683-34b10f71087b93e4f11146a951b354a2922d70ff&lang=de&ds=AVG&pr=pr&d=2012-10-25 09:56:58&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=SWL&chn=retail&geo=DE&ver=2013&locale=de_DE&tpr=111
IE - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\ [2013.06.19 20:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.20 19:52:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com [2012.12.29 16:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\ [2012.10.19 22:23:13 | 000,000,000 | ---D | M]
 
[2012.12.29 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions
[2012.12.29 16:24:09 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\extensions\ffox@bandoo.com
[2012.12.28 22:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe (AVG Secure Search)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe (AVG Secure Search)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [EPSON Stylus DX9400F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001..\RunOnce: [ScrSav]  File not found
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{953825AE-A4D2-4671-AE71-709636AB8FB8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C20B90ED-AF1B-4DB2-8A95-C308F300E354}: DhcpNameServer = 83.149.24.244 83.149.24.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F670E7BE-CF05-491F-AB7C-F22E3D093A60}: DhcpNameServer = 212.166.64.1 212.166.64.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{871baeaa-7e81-11e1-946f-00238b679f70}\Shell - "" = AutoRun
O33 - MountPoints2\{871baeaa-7e81-11e1-946f-00238b679f70}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 22:45:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.06.19 22:40:31 | 005,081,021 | ---- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe
[2013.06.19 22:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.19 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Check
[2013.06.19 21:21:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2013.06.19 21:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.19 21:20:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.19 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.19 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.15 03:02:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.15 03:02:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.15 03:02:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.15 03:02:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.15 03:02:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.15 03:02:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.15 03:02:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.15 03:02:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.14 15:34:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013.06.14 00:11:58 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.14 00:11:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.14 00:11:53 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.14 00:11:52 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.14 00:11:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.05.30 23:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.21 20:20:20 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 22:47:18 | 005,081,021 | ---- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe
[2013.06.19 22:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.06.19 22:24:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.19 21:42:16 | 000,235,008 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.19 20:54:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 20:54:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 20:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 20:54:24 | 002,198,189 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\Cat.DB
[2013.06.19 20:54:18 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 20:53:15 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\VT20130115.021
[2013.06.19 19:43:40 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.19 19:43:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.19 19:43:40 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.19 19:43:40 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.19 19:01:15 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.19 04:21:01 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.06.19 04:21:01 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.06.19 04:21:01 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.06.16 09:34:32 | 000,000,386 | ---- | M] () -- C:\Users\Christian\Desktop\Filme.lnk
[2013.06.11 23:26:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 23:26:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.04 08:44:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\isolate.ini
[2013.05.31 03:50:15 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NST\7DD04000.00A\isolate.ini
[2013.05.24 04:09:47 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symds.cat
[2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys
[2013.05.23 07:25:28 | 000,007,583 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.cat
[2013.05.23 07:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symefa.inf
[2013.05.21 20:20:47 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2013.05.21 20:20:20 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2013.05.21 18:59:26 | 000,001,356 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1404000.028\symds.sys
[2013.05.21 07:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\symds.inf
[2013.05.21 06:40:20 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1404000.028\srtsp.cat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.19 19:01:15 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.16 09:34:29 | 000,000,386 | ---- | C] () -- C:\Users\Christian\Desktop\Filme.lnk
[2013.05.21 20:30:13 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2012.12.08 14:38:25 | 000,000,800 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Christianv3.4.2.2.vbs
[2012.10.18 06:24:14 | 000,001,940 | ---- | C] () -- C:\Users\Christian\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012.09.13 17:10:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.09.01 19:50:39 | 000,065,024 | ---- | C] () -- C:\Windows\System32\NapiNSPd.exe
[2012.03.18 09:41:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.18 09:40:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.18 08:20:02 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012.03.18 01:35:17 | 000,235,008 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.17 23:41:13 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2012.03.17 23:41:13 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012.03.17 23:41:13 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.03.17 23:38:40 | 000,001,356 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.12 12:35:40 | 000,000,000 | -H-D | M] -- C:\Users\Christian\AppData\Roaming\82BC6C71
[2009.03.12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Acer GameZone Console
[2013.03.03 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apowersoft
[2012.10.25 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVG
[2012.10.25 10:00:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVG2013
[2012.08.18 10:23:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Bandoo
[2012.08.09 20:37:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013.05.31 06:33:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon
[2012.04.07 10:48:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\EPSON
[2012.12.12 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\JAM Software
[2012.12.28 22:43:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\JDownloaderPackages
[2012.09.01 19:52:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Lingoes
[2013.01.21 05:43:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MotoCast
[2013.01.11 14:27:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Motorola
[2013.01.10 19:05:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Motorola Mobility
[2013.01.06 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDF Writer
[2012.12.02 19:12:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2013.06.19 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UseNeXT
[2012.12.08 07:38:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinMedia
[2012.12.24 10:50:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XMedia Recode
[2012.10.27 09:28:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012.10.27 09:28:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.10.27 09:28:48 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 19.06.2013 22:48:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 39,20% Memory free
6,19 Gb Paging File | 4,05 Gb Available in Paging File | 65,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 32,14 Gb Free Space | 22,31% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 22,42 Gb Free Space | 15,95% Space Free | Partition Type: NTFS
 
Computer Name: ZOMBIE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD73A1E-741E-4AF6-9BCD-0B8358CC70A5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6BE6929-6642-4AAA-9979-4B9CF7FE0B40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C22316-AB3B-4722-B3C2-B9BA96824656}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{0425EF1B-2DC2-448A-871B-4E4BECE05C19}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{0662F95D-047F-4791-A585-9225F4DA83BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0F1EDBD9-A70F-4D4B-B225-C27437358C1B}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{0F69A0CC-3771-42EA-88B1-CDCFDF8D7B88}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{12A0BBAD-0799-4F05-A074-EDBCBDE89D63}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{1951B165-0BAC-48FE-96FB-A83CEA21C260}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{298B1586-8C60-4C8A-A1FD-BA5FD8404DD8}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftdump.dll | 
"{3430496B-E98D-481A-BDEF-BE8AAE95758E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{34AC874B-EBD0-46BF-B71E-2BA12D4F93CF}" = dir=in | app=c:\program files\motorola media link\lite\mml.exe | 
"{3EB5EE15-943D-4F61-AC0D-E74B3963D21C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{41AC618E-0EAA-460D-A25B-F523B59564C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{42357D3C-60CA-4C33-AD80-8BCA2F972B91}" = dir=in | app=c:\program files\apowersoft\video download capture\videodownloadcapture.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{625DC748-AF7B-499E-86A5-FE77129BF5E2}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{6F76510F-55DD-4E55-BD64-3D091694B3C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{75DF6C8A-9721-420B-95C8-592BFC7C92CE}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | 
"{76768208-7E5F-4099-89DD-EE08335E142C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{7B0EC1FA-8128-4772-9190-FE64AFF2A091}" = dir=in | app=c:\program files\apowersoft\video download capture\video-download-capture.exe | 
"{85EEF39B-5664-48EE-9CAD-2646BFBB5DF3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftsrv.dll | 
"{894AC073-E399-4435-B13F-C38B6A1CE359}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | 
"{8D37EE0D-DF0C-4FFC-AE68-49162188A2E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{91930A40-AC44-4C53-86D0-E6744673989A}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{9695C4A4-4944-426C-A3F7-315398F90864}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{A25B67E1-7831-4902-B3DA-7B1F2BFA7EE3}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftplayer.dll | 
"{A4B4287C-1D8B-4F3A-A7CC-080ECBF90909}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B0E4C9B3-2DC4-43B0-BE4D-4185417C6F47}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{B276CEDB-0938-408F-A4A9-6AB0C6885FEB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{C4BFCEB1-CAD9-4EB9-8412-8646C1555D4C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{CE20492F-1F0E-43EC-B5E0-C131FC7A2241}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{D77B2D3A-3337-421F-90B5-F7F9176029BC}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{DD3BB85A-FDFD-4FEF-AAEA-0ABD23A0D060}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F88EB40C-9D41-4894-9606-1E094FA7E90B}" = dir=in | app=c:\program files\apowersoft\video download capture\apowersoftac.dll | 
"TCP Query User{4393ACD0-89A4-4D55-B02F-1F4EB866C677}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{6C06F792-DE6F-4778-9BA3-0BC4B37DB972}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 
"UDP Query User{2A9B3E17-0FB5-4605-80FF-92BC6CC3868E}C:\users\christian\desktop\utorrent-3.2.27850.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\utorrent-3.2.27850.exe | 
"UDP Query User{B4C5656B-57D4-40C6-9CC2-23038CD08064}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V4.3.3
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D732E36A-B0C2-4DFF-8C60-4AC06233B2BC}" = Motorola Mobile Drivers Installation 6.0.0
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.8
"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.22
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"Bandoo" = Bandoo
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"CCleaner" = CCleaner
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"Lingoes Translator_is1" = Lingoes 2.8.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"ProInst" = Intel PROSet Wireless
"TreeSize Professional_is1" = TreeSize Professional V5.5
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2655343216-3542076400-2504452006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 12292
Description = 
 
Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 40
Description = 
 
Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 12292
Description = 
 
Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 40
Description = 
 
Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = VSS | ID = 12292
Description = 
 
Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = System Restore | ID = 8193
Description = 
 
Error - 31.05.2013 01:40:16 | Computer Name = Zombie | Source = System Restore | ID = 8210
Description = 
 
Error - 31.05.2013 01:53:15 | Computer Name = Zombie | Source = VSS | ID = 40
Description = 
 
Error - 31.05.2013 01:53:15 | Computer Name = Zombie | Source = VSS | ID = 12292
Description = 
 
Error - 02.06.2013 02:36:11 | Computer Name = Zombie | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.06.2013 09:36:33 | Computer Name = Zombie | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17.06.2013 09:36:37 | Computer Name = Zombie | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17.06.2013 13:35:37 | Computer Name = Zombie | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 18.06.2013 13:03:31 | Computer Name = Zombie | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
 00216B0F626E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 19.06.2013 14:51:14 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 19.06.2013 14:56:01 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 19.06.2013 14:56:01 | Computer Name = Zombie | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 19.06.2013 14:56:01 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.06.2013 14:56:26 | Computer Name = Zombie | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.06.2013 14:56:39 | Computer Name = Zombie | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >

cosinus · 19.06.2013, 22:07

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

zombie8580 · 19.06.2013, 23:12

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-20 00:02:12
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0303 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\agtdypog.sys


---- System - GMER 2.1 ----

SSDT            8A1327F8                                                                                                                                     ZwAlertResumeThread
SSDT            8A1328D8                                                                                                                                     ZwAlertThread
SSDT            8A131480                                                                                                                                     ZwAllocateVirtualMemory
SSDT            8582B788                                                                                                                                     ZwAlpcConnectPort
SSDT            8A133F10                                                                                                                                     ZwAssignProcessToJobObject
SSDT            8A132548                                                                                                                                     ZwCreateMutant
SSDT            8A133C30                                                                                                                                     ZwCreateSymbolicLinkObject
SSDT            8A130130                                                                                                                                     ZwCreateThread
SSDT            8A133FD0                                                                                                                                     ZwDebugActiveProcess
SSDT            8A131650                                                                                                                                     ZwDuplicateObject
SSDT            8A132008                                                                                                                                     ZwFreeVirtualMemory
SSDT            8A132638                                                                                                                                     ZwImpersonateAnonymousToken
SSDT            8A132718                                                                                                                                     ZwImpersonateThread
SSDT            8A1321C8                                                                                                                                     ZwLoadDriver
SSDT            8A132F08                                                                                                                                     ZwMapViewOfSection
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwNotifyChangeKey [0x963DD14A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwNotifyChangeMultipleKeys [0x963DD21A]
SSDT            8A132468                                                                                                                                     ZwOpenEvent
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwOpenProcess [0x963DCD7C]
SSDT            8A131570                                                                                                                                     ZwOpenProcessToken
SSDT            8A1322A8                                                                                                                                     ZwOpenSection
SSDT            8A131740                                                                                                                                     ZwOpenThread
SSDT            8A133E20                                                                                                                                     ZwProtectVirtualMemory
SSDT            8A1329B8                                                                                                                                     ZwResumeThread
SSDT            8A132C58                                                                                                                                     ZwSetContextThread
SSDT            8A132D38                                                                                                                                     ZwSetInformationProcess
SSDT            8A1320E8                                                                                                                                     ZwSetSystemInformation
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwSuspendProcess [0x963DCF6A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwSuspendThread [0x963DD000]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwTerminateProcess [0x963DCE32]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwTerminateThread [0x963DCECE]
SSDT            8A132E28                                                                                                                                     ZwUnmapViewOfSection
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                                                 ZwWriteVirtualMemory [0x963DD09C]
SSDT            8A133D20                                                                                                                                     ZwCreateThreadEx

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                                                                824BB6E8 1 Byte  [F8]
.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                                                                824BB6E8 8 Bytes  [F8, 27, 13, 8A, D8, 28, 13, ...] {CLC ; DAA ; ADC ECX, [EDX-0x75ecd728]}
.text           ntkrnlpa.exe!KeSetEvent + 131                                                                                                                824BB6FC 4 Bytes  [80, 14, 13, 8A] {ADC BYTE [EBX+EDX], 0x8a}
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                                824BB708 4 Bytes  [88, B7, 82, 85]
.text           ntkrnlpa.exe!KeSetEvent + 191                                                                                                                824BB75C 4 Bytes  [10, 3F, 13, 8A]
.text           ...                                                                                                                                          

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ntdll.dll!NtTerminateThread                                             77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] USER32.dll!RecordShutdownReason + 36A                                   76F1B7BE 7 Bytes  JMP 00070930 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!OpenSCManagerA + 125                                       75CD2EB8 7 Bytes  JMP 00070768 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!CloseServiceHandle + AA                                    75CD834F 7 Bytes  JMP 00070210 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                75CF9EAF 7 Bytes  JMP 000705A0 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!CreateServiceW + FF                                        75CF9FB3 7 Bytes  JMP 0007012C 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ControlService + C1                                        75CFA079 7 Bytes  JMP 0007084C 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                             75D36629 7 Bytes  JMP 000703D8 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ControlServiceExA + 10E                                    75D3673C 7 Bytes  JMP 00070048 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!SetServiceObjectSecurity + FB                              75D36DD4 7 Bytes  JMP 00070684 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                 75D36F7C 7 Bytes  JMP 000704BC 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ChangeServiceConfig2W + BB                                 75D3729C 2 Bytes  JMP 000702F4 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[300] ADVAPI32.dll!ChangeServiceConfig2W + BE                                 75D3729F 4 Bytes  [33, 8A, EB, F9]
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ntdll.dll!NtTerminateThread                                                               77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!OpenSCManagerA + 125                                                         75CD2EB8 7 Bytes  JMP 00170768 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!CloseServiceHandle + AA                                                      75CD834F 7 Bytes  JMP 00170210 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                  75CF9EAF 7 Bytes  JMP 001705A0 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!CreateServiceW + FF                                                          75CF9FB3 7 Bytes  JMP 0017012C 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ControlService + C1                                                          75CFA079 7 Bytes  JMP 0017084C 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                               75D36629 7 Bytes  JMP 001703D8 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ControlServiceExA + 10E                                                      75D3673C 7 Bytes  JMP 00170048 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                75D36DD4 7 Bytes  JMP 00170684 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                   75D36F7C 7 Bytes  JMP 001704BC 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                   75D3729C 2 Bytes  JMP 001702F4 
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                   75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }
.text           C:\Users\Christian\Desktop\gmer_2.1.19163.exe[560] USER32.dll!RecordShutdownReason + 36A                                                     76F1B7BE 7 Bytes  JMP 00170930 
.text           C:\Windows\system32\nvvsvc.exe[1088] ntdll.dll!NtTerminateThread                                                                             77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!OpenSCManagerA + 125                                                                       75CD2EB8 7 Bytes  JMP 00060768 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!CloseServiceHandle + AA                                                                    75CD834F 7 Bytes  JMP 00060210 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                                75CF9EAF 7 Bytes  JMP 000605A0 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!CreateServiceW + FF                                                                        75CF9FB3 7 Bytes  JMP 0006012C 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ControlService + C1                                                                        75CFA079 7 Bytes  JMP 0006084C 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                             75D36629 7 Bytes  JMP 000603D8 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ControlServiceExA + 10E                                                                    75D3673C 7 Bytes  JMP 00060048 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                              75D36DD4 7 Bytes  JMP 00060684 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                                 75D36F7C 7 Bytes  JMP 000604BC 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                                 75D3729C 2 Bytes  JMP 000602F4 
.text           C:\Windows\system32\nvvsvc.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                                 75D3729F 4 Bytes  [32, 8A, EB, F9]
.text           C:\Windows\system32\nvvsvc.exe[1088] USER32.dll!RecordShutdownReason + 36A                                                                   76F1B7BE 7 Bytes  JMP 00060930 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ntdll.dll!NtTerminateThread                                                     77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] USER32.dll!RecordShutdownReason + 36A                                           76F1B7BE 7 Bytes  JMP 00070930 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!OpenSCManagerA + 125                                               75CD2EB8 7 Bytes  JMP 00070768 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!CloseServiceHandle + AA                                            75CD834F 7 Bytes  JMP 00070210 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                        75CF9EAF 7 Bytes  JMP 000705A0 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!CreateServiceW + FF                                                75CF9FB3 7 Bytes  JMP 0007012C 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ControlService + C1                                                75CFA079 7 Bytes  JMP 0007084C 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                     75D36629 7 Bytes  JMP 000703D8 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ControlServiceExA + 10E                                            75D3673C 7 Bytes  JMP 00070048 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity + FB                                      75D36DD4 7 Bytes  JMP 00070684 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                         75D36F7C 7 Bytes  JMP 000704BC 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W + BB                                         75D3729C 2 Bytes  JMP 000702F4 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W + BE                                         75D3729F 4 Bytes  [33, 8A, EB, F9]
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ntdll.dll!NtTerminateThread                                                   77AA5374 5 Bytes  JMP 0006004C 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!OpenSCManagerA + 125                                             75CD2EB8 7 Bytes  JMP 00080768 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!CloseServiceHandle + AA                                          75CD834F 7 Bytes  JMP 00080210 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                      75CF9EAF 7 Bytes  JMP 000805A0 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!CreateServiceW + FF                                              75CF9FB3 7 Bytes  JMP 0008012C 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ControlService + C1                                              75CFA079 7 Bytes  JMP 0008084C 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                   75D36629 7 Bytes  JMP 000803D8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ControlServiceExA + 10E                                          75D3673C 7 Bytes  JMP 00080048 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity + FB                                    75D36DD4 7 Bytes  JMP 00080684 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                       75D36F7C 7 Bytes  JMP 000804BC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W + BB                                       75D3729C 2 Bytes  JMP 000802F4 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W + BE                                       75D3729F 4 Bytes  [34, 8A, EB, F9] {XOR AL, 0x8a; JMP 0xfffffffd}
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1656] USER32.dll!RecordShutdownReason + 36A                                         76F1B7BE 7 Bytes  JMP 00080930 
.text           C:\Windows\system32\nvvsvc.exe[1676] ntdll.dll!NtTerminateThread                                                                             77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!OpenSCManagerA + 125                                                                       75CD2EB8 7 Bytes  JMP 00060768 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!CloseServiceHandle + AA                                                                    75CD834F 7 Bytes  JMP 00060210 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                                75CF9EAF 7 Bytes  JMP 000605A0 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!CreateServiceW + FF                                                                        75CF9FB3 7 Bytes  JMP 0006012C 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ControlService + C1                                                                        75CFA079 7 Bytes  JMP 0006084C 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                             75D36629 7 Bytes  JMP 000603D8 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ControlServiceExA + 10E                                                                    75D3673C 7 Bytes  JMP 00060048 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                              75D36DD4 7 Bytes  JMP 00060684 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                                 75D36F7C 7 Bytes  JMP 000604BC 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                                 75D3729C 2 Bytes  JMP 000602F4 
.text           C:\Windows\system32\nvvsvc.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                                 75D3729F 4 Bytes  [32, 8A, EB, F9]
.text           C:\Windows\system32\nvvsvc.exe[1676] USER32.dll!RecordShutdownReason + 36A                                                                   76F1B7BE 7 Bytes  JMP 00060930 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ntdll.dll!NtTerminateThread                                                                  77AA5374 5 Bytes  JMP 0006004C 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!OpenSCManagerA + 125                                                            75CD2EB8 7 Bytes  JMP 00180768 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!CloseServiceHandle + AA                                                         75CD834F 7 Bytes  JMP 00180210 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                     75CF9EAF 7 Bytes  JMP 001805A0 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!CreateServiceW + FF                                                             75CF9FB3 7 Bytes  JMP 0018012C 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ControlService + C1                                                             75CFA079 7 Bytes  JMP 0018084C 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                  75D36629 7 Bytes  JMP 001803D8 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ControlServiceExA + 10E                                                         75D3673C 7 Bytes  JMP 00180048 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                   75D36DD4 7 Bytes  JMP 00180684 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                      75D36F7C 7 Bytes  JMP 001804BC 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                      75D3729C 2 Bytes  JMP 001802F4 
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                      75D3729F 4 Bytes  [44, 8A, EB, F9] {INC ESP; MOV CH, BL; STC }
.text           C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2076] USER32.dll!RecordShutdownReason + 36A                                                        76F1B7BE 7 Bytes  JMP 00180930 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ntdll.dll!NtTerminateThread                                                77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!OpenSCManagerA + 125                                          75CD2EB8 7 Bytes  JMP 00370768 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!CloseServiceHandle + AA                                       75CD834F 7 Bytes  JMP 00370210 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                   75CF9EAF 7 Bytes  JMP 003705A0 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!CreateServiceW + FF                                           75CF9FB3 7 Bytes  JMP 0037012C 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ControlService + C1                                           75CFA079 7 Bytes  JMP 0037084C 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                75D36629 7 Bytes  JMP 003703D8 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ControlServiceExA + 10E                                       75D3673C 7 Bytes  JMP 00370048 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity + FB                                 75D36DD4 7 Bytes  JMP 00370684 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                    75D36F7C 7 Bytes  JMP 003704BC 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W + BB                                    75D3729C 2 Bytes  JMP 003702F4 
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W + BE                                    75D3729F 4 Bytes  [63, 8A, EB, F9]
.text           C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2112] USER32.dll!RecordShutdownReason + 36A                                      76F1B7BE 7 Bytes  JMP 00370930 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ntdll.dll!NtTerminateThread                                                             77AA5374 5 Bytes  JMP 0036004C 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] USER32.dll!RecordShutdownReason + 36A                                                   76F1B7BE 7 Bytes  JMP 00380AF4 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!OpenSCManagerA + 125                                                       75CD2EB8 7 Bytes  JMP 00380768 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!CloseServiceHandle + AA                                                    75CD834F 7 Bytes  JMP 00380210 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                75CF9EAF 7 Bytes  JMP 003805A0 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!CreateServiceW + FF                                                        75CF9FB3 7 Bytes  JMP 0038012C 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ControlService + C1                                                        75CFA079 7 Bytes  JMP 0038084C 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                             75D36629 7 Bytes  JMP 003803D8 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ControlServiceExA + 10E                                                    75D3673C 7 Bytes  JMP 00380048 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity + FB                                              75D36DD4 7 Bytes  JMP 00380684 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                 75D36F7C 7 Bytes  JMP 003804BC 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                 75D3729C 2 Bytes  JMP 003802F4 
.text           C:\Program Files\SweetIM\Messenger\SweetIM.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                 75D3729F 4 Bytes  [64, 8A, EB, F9] {MOV CH, BL; STC }
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ntdll.dll!NtTerminateThread                                                77AA5374 5 Bytes  JMP 0017004C 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!OpenSCManagerA + 125                                          75CD2EB8 7 Bytes  JMP 00190768 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!CloseServiceHandle + AA                                       75CD834F 7 Bytes  JMP 00190210 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                   75CF9EAF 7 Bytes  JMP 001905A0 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!CreateServiceW + FF                                           75CF9FB3 7 Bytes  JMP 0019012C 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ControlService + C1                                           75CFA079 7 Bytes  JMP 0019084C 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                75D36629 7 Bytes  JMP 001903D8 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ControlServiceExA + 10E                                       75D3673C 7 Bytes  JMP 00190048 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity + FB                                 75D36DD4 7 Bytes  JMP 00190684 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                    75D36F7C 7 Bytes  JMP 001904BC 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W + BB                                    75D3729C 2 Bytes  JMP 001902F4 
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W + BE                                    75D3729F 4 Bytes  [45, 8A, EB, F9] {INC EBP; MOV CH, BL; STC }
.text           C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[2148] USER32.dll!RecordShutdownReason + 36A                                      76F1B7BE 7 Bytes  JMP 00190930 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ntdll.dll!NtTerminateThread                                                                 77AA5374 5 Bytes  JMP 00BF004C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!OpenSCManagerA + 125                                                           75CD2EB8 7 Bytes  JMP 00D10768 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!CloseServiceHandle + AA                                                        75CD834F 7 Bytes  JMP 00D10210 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                    75CF9EAF 7 Bytes  JMP 00D105A0 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!CreateServiceW + FF                                                            75CF9FB3 7 Bytes  JMP 00D1012C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ControlService + C1                                                            75CFA079 7 Bytes  JMP 00D1084C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                 75D36629 7 Bytes  JMP 00D103D8 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ControlServiceExA + 10E                                                        75D3673C 7 Bytes  JMP 00D10048 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                  75D36DD4 7 Bytes  JMP 00D10684 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                     75D36F7C 7 Bytes  JMP 00D104BC 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                     75D3729C 2 Bytes  JMP 00D102F4 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                     75D3729F 4 Bytes  [FD, 8A, EB, F9] {STD ; MOV CH, BL; STC }
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2260] USER32.dll!RecordShutdownReason + 36A                                                       76F1B7BE 7 Bytes  JMP 00D10930 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ntdll.dll!NtTerminateThread                                          77AA5374 5 Bytes  JMP 0015004C 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] USER32.dll!RecordShutdownReason + 36A                                76F1B7BE 7 Bytes  JMP 003F0AF4 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!OpenSCManagerA + 125                                    75CD2EB8 7 Bytes  JMP 003F0768 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!CloseServiceHandle + AA                                 75CD834F 7 Bytes  JMP 003F0210 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!AreAllAccessesGranted + 3FD                             75CF9EAF 7 Bytes  JMP 003F05A0 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!CreateServiceW + FF                                     75CF9FB3 7 Bytes  JMP 003F012C 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ControlService + C1                                     75CFA079 7 Bytes  JMP 003F084C 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                          75D36629 7 Bytes  JMP 003F03D8 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ControlServiceExA + 10E                                 75D3673C 7 Bytes  JMP 003F0048 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity + FB                           75D36DD4 7 Bytes  JMP 003F0684 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ChangeServiceConfigA + 1A3                              75D36F7C 7 Bytes  JMP 003F04BC 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W + BB                              75D3729C 2 Bytes  JMP 003F02F4 
.text           C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W + BE                              75D3729F 4 Bytes  [6B, 8A, EB, F9]
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ntdll.dll!NtTerminateThread                           77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] USER32.dll!RecordShutdownReason + 36A                 76F1B7BE 7 Bytes  JMP 00170AF4 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!OpenSCManagerA + 125                     75CD2EB8 7 Bytes  JMP 00170768 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!CloseServiceHandle + AA                  75CD834F 7 Bytes  JMP 00170210 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!AreAllAccessesGranted + 3FD              75CF9EAF 7 Bytes  JMP 001705A0 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!CreateServiceW + FF                      75CF9FB3 7 Bytes  JMP 0017012C 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ControlService + C1                      75CFA079 7 Bytes  JMP 0017084C 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F           75D36629 7 Bytes  JMP 001703D8 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ControlServiceExA + 10E                  75D3673C 7 Bytes  JMP 00170048 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity + FB            75D36DD4 7 Bytes  JMP 00170684 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ChangeServiceConfigA + 1A3               75D36F7C 7 Bytes  JMP 001704BC 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W + BB               75D3729C 2 Bytes  JMP 001702F4 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W + BE               75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ntdll.dll!NtTerminateThread                             77AA5374 5 Bytes  JMP 0016004C 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!OpenSCManagerA + 125                       75CD2EB8 7 Bytes  JMP 00180768 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!CloseServiceHandle + AA                    75CD834F 7 Bytes  JMP 00180210 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!AreAllAccessesGranted + 3FD                75CF9EAF 7 Bytes  JMP 001805A0 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!CreateServiceW + FF                        75CF9FB3 7 Bytes  JMP 0018012C 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ControlService + C1                        75CFA079 7 Bytes  JMP 0018084C 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F             75D36629 7 Bytes  JMP 001803D8 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ControlServiceExA + 10E                    75D3673C 7 Bytes  JMP 00180048 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity + FB              75D36DD4 7 Bytes  JMP 00180684 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ChangeServiceConfigA + 1A3                 75D36F7C 7 Bytes  JMP 001804BC 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W + BB                 75D3729C 2 Bytes  JMP 001802F4 
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W + BE                 75D3729F 4 Bytes  [44, 8A, EB, F9] {INC ESP; MOV CH, BL; STC }
.text           C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2988] USER32.dll!RecordShutdownReason + 36A                   76F1B7BE 7 Bytes  JMP 00180AF4 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ntdll.dll!NtTerminateThread                                                                           77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!OpenSCManagerA + 125                                                                     75CD2EB8 7 Bytes  JMP 00170768 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!CloseServiceHandle + AA                                                                  75CD834F 7 Bytes  JMP 00170210 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                              75CF9EAF 7 Bytes  JMP 001705A0 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!CreateServiceW + FF                                                                      75CF9FB3 7 Bytes  JMP 0017012C 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ControlService + C1                                                                      75CFA079 7 Bytes  JMP 0017084C 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                           75D36629 7 Bytes  JMP 001703D8 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ControlServiceExA + 10E                                                                  75D3673C 7 Bytes  JMP 00170048 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                            75D36DD4 7 Bytes  JMP 00170684 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                               75D36F7C 7 Bytes  JMP 001704BC 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                               75D3729C 2 Bytes  JMP 001702F4 
.text           C:\Windows\system32\IoctlSvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                               75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }
.text           C:\Windows\system32\IoctlSvc.exe[3508] USER32.dll!RecordShutdownReason + 36A                                                                 76F1B7BE 7 Bytes  JMP 00170930 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ntdll.dll!NtTerminateThread                                               77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] USER32.dll!RecordShutdownReason + 36A                                     76F1B7BE 7 Bytes  JMP 00160AF4 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!OpenSCManagerA + 125                                         75CD2EB8 7 Bytes  JMP 00160768 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!CloseServiceHandle + AA                                      75CD834F 7 Bytes  JMP 00160210 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                  75CF9EAF 7 Bytes  JMP 001605A0 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!CreateServiceW + FF                                          75CF9FB3 7 Bytes  JMP 0016012C 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ControlService + C1                                          75CFA079 7 Bytes  JMP 0016084C 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                               75D36629 7 Bytes  JMP 001603D8 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ControlServiceExA + 10E                                      75D3673C 7 Bytes  JMP 00160048 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity + FB                                75D36DD4 7 Bytes  JMP 00160684 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                   75D36F7C 7 Bytes  JMP 001604BC 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + BB                                   75D3729C 2 Bytes  JMP 001602F4 
.text           C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + BE                                   75D3729F 4 Bytes  [42, 8A, EB, F9] {INC EDX; MOV CH, BL; STC }
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ntdll.dll!NtTerminateThread                                             77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!OpenSCManagerA + 125                                       75CD2EB8 7 Bytes  JMP 00170768 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!CloseServiceHandle + AA                                    75CD834F 7 Bytes  JMP 00170210 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                75CF9EAF 7 Bytes  JMP 001705A0 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!CreateServiceW + FF                                        75CF9FB3 7 Bytes  JMP 0017012C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ControlService + C1                                        75CFA079 7 Bytes  JMP 0017084C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                             75D36629 7 Bytes  JMP 001703D8 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ControlServiceExA + 10E                                    75D3673C 7 Bytes  JMP 00170048 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity + FB                              75D36DD4 7 Bytes  JMP 00170684 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                 75D36F7C 7 Bytes  JMP 001704BC 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W + BB                                 75D3729C 2 Bytes  JMP 001702F4 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W + BE                                 75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3652] USER32.dll!RecordShutdownReason + 36A                                   76F1B7BE 7 Bytes  JMP 00170930 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ntdll.dll!NtTerminateThread                                        77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] USER32.dll!RecordShutdownReason + 36A                              76F1B7BE 7 Bytes  JMP 00070930 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!OpenSCManagerA + 125                                  75CD2EB8 7 Bytes  JMP 00070768 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!CloseServiceHandle + AA                               75CD834F 7 Bytes  JMP 00070210 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!AreAllAccessesGranted + 3FD                           75CF9EAF 7 Bytes  JMP 000705A0 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!CreateServiceW + FF                                   75CF9FB3 7 Bytes  JMP 0007012C 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ControlService + C1                                   75CFA079 7 Bytes  JMP 0007084C 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                        75D36629 7 Bytes  JMP 000703D8 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ControlServiceExA + 10E                               75D3673C 7 Bytes  JMP 00070048 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity + FB                         75D36DD4 7 Bytes  JMP 00070684 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ChangeServiceConfigA + 1A3                            75D36F7C 7 Bytes  JMP 000704BC 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W + BB                            75D3729C 2 Bytes  JMP 000702F4 
.text           C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W + BE                            75D3729F 4 Bytes  [33, 8A, EB, F9]
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ntdll.dll!NtTerminateThread                  77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] USER32.dll!RecordShutdownReason + 36A        76F1B7BE 7 Bytes  JMP 00070AF4 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!OpenSCManagerA + 125            75CD2EB8 7 Bytes  JMP 00070768 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!CloseServiceHandle + AA         75CD834F 7 Bytes  JMP 00070210 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!AreAllAccessesGranted + 3FD     75CF9EAF 7 Bytes  JMP 000705A0 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!CreateServiceW + FF             75CF9FB3 7 Bytes  JMP 0007012C 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ControlService + C1             75CFA079 7 Bytes  JMP 0007084C 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F  75D36629 7 Bytes  JMP 000703D8 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ControlServiceExA + 10E         75D3673C 7 Bytes  JMP 00070048 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity + FB   75D36DD4 7 Bytes  JMP 00070684 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ChangeServiceConfigA + 1A3      75D36F7C 7 Bytes  JMP 000704BC 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W + BB      75D3729C 2 Bytes  JMP 000702F4 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W + BE      75D3729F 4 Bytes  [33, 8A, EB, F9]
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ntdll.dll!NtTerminateThread                                                                         77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!OpenSCManagerA + 125                                                                   75CD2EB8 7 Bytes  JMP 00170768 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!CloseServiceHandle + AA                                                                75CD834F 7 Bytes  JMP 00170210 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                            75CF9EAF 7 Bytes  JMP 001705A0 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!CreateServiceW + FF                                                                    75CF9FB3 7 Bytes  JMP 0017012C 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ControlService + C1                                                                    75CFA079 7 Bytes  JMP 0017084C 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                         75D36629 7 Bytes  JMP 001703D8 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ControlServiceExA + 10E                                                                75D3673C 7 Bytes  JMP 00170048 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                          75D36DD4 7 Bytes  JMP 00170684 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                             75D36F7C 7 Bytes  JMP 001704BC 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                             75D3729C 2 Bytes  JMP 001702F4 
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                             75D3729F 4 Bytes  [43, 8A, EB, F9] {INC EBX; MOV CH, BL; STC }
.text           C:\Program Files\Bandoo\Bandoo.exe[3944] USER32.dll!RecordShutdownReason + 36A                                                               76F1B7BE 7 Bytes  JMP 00170930 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ntdll.dll!NtTerminateThread                                                               77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] USER32.dll!RecordShutdownReason + 36A                                                     76F1B7BE 7 Bytes  JMP 00070AF4 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!OpenSCManagerA + 125                                                         75CD2EB8 7 Bytes  JMP 00070768 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!CloseServiceHandle + AA                                                      75CD834F 7 Bytes  JMP 00070210 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                  75CF9EAF 7 Bytes  JMP 000705A0 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!CreateServiceW + FF                                                          75CF9FB3 7 Bytes  JMP 0007012C 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ControlService + C1                                                          75CFA079 7 Bytes  JMP 0007084C 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                               75D36629 7 Bytes  JMP 000703D8 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ControlServiceExA + 10E                                                      75D3673C 7 Bytes  JMP 00070048 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                75D36DD4 7 Bytes  JMP 00070684 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                   75D36F7C 7 Bytes  JMP 000704BC 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                   75D3729C 2 Bytes  JMP 000702F4 
.text           C:\Program Files\AVG Secure Search\vprot.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                   75D3729F 4 Bytes  [33, 8A, EB, F9]
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ntdll.dll!NtTerminateThread                                                                     77AA5374 5 Bytes  JMP 0017004C 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!OpenSCManagerA + 125                                                               75CD2EB8 7 Bytes  JMP 00190768 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!CloseServiceHandle + AA                                                            75CD834F 7 Bytes  JMP 00190210 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                        75CF9EAF 7 Bytes  JMP 001905A0 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!CreateServiceW + FF                                                                75CF9FB3 7 Bytes  JMP 0019012C 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ControlService + C1                                                                75CFA079 7 Bytes  JMP 0019084C 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                     75D36629 7 Bytes  JMP 001903D8 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ControlServiceExA + 10E                                                            75D3673C 7 Bytes  JMP 00190048 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                      75D36DD4 7 Bytes  JMP 00190684 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                         75D36F7C 7 Bytes  JMP 001904BC 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                         75D3729C 2 Bytes  JMP 001902F4 
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                         75D3729F 4 Bytes  [45, 8A, EB, F9] {INC EBP; MOV CH, BL; STC }
.text           C:\Program Files\AVG\AVG2013\avgui.exe[4020] USER32.dll!RecordShutdownReason + 36A                                                           76F1B7BE 7 Bytes  JMP 00190930 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ntdll.dll!NtTerminateThread                                         77AA5374 5 Bytes  JMP 0002004C 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] USER32.dll!RecordShutdownReason + 36A                               76F1B7BE 7 Bytes  JMP 00060AF4 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!OpenSCManagerA + 125                                   75CD2EB8 7 Bytes  JMP 00060768 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!CloseServiceHandle + AA                                75CD834F 7 Bytes  JMP 00060210 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!AreAllAccessesGranted + 3FD                            75CF9EAF 7 Bytes  JMP 000605A0 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!CreateServiceW + FF                                    75CF9FB3 7 Bytes  JMP 0006012C 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ControlService + C1                                    75CFA079 7 Bytes  JMP 0006084C 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                         75D36629 7 Bytes  JMP 000603D8 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ControlServiceExA + 10E                                75D3673C 7 Bytes  JMP 00060048 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!SetServiceObjectSecurity + FB                          75D36DD4 7 Bytes  JMP 00060684 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ChangeServiceConfigA + 1A3                             75D36F7C 7 Bytes  JMP 000604BC 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ChangeServiceConfig2W + BB                             75D3729C 2 Bytes  JMP 000602F4 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4924] ADVAPI32.dll!ChangeServiceConfig2W + BE                             75D3729F 4 Bytes  [32, 8A, EB, F9]
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ntdll.dll!NtTerminateThread                                                                  77AA5374 5 Bytes  JMP 0006004C 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] USER32.dll!RecordShutdownReason + 36A                                                        76F1B7BE 7 Bytes  JMP 000C0048 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!OpenSCManagerA + 125                                                            75CD2EB8 7 Bytes  JMP 000C084A 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!CloseServiceHandle + AA                                                         75CD834F 7 Bytes  JMP 000C02F2 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                     75CF9EAF 7 Bytes  JMP 000C0682 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!CreateServiceW + FF                                                             75CF9FB3 7 Bytes  JMP 000C020E 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ControlService + C1                                                             75CFA079 7 Bytes  JMP 000C092E 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                  75D36629 7 Bytes  JMP 000C04BA 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ControlServiceExA + 10E                                                         75D3673C 7 Bytes  JMP 000C012A 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                   75D36DD4 7 Bytes  JMP 000C0766 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                      75D36F7C 7 Bytes  JMP 000C059E 
.text           C:\Program Files\AVG\AVG2013\avgcfgex.exe[5500] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                      75D3729C 7 Bytes  JMP 000C03D6 

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                      avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                      SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                      avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                      SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                    avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                    SYMTDIV.SYS

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----

zombie8580 · 19.06.2013, 23:18

wenn ich mbar ausführe, bekomme ich diese meldung. was soll ich machen?

cosinus · 19.06.2013, 23:23

da bitte auf nein klicken

zombie8580 · 20.06.2013, 03:57

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.19.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Christian :: ZOMBIE [administrator]

20.06.2013 00:30:42
mbar-log-2013-06-20 (00-30-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 227002
Time elapsed: 1 hour(s), 31 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

es kam keine meldung für einen neustart. soll ich den selbstständig machen?

mir fällt gerade auf, das mein computer langsamer geworden ist, hab aber keine auslastung. es dauert nur ewig, bis die seite lädt oder ich einen ordner öffnen will.
woran liegt das nun?

cosinus · 20.06.2013, 08:30

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

zombie8580 · 20.06.2013, 14:30

Hallo cosinus,

hab meinen computer gerade neu gestartet, die meldung von wss4191.tmp erscheint weiterhin genauso, wie das yontoo in meinen programmen.

wenn du zeit hast, können wir weiter machen.bin heut den ganzen nachmittag zuhause.

cosinus · 20.06.2013, 14:47

Das hab ich ja vor, poste die Logs von aswMBR und tdsskiller bitte

zombie8580 · 20.06.2013, 15:23

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-20 15:42:11
-----------------------------
15:42:11.727    OS Version: Windows 6.0.6002 Service Pack 2
15:42:11.727    Number of processors: 2 586 0x170A
15:42:11.727    ComputerName: ZOMBIE  UserName: 
15:42:12.851    Initialize success
15:42:30.073    AVAST engine defs: 13062001
15:42:33.973    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:42:33.973    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
15:42:34.254    Disk 0 MBR read successfully
15:42:34.254    Disk 0 MBR scan
15:42:34.254    Disk 0 unknown MBR code
15:42:34.301    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
15:42:34.332    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147501 MB offset 20973568
15:42:34.410    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       143872 MB offset 323055616
15:42:34.503    Disk 0 Partition 4 00     12  Compaq diag NTFS         3630 MB offset 617705472
15:42:34.644    Disk 0 scanning sectors +625139712
15:42:35.143    Disk 0 scanning C:\Windows\system32\drivers
15:43:04.206    Service scanning
15:43:11.304    Service cmd32 C:\Windows\system32\NapiNSPd.exe **INFECTED** Win32:Agent-ARFM [Adw]
15:43:33.487    Modules scanning
15:44:05.919    Disk 0 trace - called modules:
15:44:05.997    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
15:44:06.013    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874317e8]
15:44:06.029    3 CLASSPNP.SYS[8afa88b3] -> nt!IofCallDriver -> [0x85f5c6c8]
15:44:06.029    5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f2c028]
15:44:06.621    AVAST engine scan C:\Windows
15:44:11.910    AVAST engine scan C:\Windows\system32
15:45:26.415    File: C:\Windows\system32\NapiNSPd.exe  **INFECTED** Win32:Agent-ARFM [Adw]
15:47:55.520    AVAST engine scan C:\Windows\system32\drivers
15:48:13.195    AVAST engine scan C:\Users\Christian
16:08:01.447    AVAST engine scan C:\ProgramData
16:13:25.287    Scan finished successfully
16:16:54.353    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
16:16:54.369    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"

sorry hab deine nachricht erst später gesehen.

Code:

ATTFilter

16:20:19.0324 3664  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:20:19.0902 3664  ============================================================
16:20:19.0902 3664  Current date / time: 2013/06/20 16:20:19.0902
16:20:19.0902 3664  SystemInfo:
16:20:19.0902 3664  
16:20:19.0902 3664  OS Version: 6.0.6002 ServicePack: 2.0
16:20:19.0902 3664  Product type: Workstation
16:20:19.0902 3664  ComputerName: ZOMBIE
16:20:19.0902 3664  UserName: Christian
16:20:19.0902 3664  Windows directory: C:\Windows
16:20:19.0902 3664  System windows directory: C:\Windows
16:20:19.0902 3664  Processor architecture: Intel x86
16:20:19.0902 3664  Number of processors: 2
16:20:19.0902 3664  Page size: 0x1000
16:20:19.0902 3664  Boot type: Normal boot
16:20:19.0902 3664  ============================================================
16:20:20.0869 3664  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:20:20.0900 3664  ============================================================
16:20:20.0900 3664  \Device\Harddisk0\DR0:
16:20:20.0900 3664  MBR partitions:
16:20:20.0900 3664  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
16:20:20.0900 3664  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000
16:20:20.0900 3664  ============================================================
16:20:20.0962 3664  C: <-> \Device\Harddisk0\DR0\Partition1
16:20:21.0056 3664  D: <-> \Device\Harddisk0\DR0\Partition2
16:20:21.0056 3664  ============================================================
16:20:21.0056 3664  Initialize success
16:20:21.0056 3664  ============================================================
16:20:47.0373 6940  ============================================================
16:20:47.0373 6940  Scan started
16:20:47.0373 6940  Mode: Manual; SigCheck; TDLFS; 
16:20:47.0373 6940  ============================================================
16:20:47.0904 6940  ================ Scan system memory ========================
16:20:47.0904 6940  System memory - ok
16:20:47.0904 6940  ================ Scan services =============================
16:20:48.0044 6940  [ 83A1124BC4D090EC5DE3B11F90AD8AE6 ] A310            C:\Windows\system32\DRIVERS\AVerA310USB.sys
16:20:48.0184 6940  A310 - ok
16:20:48.0216 6940  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:20:48.0247 6940  ACPI - ok
16:20:48.0403 6940  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:20:48.0434 6940  AdobeARMservice - ok
16:20:48.0496 6940  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:20:48.0512 6940  AdobeFlashPlayerUpdateSvc - ok
16:20:48.0559 6940  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:20:48.0590 6940  adp94xx - ok
16:20:48.0621 6940  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:20:48.0652 6940  adpahci - ok
16:20:48.0684 6940  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:20:48.0699 6940  adpu160m - ok
16:20:48.0762 6940  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:20:48.0777 6940  adpu320 - ok
16:20:48.0808 6940  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:20:48.0902 6940  AeLookupSvc - ok
16:20:48.0964 6940  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
16:20:49.0058 6940  AFD - ok
16:20:49.0105 6940  [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
16:20:49.0354 6940  AgereSoftModem - ok
16:20:49.0386 6940  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:20:49.0401 6940  agp440 - ok
16:20:49.0464 6940  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:20:49.0495 6940  aic78xx - ok
16:20:49.0526 6940  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:20:49.0698 6940  ALG - ok
16:20:49.0698 6940  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:20:49.0776 6940  aliide - ok
16:20:49.0791 6940  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:20:49.0807 6940  amdagp - ok
16:20:49.0822 6940  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:20:49.0838 6940  amdide - ok
16:20:49.0900 6940  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:20:49.0947 6940  AmdK7 - ok
16:20:49.0978 6940  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:20:50.0010 6940  AmdK8 - ok
16:20:50.0150 6940  [ 548CCBD8B48FDF7E2435AD6017920A7F ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
16:20:50.0166 6940  Apowersoft_AudioDevice - ok
16:20:50.0197 6940  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:20:50.0306 6940  Appinfo - ok
16:20:50.0353 6940  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
16:20:50.0368 6940  arc - ok
16:20:50.0446 6940  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:20:50.0462 6940  arcsas - ok
16:20:50.0634 6940  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:20:50.0680 6940  AsyncMac - ok
16:20:50.0696 6940  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:20:50.0712 6940  atapi - ok
16:20:50.0790 6940  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:20:50.0868 6940  AudioEndpointBuilder - ok
16:20:50.0899 6940  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:20:50.0914 6940  Audiosrv - ok
16:20:50.0961 6940  [ 0FE7773CD592DAE0CA994BA987F44E85 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6x.sys
16:20:50.0977 6940  Avgfwfd - ok
16:20:51.0117 6940  [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe
16:20:51.0180 6940  avgfws - ok
16:20:51.0367 6940  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
16:20:51.0663 6940  AVGIDSAgent - ok
16:20:51.0726 6940  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
16:20:51.0741 6940  AVGIDSDriver - ok
16:20:51.0772 6940  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
16:20:51.0788 6940  AVGIDSHX - ok
16:20:51.0804 6940  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
16:20:51.0819 6940  AVGIDSShim - ok
16:20:51.0835 6940  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
16:20:51.0850 6940  Avgldx86 - ok
16:20:51.0882 6940  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
16:20:51.0913 6940  Avglogx - ok
16:20:51.0928 6940  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
16:20:51.0944 6940  Avgmfx86 - ok
16:20:51.0944 6940  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
16:20:51.0960 6940  Avgrkx86 - ok
16:20:51.0975 6940  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
16:20:51.0991 6940  Avgtdix - ok
16:20:52.0022 6940  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
16:20:52.0038 6940  avgtp - ok
16:20:52.0069 6940  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
16:20:52.0084 6940  avgwd - ok
16:20:52.0116 6940  [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:20:52.0178 6940  b57nd60x - ok
16:20:52.0350 6940  [ 6F9DD1FDEF97F205B536B64339733225 ] Bandoo Coordinator C:\Program Files\Bandoo\Bandoo.exe
16:20:52.0412 6940  Bandoo Coordinator - ok
16:20:52.0459 6940  [ 31079B3566FA19BDEDBA50EB4009D8F9 ] BDASwCap        C:\Windows\system32\drivers\AVerA310Cap.sys
16:20:52.0506 6940  BDASwCap - ok
16:20:52.0537 6940  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:20:52.0584 6940  Beep - ok
16:20:52.0615 6940  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
16:20:52.0646 6940  BFE - ok
16:20:52.0818 6940  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
16:20:52.0880 6940  BHDrvx86 - ok
16:20:52.0958 6940  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
16:20:53.0005 6940  BITS - ok
16:20:53.0036 6940  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:20:53.0067 6940  blbdrive - ok
16:20:53.0098 6940  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:20:53.0130 6940  bowser - ok
16:20:53.0161 6940  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:20:53.0192 6940  BrFiltLo - ok
16:20:53.0208 6940  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:20:53.0239 6940  BrFiltUp - ok
16:20:53.0270 6940  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:20:53.0301 6940  Browser - ok
16:20:53.0332 6940  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:20:53.0379 6940  Brserid - ok
16:20:53.0442 6940  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:20:53.0488 6940  BrSerWdm - ok
16:20:53.0520 6940  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:20:53.0582 6940  BrUsbMdm - ok
16:20:53.0613 6940  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:20:53.0660 6940  BrUsbSer - ok
16:20:53.0660 6940  BTCFilterService - ok
16:20:53.0676 6940  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:20:53.0754 6940  BTHMODEM - ok
16:20:53.0847 6940  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NAV       C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys
16:20:53.0863 6940  ccSet_NAV - ok
16:20:53.0941 6940  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NST       C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys
16:20:53.0956 6940  ccSet_NST - ok
16:20:53.0988 6940  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:20:54.0019 6940  cdfs - ok
16:20:54.0050 6940  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:20:54.0081 6940  cdrom - ok
16:20:54.0112 6940  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:20:54.0159 6940  CertPropSvc - ok
16:20:54.0175 6940  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:20:54.0222 6940  circlass - ok
16:20:54.0253 6940  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
16:20:54.0268 6940  CLFS - ok
16:20:54.0331 6940  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:20:54.0346 6940  clr_optimization_v2.0.50727_32 - ok
16:20:54.0409 6940  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:20:54.0424 6940  clr_optimization_v4.0.30319_32 - ok
16:20:54.0456 6940  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:20:54.0502 6940  CmBatt - ok
16:20:54.0549 6940  [ A72A36082F3FEA437483B440940D0EAC ] cmd32           C:\Windows\system32\NapiNSPd.exe
16:20:54.0549 6940  Suspicious file (NoAccess): C:\Windows\system32\NapiNSPd.exe. md5: A72A36082F3FEA437483B440940D0EAC
16:20:54.0549 6940  cmd32 ( LockedFile.Multi.Generic ) - warning
16:20:54.0549 6940  cmd32 - detected LockedFile.Multi.Generic (1)
16:20:54.0565 6940  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:20:54.0580 6940  cmdide - ok
16:20:54.0596 6940  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:20:54.0612 6940  Compbatt - ok
16:20:54.0627 6940  COMSysApp - ok
16:20:54.0627 6940  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:20:54.0643 6940  crcdisk - ok
16:20:54.0674 6940  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:20:54.0721 6940  Crusoe - ok
16:20:54.0752 6940  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:20:54.0799 6940  CryptSvc - ok
16:20:54.0846 6940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:20:54.0892 6940  DcomLaunch - ok
16:20:54.0970 6940  [ 59D90B6A7FBC4CC712DD7C5868618480 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
16:20:54.0986 6940  DeviceMonitorService - ok
16:20:55.0002 6940  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:20:55.0048 6940  DfsC - ok
16:20:55.0111 6940  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
16:20:55.0267 6940  DFSR - ok
16:20:55.0282 6940  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:20:55.0329 6940  Dhcp - ok
16:20:55.0345 6940  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
16:20:55.0360 6940  disk - ok
16:20:55.0392 6940  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:20:55.0438 6940  Dnscache - ok
16:20:55.0470 6940  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:20:55.0501 6940  dot3svc - ok
16:20:55.0532 6940  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:20:55.0579 6940  DPS - ok
16:20:55.0610 6940  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:20:55.0641 6940  drmkaud - ok
16:20:55.0672 6940  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:20:55.0719 6940  DXGKrnl - ok
16:20:55.0750 6940  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:20:55.0797 6940  E1G60 - ok
16:20:55.0828 6940  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:20:55.0860 6940  EapHost - ok
16:20:55.0891 6940  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:20:55.0906 6940  Ecache - ok
16:20:55.0984 6940  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:20:56.0000 6940  eeCtrl - ok
16:20:56.0078 6940  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:20:56.0109 6940  ehRecvr - ok
16:20:56.0125 6940  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:20:56.0172 6940  ehSched - ok
16:20:56.0187 6940  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:20:56.0203 6940  ehstart - ok
16:20:56.0234 6940  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:20:56.0265 6940  elxstor - ok
16:20:56.0312 6940  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:20:56.0359 6940  EMDMgmt - ok
16:20:56.0421 6940  [ 4186146FD69EACC966DC755655B91C9C ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
16:20:56.0452 6940  ePowerSvc - ok
16:20:56.0530 6940  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:20:56.0546 6940  EraserUtilRebootDrv - ok
16:20:56.0577 6940  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:20:56.0608 6940  ErrDev - ok
16:20:56.0655 6940  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
16:20:56.0686 6940  EventSystem - ok
16:20:56.0749 6940  [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:20:56.0811 6940  EvtEng ( UnsignedFile.Multi.Generic ) - warning
16:20:56.0811 6940  EvtEng - detected UnsignedFile.Multi.Generic (1)
16:20:56.0858 6940  ew_hwusbdev - ok
16:20:56.0874 6940  ew_usbenumfilter - ok
16:20:56.0920 6940  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
16:20:56.0967 6940  exfat - ok
16:20:57.0014 6940  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:20:57.0045 6940  fastfat - ok
16:20:57.0092 6940  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:20:57.0170 6940  fdc - ok
16:20:57.0201 6940  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:20:57.0232 6940  fdPHost - ok
16:20:57.0248 6940  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:20:57.0295 6940  FDResPub - ok
16:20:57.0326 6940  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:20:57.0342 6940  FileInfo - ok
16:20:57.0357 6940  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:20:57.0404 6940  Filetrace - ok
16:20:57.0420 6940  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:20:57.0451 6940  flpydisk - ok
16:20:57.0482 6940  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:20:57.0498 6940  FltMgr - ok
16:20:57.0560 6940  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
16:20:57.0622 6940  FontCache - ok
16:20:57.0669 6940  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:20:57.0685 6940  FontCache3.0.0.0 - ok
16:20:57.0716 6940  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:20:57.0763 6940  Fs_Rec - ok
16:20:57.0794 6940  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:20:57.0810 6940  gagp30kx - ok
16:20:57.0841 6940  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:20:57.0903 6940  gpsvc - ok
16:20:57.0919 6940  gupdate - ok
16:20:57.0919 6940  gupdatem - ok
16:20:57.0934 6940  gusvc - ok
16:20:57.0966 6940  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:20:58.0012 6940  HdAudAddService - ok
16:20:58.0059 6940  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:20:58.0106 6940  HDAudBus - ok
16:20:58.0153 6940  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:20:58.0215 6940  HidBth - ok
16:20:58.0246 6940  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:20:58.0262 6940  HidIr - ok
16:20:58.0278 6940  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
16:20:58.0324 6940  hidserv - ok
16:20:58.0356 6940  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:20:58.0371 6940  HidUsb - ok
16:20:58.0418 6940  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:20:58.0465 6940  hkmsvc - ok
16:20:58.0512 6940  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:20:58.0527 6940  HpCISSs - ok
16:20:58.0558 6940  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:20:58.0605 6940  HSFHWAZL - ok
16:20:58.0636 6940  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:20:58.0714 6940  HSF_DPV - ok
16:20:58.0746 6940  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:20:58.0792 6940  HTTP - ok
16:20:58.0808 6940  huawei_cdcacm - ok
16:20:58.0839 6940  huawei_cdcecm - ok
16:20:58.0839 6940  huawei_enumerator - ok
16:20:58.0855 6940  huawei_ext_ctrl - ok
16:20:58.0902 6940  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:20:58.0917 6940  i2omp - ok
16:20:58.0964 6940  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:20:58.0995 6940  i8042prt - ok
16:20:59.0026 6940  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:20:59.0042 6940  iaStor - ok
16:20:59.0104 6940  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:20:59.0120 6940  iaStorV - ok
16:20:59.0182 6940  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:20:59.0229 6940  idsvc - ok
16:20:59.0338 6940  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130619.001\IDSvix86.sys
16:20:59.0370 6940  IDSVix86 - ok
16:20:59.0401 6940  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:20:59.0416 6940  iirsp - ok
16:20:59.0448 6940  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:20:59.0510 6940  IKEEXT - ok
16:20:59.0526 6940  IntcAzAudAddService - ok
16:20:59.0541 6940  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:20:59.0557 6940  intelide - ok
16:20:59.0588 6940  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:20:59.0635 6940  intelppm - ok
16:20:59.0650 6940  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:20:59.0697 6940  IPBusEnum - ok
16:20:59.0728 6940  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:20:59.0760 6940  IpFilterDriver - ok
16:20:59.0791 6940  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:20:59.0838 6940  iphlpsvc - ok
16:20:59.0838 6940  IpInIp - ok
16:20:59.0869 6940  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:20:59.0916 6940  IPMIDRV - ok
16:20:59.0931 6940  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:20:59.0962 6940  IPNAT - ok
16:20:59.0962 6940  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
16:20:59.0994 6940  irda - ok
16:21:00.0009 6940  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:21:00.0040 6940  IRENUM - ok
16:21:00.0056 6940  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll
16:21:00.0118 6940  Irmon - ok
16:21:00.0134 6940  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:21:00.0150 6940  isapnp - ok
16:21:00.0181 6940  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:21:00.0196 6940  iScsiPrt - ok
16:21:00.0212 6940  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:21:00.0228 6940  iteatapi - ok
16:21:00.0243 6940  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:21:00.0259 6940  iteraid - ok
16:21:00.0274 6940  k57nd60x - ok
16:21:00.0290 6940  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:21:00.0306 6940  kbdclass - ok
16:21:00.0337 6940  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:21:00.0368 6940  kbdhid - ok
16:21:00.0399 6940  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
16:21:00.0430 6940  KeyIso - ok
16:21:00.0462 6940  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
16:21:00.0508 6940  KMWDFILTER - ok
16:21:00.0571 6940  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:21:00.0602 6940  KSecDD - ok
16:21:00.0649 6940  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:21:00.0696 6940  KtmRm - ok
16:21:00.0727 6940  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys
16:21:00.0758 6940  L1E - ok
16:21:00.0789 6940  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:21:00.0852 6940  LanmanServer - ok
16:21:00.0883 6940  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:21:00.0930 6940  LanmanWorkstation - ok
16:21:00.0976 6940  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:21:00.0992 6940  lltdio - ok
16:21:01.0070 6940  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:21:01.0101 6940  lltdsvc - ok
16:21:01.0132 6940  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:21:01.0179 6940  lmhosts - ok
16:21:01.0195 6940  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:21:01.0210 6940  LSI_FC - ok
16:21:01.0242 6940  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:21:01.0257 6940  LSI_SAS - ok
16:21:01.0288 6940  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:21:01.0304 6940  LSI_SCSI - ok
16:21:01.0320 6940  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
16:21:01.0366 6940  luafv - ok
16:21:01.0382 6940  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:21:01.0398 6940  Mcx2Svc - ok
16:21:01.0429 6940  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:21:01.0444 6940  megasas - ok
16:21:01.0476 6940  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:21:01.0491 6940  MegaSR - ok
16:21:01.0522 6940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
16:21:01.0569 6940  MMCSS - ok
16:21:01.0585 6940  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
16:21:01.0632 6940  Modem - ok
16:21:01.0647 6940  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:21:01.0694 6940  monitor - ok
16:21:01.0694 6940  motandroidusb - ok
16:21:01.0710 6940  motccgp - ok
16:21:01.0710 6940  motccgpfl - ok
16:21:01.0725 6940  motmodem - ok
16:21:01.0803 6940  [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
16:21:01.0819 6940  Motorola Device Manager - ok
16:21:01.0834 6940  MotoSwitchService - ok
16:21:01.0834 6940  Motousbnet - ok
16:21:01.0850 6940  motusbdevice - ok
16:21:01.0866 6940  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:21:01.0881 6940  mouclass - ok
16:21:01.0897 6940  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:21:01.0928 6940  mouhid - ok
16:21:01.0959 6940  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:21:01.0975 6940  MountMgr - ok
16:21:01.0990 6940  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:21:02.0006 6940  mpio - ok
16:21:02.0037 6940  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:21:02.0053 6940  mpsdrv - ok
16:21:02.0115 6940  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:21:02.0162 6940  MpsSvc - ok
16:21:02.0178 6940  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:21:02.0224 6940  Mraid35x - ok
16:21:02.0256 6940  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:21:02.0287 6940  MRxDAV - ok
16:21:02.0349 6940  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:02.0380 6940  mrxsmb - ok
16:21:02.0396 6940  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:02.0427 6940  mrxsmb10 - ok
16:21:02.0443 6940  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:02.0490 6940  mrxsmb20 - ok
16:21:02.0521 6940  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:21:02.0536 6940  msahci - ok
16:21:02.0552 6940  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:21:02.0568 6940  msdsm - ok
16:21:02.0599 6940  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
16:21:02.0630 6940  MSDTC - ok
16:21:02.0646 6940  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:21:02.0677 6940  Msfs - ok
16:21:02.0708 6940  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:21:02.0724 6940  msisadrv - ok
16:21:02.0770 6940  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:21:02.0817 6940  MSiSCSI - ok
16:21:02.0817 6940  msiserver - ok
16:21:02.0833 6940  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:21:02.0880 6940  MSKSSRV - ok
16:21:02.0895 6940  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:02.0926 6940  MSPCLOCK - ok
16:21:02.0942 6940  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:21:02.0973 6940  MSPQM - ok
16:21:03.0004 6940  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:21:03.0020 6940  MsRPC - ok
16:21:03.0051 6940  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:21:03.0067 6940  mssmbios - ok
16:21:03.0082 6940  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:21:03.0098 6940  MSTEE - ok
16:21:03.0129 6940  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
16:21:03.0145 6940  Mup - ok
16:21:03.0176 6940  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
16:21:03.0223 6940  napagent - ok
16:21:03.0238 6940  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:21:03.0285 6940  NativeWifiP - ok
16:21:03.0472 6940  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NAV             C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
16:21:03.0488 6940  NAV - ok
16:21:03.0566 6940  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.016\NAVENG.SYS
16:21:03.0582 6940  NAVENG - ok
16:21:03.0644 6940  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130619.016\NAVEX15.SYS
16:21:03.0691 6940  NAVEX15 - ok
16:21:03.0847 6940  [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:21:03.0878 6940  NBService - ok
16:21:04.0034 6940  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NCO             C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
16:21:04.0050 6940  NCO - ok
16:21:04.0090 6940  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:21:04.0120 6940  NDIS - ok
16:21:04.0170 6940  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:04.0200 6940  NdisTapi - ok
16:21:04.0220 6940  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:04.0250 6940  Ndisuio - ok
16:21:04.0270 6940  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:04.0300 6940  NdisWan - ok
16:21:04.0320 6940  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:21:04.0340 6940  NDProxy - ok
16:21:04.0360 6940  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:21:04.0390 6940  NetBIOS - ok
16:21:04.0420 6940  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:21:04.0460 6940  netbt - ok
16:21:04.0470 6940  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
16:21:04.0490 6940  Netlogon - ok
16:21:04.0550 6940  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:21:04.0610 6940  Netman - ok
16:21:04.0630 6940  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:21:04.0680 6940  netprofm - ok
16:21:04.0710 6940  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:21:04.0730 6940  NetTcpPortSharing - ok
16:21:04.0840 6940  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
16:21:05.0050 6940  NETw5v32 - ok
16:21:05.0100 6940  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:21:05.0120 6940  nfrd960 - ok
16:21:05.0170 6940  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:21:05.0210 6940  NlaSvc - ok
16:21:05.0270 6940  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:21:05.0280 6940  NMIndexingService - ok
16:21:05.0310 6940  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:21:05.0360 6940  Npfs - ok
16:21:05.0380 6940  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
16:21:05.0430 6940  NSCIRDA - ok
16:21:05.0460 6940  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
16:21:05.0510 6940  nsi - ok
16:21:05.0540 6940  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:21:05.0580 6940  nsiproxy - ok
16:21:05.0640 6940  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:21:05.0710 6940  Ntfs - ok
16:21:05.0830 6940  [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
16:21:05.0850 6940  NTI IScheduleSvc - ok
16:21:05.0870 6940  [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr         C:\Windows\system32\Drivers\NTIDrvr.sys
16:21:05.0890 6940  NTIDrvr - ok
16:21:05.0920 6940  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
16:21:05.0970 6940  ntrigdigi - ok
16:21:06.0000 6940  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:21:06.0040 6940  Null - ok
16:21:06.0070 6940  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
16:21:06.0090 6940  NVHDA - ok
16:21:06.0370 6940  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:21:06.0870 6940  nvlddmkm - ok
16:21:06.0910 6940  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:21:06.0930 6940  nvraid - ok
16:21:06.0950 6940  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:21:06.0960 6940  nvstor - ok
16:21:07.0020 6940  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:21:07.0050 6940  nvsvc - ok
16:21:07.0270 6940  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:21:07.0310 6940  nvUpdatusService - ok
16:21:07.0360 6940  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:21:07.0390 6940  nv_agp - ok
16:21:07.0410 6940  NwlnkFlt - ok
16:21:07.0430 6940  NwlnkFwd - ok
16:21:07.0510 6940  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:21:07.0540 6940  odserv - ok
16:21:07.0570 6940  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:21:07.0600 6940  ohci1394 - ok
16:21:07.0630 6940  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:21:07.0650 6940  ose - ok
16:21:07.0690 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:21:07.0730 6940  p2pimsvc - ok
16:21:07.0760 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:21:07.0790 6940  p2psvc - ok
16:21:07.0850 6940  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
16:21:07.0890 6940  Parport - ok
16:21:07.0930 6940  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:21:07.0950 6940  partmgr - ok
16:21:07.0990 6940  [ 3C6E7D73B0E9BC21D5E4B531AB7EC091 ] Partner Service C:\ProgramData\Partner\partner.exe
16:21:08.0000 6940  Partner Service - ok
16:21:08.0010 6940  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:21:08.0070 6940  Parvdm - ok
16:21:08.0110 6940  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:21:08.0150 6940  PcaSvc - ok
16:21:08.0190 6940  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
16:21:08.0210 6940  pci - ok
16:21:08.0230 6940  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
16:21:08.0250 6940  pciide - ok
16:21:08.0260 6940  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:21:08.0280 6940  pcmcia - ok
16:21:08.0320 6940  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:21:08.0400 6940  PEAUTH - ok
16:21:08.0490 6940  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
16:21:08.0580 6940  pla - ok
16:21:08.0620 6940  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
16:21:08.0640 6940  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
16:21:08.0640 6940  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
16:21:08.0670 6940  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:21:08.0700 6940  PlugPlay - ok
16:21:08.0730 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:21:08.0760 6940  PNRPAutoReg - ok
16:21:08.0820 6940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:21:08.0850 6940  PNRPsvc - ok
16:21:08.0920 6940  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:21:08.0960 6940  PolicyAgent - ok
16:21:08.0990 6940  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:21:09.0030 6940  PptpMiniport - ok
16:21:09.0060 6940  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
16:21:09.0090 6940  Processor - ok
16:21:09.0120 6940  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:21:09.0150 6940  ProfSvc - ok
16:21:09.0160 6940  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:21:09.0180 6940  ProtectedStorage - ok
16:21:09.0200 6940  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:21:09.0230 6940  PSched - ok
16:21:09.0300 6940  [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service     C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
16:21:09.0310 6940  PST Service ( UnsignedFile.Multi.Generic ) - warning
16:21:09.0310 6940  PST Service - detected UnsignedFile.Multi.Generic (1)
16:21:09.0370 6940  [ E792A7ED13DA7E738294E942C4824860 ] qciusbnet       C:\Windows\system32\DRIVERS\qciusbnet.sys
16:21:09.0390 6940  qciusbnet ( UnsignedFile.Multi.Generic ) - warning
16:21:09.0390 6940  qciusbnet - detected UnsignedFile.Multi.Generic (1)
16:21:09.0420 6940  [ B8CC38880755C7D157ACD9D7742B8A96 ] qciusbser       C:\Windows\system32\DRIVERS\qciusbser.sys
16:21:09.0430 6940  qciusbser ( UnsignedFile.Multi.Generic ) - warning
16:21:09.0430 6940  qciusbser - detected UnsignedFile.Multi.Generic (1)
16:21:09.0480 6940  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:21:09.0560 6940  ql2300 - ok
16:21:09.0670 6940  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:21:09.0680 6940  ql40xx - ok
16:21:09.0720 6940  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
16:21:09.0740 6940  QWAVE - ok
16:21:09.0750 6940  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:21:09.0770 6940  QWAVEdrv - ok
16:21:09.0810 6940  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:21:09.0860 6940  RasAcd - ok
16:21:09.0890 6940  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
16:21:09.0940 6940  RasAuto - ok
16:21:09.0970 6940  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:10.0000 6940  Rasl2tp - ok
16:21:10.0030 6940  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
16:21:10.0070 6940  RasMan - ok
16:21:10.0090 6940  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:10.0120 6940  RasPppoe - ok
16:21:10.0130 6940  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:21:10.0150 6940  RasSstp - ok
16:21:10.0170 6940  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:21:10.0200 6940  rdbss - ok
16:21:10.0210 6940  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:10.0240 6940  RDPCDD - ok
16:21:10.0310 6940  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:21:10.0360 6940  rdpdr - ok
16:21:10.0390 6940  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:21:10.0430 6940  RDPENCDD - ok
16:21:10.0480 6940  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:21:10.0540 6940  RDPWD - ok
16:21:10.0610 6940  [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:21:10.0660 6940  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
16:21:10.0660 6940  RegSrvc - detected UnsignedFile.Multi.Generic (1)
16:21:10.0700 6940  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:21:10.0730 6940  RemoteAccess - ok
16:21:10.0820 6940  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:21:10.0840 6940  RemoteRegistry - ok
16:21:10.0860 6940  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:21:10.0890 6940  RpcLocator - ok
16:21:10.0920 6940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
16:21:10.0950 6940  RpcSs - ok
16:21:10.0970 6940  rrinttaller - ok
16:21:11.0000 6940  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:21:11.0050 6940  rspndr - ok
16:21:11.0070 6940  [ 9B09F336DE36A7A6CA871DE8A7847B65 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
16:21:11.0100 6940  RTSTOR - ok
16:21:11.0120 6940  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
16:21:11.0140 6940  SamSs - ok
16:21:11.0170 6940  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:21:11.0180 6940  sbp2port - ok
16:21:11.0230 6940  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:21:11.0260 6940  SCardSvr - ok
16:21:11.0380 6940  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
16:21:11.0480 6940  Schedule - ok
16:21:11.0550 6940  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:21:11.0570 6940  SCPolicySvc - ok
16:21:11.0610 6940  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
16:21:11.0640 6940  sdbus - ok
16:21:11.0670 6940  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:21:11.0730 6940  SDRSVC - ok
16:21:11.0740 6940  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:21:11.0810 6940  secdrv - ok
16:21:11.0830 6940  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:21:11.0860 6940  seclogon - ok
16:21:11.0880 6940  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
16:21:11.0910 6940  SENS - ok
16:21:11.0940 6940  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:21:12.0000 6940  Serenum - ok
16:21:12.0020 6940  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
16:21:12.0070 6940  Serial - ok
16:21:12.0370 6940  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:21:12.0400 6940  sermouse - ok
16:21:12.0490 6940  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:21:12.0520 6940  SessionEnv - ok
16:21:12.0550 6940  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:21:12.0570 6940  sffdisk - ok
16:21:12.0610 6940  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:21:12.0640 6940  sffp_mmc - ok
16:21:12.0680 6940  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:21:12.0700 6940  sffp_sd - ok
16:21:12.0730 6940  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:21:12.0790 6940  sfloppy - ok
16:21:12.0830 6940  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:21:12.0880 6940  SharedAccess - ok
16:21:12.0910 6940  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:21:12.0970 6940  ShellHWDetection - ok
16:21:12.0990 6940  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:21:13.0010 6940  sisagp - ok
16:21:13.0040 6940  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:21:13.0050 6940  SiSRaid2 - ok
16:21:13.0080 6940  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:21:13.0100 6940  SiSRaid4 - ok
16:21:13.0140 6940  [ AAF57ECD14A1DBD1B023AB26E634DD80 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:21:13.0150 6940  SkypeUpdate - ok
16:21:13.0260 6940  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
16:21:13.0520 6940  slsvc - ok
16:21:13.0560 6940  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:21:13.0590 6940  SLUINotify - ok
16:21:13.0600 6940  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:21:13.0630 6940  Smb - ok
16:21:13.0680 6940  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:21:13.0720 6940  SNMPTRAP - ok
16:21:13.0740 6940  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
16:21:13.0760 6940  spldr - ok
16:21:13.0790 6940  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
16:21:13.0830 6940  Spooler - ok
16:21:14.0060 6940  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS
16:21:14.0210 6940  SRTSP - ok
16:21:14.0290 6940  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS
16:21:14.0300 6940  SRTSPX - ok
16:21:14.0390 6940  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:21:14.0450 6940  srv - ok
16:21:14.0480 6940  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:21:14.0510 6940  srv2 - ok
16:21:14.0550 6940  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:21:14.0590 6940  srvnet - ok
16:21:14.0620 6940  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:21:14.0650 6940  SSDPSRV - ok
16:21:14.0680 6940  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:21:14.0700 6940  SstpSvc - ok
16:21:14.0740 6940  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
16:21:14.0760 6940  stisvc - ok
16:21:14.0790 6940  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:21:14.0810 6940  swenum - ok
16:21:14.0860 6940  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
16:21:14.0890 6940  swprv - ok
16:21:14.0920 6940  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:21:14.0930 6940  Symc8xx - ok
16:21:14.0980 6940  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\Windows\system32\drivers\NAV\1404000.028\SYMDS.SYS
16:21:15.0000 6940  SymDS - ok
16:21:15.0060 6940  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\NAV\1404000.028\SYMEFA.SYS
16:21:15.0110 6940  SymEFA - ok
16:21:15.0160 6940  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
16:21:15.0170 6940  SymEvent - ok
16:21:15.0180 6940  SYMFW - ok
16:21:15.0210 6940  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS
16:21:15.0230 6940  SymIRON - ok
16:21:15.0240 6940  SYMNDISV - ok
16:21:15.0270 6940  [ C834343C3A23DC9BC3AA752F0CAFD04B ] SYMTDIv         C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS
16:21:15.0290 6940  SYMTDIv - ok
16:21:15.0330 6940  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:21:15.0340 6940  Sym_hi - ok
16:21:15.0360 6940  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:21:15.0380 6940  Sym_u3 - ok
16:21:15.0420 6940  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
16:21:15.0470 6940  SysMain - ok
16:21:15.0520 6940  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:21:15.0540 6940  TabletInputService - ok
16:21:15.0590 6940  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:21:15.0620 6940  TapiSrv - ok
16:21:15.0650 6940  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
16:21:15.0680 6940  TBS - ok
16:21:15.0740 6940  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:21:15.0790 6940  Tcpip - ok
16:21:15.0840 6940  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:21:15.0880 6940  Tcpip6 - ok
16:21:15.0910 6940  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:21:15.0950 6940  tcpipreg - ok
16:21:15.0980 6940  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:21:16.0020 6940  TDPIPE - ok
16:21:16.0050 6940  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:21:16.0080 6940  TDTCP - ok
16:21:16.0110 6940  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:21:16.0150 6940  tdx - ok
16:21:16.0180 6940  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:21:16.0190 6940  TermDD - ok
16:21:16.0220 6940  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
16:21:16.0250 6940  TermService - ok
16:21:16.0280 6940  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
16:21:16.0300 6940  Themes - ok
16:21:16.0320 6940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:21:16.0350 6940  THREADORDER - ok
16:21:16.0380 6940  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:21:16.0430 6940  TrkWks - ok
16:21:16.0480 6940  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:21:16.0510 6940  TrustedInstaller - ok
16:21:16.0560 6940  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:16.0600 6940  tssecsrv - ok
16:21:16.0680 6940  [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
16:21:16.0770 6940  TuneUp.UtilitiesSvc - ok
16:21:16.0820 6940  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
16:21:16.0840 6940  TuneUpUtilitiesDrv - ok
16:21:16.0850 6940  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:21:16.0880 6940  tunmp - ok
16:21:16.0920 6940  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:21:16.0930 6940  tunnel - ok
16:21:16.0960 6940  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:21:16.0980 6940  uagp35 - ok
16:21:17.0010 6940  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:21:17.0030 6940  udfs - ok
16:21:17.0080 6940  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:21:17.0120 6940  UI0Detect - ok
16:21:17.0140 6940  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:21:17.0150 6940  uliagpkx - ok
16:21:17.0170 6940  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:21:17.0190 6940  uliahci - ok
16:21:17.0210 6940  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:21:17.0230 6940  UlSata - ok
16:21:17.0250 6940  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:21:17.0270 6940  ulsata2 - ok
16:21:17.0300 6940  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:21:17.0340 6940  umbus - ok
16:21:17.0400 6940  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:21:17.0440 6940  upnphost - ok
16:21:17.0480 6940  USBAAPL - ok
16:21:17.0500 6940  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:17.0570 6940  usbccgp - ok
16:21:17.0590 6940  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:21:17.0640 6940  usbcir - ok
16:21:17.0670 6940  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:21:17.0710 6940  usbehci - ok
16:21:17.0740 6940  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:21:17.0760 6940  usbhub - ok
16:21:17.0790 6940  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:21:17.0840 6940  usbohci - ok
16:21:17.0890 6940  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:21:17.0950 6940  usbprint - ok
16:21:17.0990 6940  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:21:18.0010 6940  usbscan - ok
16:21:18.0040 6940  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:18.0080 6940  USBSTOR - ok
16:21:18.0110 6940  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:21:18.0160 6940  usbuhci - ok
16:21:18.0200 6940  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:21:18.0240 6940  usbvideo - ok
16:21:18.0270 6940  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
16:21:18.0300 6940  UxSms - ok
16:21:18.0350 6940  [ 6275822AC454A8A831D063841A4DBB5D ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
16:21:18.0370 6940  UxTuneUp - ok
16:21:18.0390 6940  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
16:21:18.0430 6940  vds - ok
16:21:18.0460 6940  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:18.0500 6940  vga - ok
16:21:18.0530 6940  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:21:18.0570 6940  VgaSave - ok
16:21:18.0590 6940  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:21:18.0610 6940  viaagp - ok
16:21:18.0640 6940  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:21:18.0670 6940  ViaC7 - ok
16:21:18.0700 6940  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
16:21:18.0710 6940  viaide - ok
16:21:18.0730 6940  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:21:18.0750 6940  volmgr - ok
16:21:18.0790 6940  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:21:18.0810 6940  volmgrx - ok
16:21:18.0850 6940  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:21:18.0870 6940  volsnap - ok
16:21:18.0900 6940  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:21:18.0920 6940  vsmraid - ok
16:21:18.0970 6940  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
16:21:19.0030 6940  VSS - ok
16:21:19.0160 6940  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
16:21:19.0220 6940  vToolbarUpdater15.2.0 - ok
16:21:19.0280 6940  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
16:21:19.0310 6940  W32Time - ok
16:21:19.0360 6940  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:21:19.0420 6940  WacomPen - ok
16:21:19.0440 6940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:21:19.0490 6940  Wanarp - ok
16:21:19.0530 6940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:21:19.0560 6940  Wanarpv6 - ok
16:21:19.0640 6940  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:21:19.0690 6940  wcncsvc - ok
16:21:19.0740 6940  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:21:19.0760 6940  WcsPlugInService - ok
16:21:19.0800 6940  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
16:21:19.0820 6940  Wd - ok
16:21:19.0870 6940  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
16:21:19.0890 6940  WDC_SAM - ok
16:21:19.0930 6940  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:21:19.0960 6940  Wdf01000 - ok
16:21:20.0000 6940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:21:20.0040 6940  WdiServiceHost - ok
16:21:20.0050 6940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:21:20.0080 6940  WdiSystemHost - ok
16:21:20.0220 6940  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
16:21:20.0260 6940  WebClient - ok
16:21:20.0300 6940  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:21:20.0330 6940  Wecsvc - ok
16:21:20.0360 6940  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:21:20.0390 6940  wercplsupport - ok
16:21:20.0430 6940  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:21:20.0460 6940  WerSvc - ok
16:21:20.0500 6940  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:21:20.0560 6940  winachsf - ok
16:21:20.0610 6940  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
16:21:20.0640 6940  winbondcir - ok
16:21:20.0720 6940  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:21:20.0750 6940  WinDefend - ok
16:21:20.0760 6940  WinHttpAutoProxySvc - ok
16:21:20.0830 6940  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:21:20.0860 6940  Winmgmt - ok
16:21:20.0910 6940  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:21:20.0970 6940  WinRM - ok
16:21:21.0060 6940  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:21:21.0140 6940  Wlansvc - ok
16:21:21.0170 6940  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:21:21.0200 6940  WmiAcpi - ok
16:21:21.0240 6940  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:21:21.0290 6940  wmiApSrv - ok
16:21:21.0440 6940  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:21:21.0500 6940  WMPNetworkSvc - ok
16:21:21.0570 6940  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:21:21.0620 6940  WPCSvc - ok
16:21:21.0660 6940  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:21:21.0710 6940  WPDBusEnum - ok
16:21:21.0750 6940  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:21:21.0760 6940  WpdUsb - ok
16:21:21.0930 6940  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:21:21.0980 6940  WPFFontCache_v0400 - ok
16:21:22.0030 6940  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:21:22.0070 6940  ws2ifsl - ok
16:21:22.0100 6940  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
16:21:22.0140 6940  wscsvc - ok
16:21:22.0150 6940  WSearch - ok
16:21:22.0250 6940  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:21:22.0370 6940  wuauserv - ok
16:21:22.0470 6940  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:21:22.0550 6940  WudfPf - ok
16:21:22.0580 6940  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:22.0620 6940  WUDFRd - ok
16:21:22.0650 6940  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:21:22.0670 6940  wudfsvc - ok
16:21:22.0700 6940  ================ Scan global ===============================
16:21:22.0740 6940  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:21:22.0780 6940  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:21:22.0800 6940  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:21:22.0840 6940  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:21:22.0840 6940  [Global] - ok
16:21:22.0840 6940  ================ Scan MBR ==================================
16:21:22.0940 6940  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
16:21:24.0070 6940  \Device\Harddisk0\DR0 - ok
16:21:24.0070 6940  ================ Scan VBR ==================================
16:21:24.0080 6940  [ CD5783D61A1439AC2A83E92986F0ACE7 ] \Device\Harddisk0\DR0\Partition1
16:21:24.0080 6940  \Device\Harddisk0\DR0\Partition1 - ok
16:21:24.0120 6940  [ F689CDF0D867CD316C5D3531BD990EAC ] \Device\Harddisk0\DR0\Partition2
16:21:24.0120 6940  \Device\Harddisk0\DR0\Partition2 - ok
16:21:24.0120 6940  ============================================================
16:21:24.0120 6940  Scan finished
16:21:24.0120 6940  ============================================================
16:21:24.0130 7220  Detected object count: 7
16:21:24.0130 7220  Actual detected object count: 7
16:22:55.0578 7220  cmd32 ( LockedFile.Multi.Generic ) - skipped by user
16:22:55.0578 7220  cmd32 ( LockedFile.Multi.Generic ) - User select action: Skip 
16:22:55.0578 7220  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:55.0578 7220  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:55.0593 7220  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:55.0593 7220  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:55.0593 7220  PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:55.0593 7220  PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:55.0593 7220  qciusbnet ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:55.0593 7220  qciusbnet ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:55.0593 7220  qciusbser ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:55.0593 7220  qciusbser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:55.0593 7220  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:55.0593 7220  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 20.06.2013, 17:27

Code:

ATTFilter

C:\Windows\system32\NapiNSPd.exe

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

19.06.2013, 23:23	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	wss4191.tmp und yontoo da bitte auf nein klicken __________________ Logfiles bitte immer in CODE-Tags posten

20.06.2013, 14:47	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	wss4191.tmp und yontoo Das hab ich ja vor, poste die Logs von aswMBR und tdsskiller bitte __________________ Logfiles bitte immer in CODE-Tags posten

20.06.2013, 17:27	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	wss4191.tmp und yontoo Code: ATTFilter C:\Windows\system32\NapiNSPd.exe Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen. Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten. __________________ Logfiles bitte immer in CODE-Tags posten

wss4191.tmp und yontoo

Plagegeister aller Art und deren Bekämpfung: wss4191.tmp und yontoo