Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BOO/Whistler gefunden - wie entfernen? bitte kurz helfen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.02.2012, 08:28   #1
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Hi Leute,

seit ein paar Tagen findet mein Avira Antivirus den BOO/whistler auf verschiedenen Laufwerken.
Wie kann ich das Teil schnellstmöglichst und sicher löschen.

Bitte um kurze Hilfe - anbei die Log Datein vom Avira.

Danke schonmal u bis gleich

loco-dubai
Angehängte Dateien
Dateityp: txt virus1.txt (7,3 KB, 178x aufgerufen)
Dateityp: txt virus2.txt (10,9 KB, 144x aufgerufen)
Dateityp: txt virus3.txt (11,0 KB, 144x aufgerufen)

Alt 27.02.2012, 11:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 27.02.2012, 16:08   #3
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Sorry mit dem Code-Tags kam ich nicht zurecht.

Anbei die Logs von den 2 Programmen
__________________
Angehängte Dateien
Dateityp: txt viruslog1.txt (4,4 KB, 178x aufgerufen)
Dateityp: txt viruslog2.txt (747 Bytes, 146x aufgerufen)

Alt 27.02.2012, 20:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Was ist an den CODE-Tags denn nicht zu verstehen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2012, 09:44   #5
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Code:
ATTFilter
 alwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
OWNER :: TOBIASROLLEHOME [administrator]

Protection: Enabled

27.02.2012 10:10:01
mbam-log-2012-02-27 (10-10-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 409099
Time elapsed: 1 hour(s), 18 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{A97CF973-60D0-6DE1-74C4-FD48DF453075} (Trojan.ZbotR.Gen) -> Data: C:\Users\OWNER\AppData\Roaming\Upsyc\orfer.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=607cc8c0-439b-11e1-8f3c-00221558181e) Good: (hxxp://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=607cc8c0-439b-11e1-8f3c-00221558181e) Good: (hxxp://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Documents and Settings\svshost.exe) Good: (Userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\StartSearch plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.

(end)
         


Alt 28.02.2012, 09:45   #6
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=34ba86f737bf054a857602a8c1113aa3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-27 02:50:08
# local_time=2012-02-27 03:50:08 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 621419 621419 0 0
# compatibility_mode=5892 16776573 100 100 62220 167877739 0 0
# compatibility_mode=8192 67108863 100 0 3793 3793 0 0
# scanned=335818
# found=0
# cleaned=0
# scan_time=9170
         

Alt 28.02.2012, 10:02   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2012, 11:05   #8
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Code:
ATTFilter
OTL logfile created on: 28.02.2012 10:35:52 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\OWNER\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,21% Memory free
6,23 Gb Paging File | 4,41 Gb Available in Paging File | 70,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,21 Gb Total Space | 379,97 Gb Free Space | 82,93% Space Free | Partition Type: NTFS
Drive D: | 7,55 Gb Total Space | 0,99 Gb Free Space | 13,12% Space Free | Partition Type: NTFS
 
Computer Name: TOBIASROLLEHOME | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.28 10:32:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Downloads\OTL.exe
PRC - [2012.02.27 08:03:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.20 09:47:31 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.11 15:06:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 15:06:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 15:06:20 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.10.11 15:06:18 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 15:06:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.23 16:58:36 | 000,093,696 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlaui.exe
PRC - [2011.05.23 16:25:44 | 000,028,672 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlartd.exe
PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.06.15 07:52:08 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.08.04 15:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2008.08.01 08:47:20 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.09 21:07:58 | 000,914,808 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.09.23 07:58:42 | 000,163,840 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.27 08:03:02 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.02.20 09:13:55 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2ddd7acbd58ff39deff6c5cd732e1474\System.Deployment.ni.dll
MOD - [2012.02.20 09:13:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012.02.20 09:13:52 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0ac84704dce924c06b1913f7c75e6fde\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012.02.20 09:13:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.20 09:13:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.20 09:13:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012.02.20 09:13:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012.02.20 09:12:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012.02.20 09:12:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2012.01.03 21:54:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Weblink.DEU
MOD - [2011.12.09 10:36:40 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.30 10:01:48 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011.05.23 17:11:16 | 000,050,992 | ---- | M] () -- c:\blp\API\dde\bbloader.dll
MOD - [2011.05.23 17:02:16 | 000,106,496 | ---- | M] () -- c:\blp\API\Office Tools\FieldServiceDesktopSchemaV8.XmlSerializers.dll
MOD - [2011.05.23 17:01:58 | 000,389,120 | ---- | M] () -- c:\blp\API\Office Tools\Bloomberg.OfficeTools.DataModel.Schemas.XmlSerializers.dll
MOD - [2011.05.23 16:46:26 | 000,069,632 | ---- | M] () -- c:\blp\API\Office Tools\BlissAdaptor.XmlSerializers.dll
MOD - [2011.05.23 16:45:06 | 000,196,608 | ---- | M] () -- c:\blp\API\Office Tools\Microsoft.ApplicationBlocks.UIProcess.dll
MOD - [2011.05.23 16:44:02 | 000,065,536 | ---- | M] () -- c:\blp\API\Office Tools\FavoriteFieldsServiceSchema.XmlSerializers.dll
MOD - [2009.10.03 01:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 01:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.06.25 22:30:48 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.02.27 16:41:26 | 000,011,264 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\pddom.DEU
MOD - [2009.02.27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2008.08.04 15:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
MOD - [2008.08.04 15:29:12 | 000,114,688 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPToolkit.dll
MOD - [2008.08.04 15:29:12 | 000,057,344 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2008.08.04 15:29:12 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\Enumeration.dll
MOD - [2008.08.04 15:28:54 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPTools.dll
MOD - [2008.08.04 15:28:52 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll
MOD - [2008.08.01 08:47:02 | 000,102,400 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2008.08.01 08:47:00 | 000,552,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
MOD - [2008.08.01 08:46:36 | 000,593,920 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2008.08.01 08:46:30 | 000,126,976 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2008.08.01 08:46:30 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2008.08.01 08:46:30 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll
MOD - [2008.08.01 08:46:28 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPStreamsInterface.dll
MOD - [2008.08.01 08:46:26 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
MOD - [2008.07.31 13:37:06 | 000,086,016 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005.09.23 07:58:32 | 000,163,840 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.CustomLayout.dll
MOD - [2005.09.23 07:58:28 | 000,196,608 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.Medical.dll
MOD - [2005.09.23 07:58:26 | 000,253,952 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.AppHint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.20 09:47:31 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 15:06:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 15:06:20 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.11 15:06:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.09 21:07:58 | 000,914,808 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.09.27 11:17:00 | 000,155,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\MtxDrvService.exe -- (MtxDrvService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.20 09:47:34 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 15:06:39 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:06:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.14 23:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.02.26 06:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008.01.21 03:23:28 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.09 21:02:34 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007.08.28 13:44:56 | 000,088,064 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATTchDrv.sys -- (FLMckUsb)
DRV - [2007.07.16 22:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007.07.16 22:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007.01.26 07:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.11.02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005.09.27 11:13:00 | 001,028,864 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MTXPARM.sys -- (MTXPAR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 24 63 AD 9A 05 CC 01  [binary data]
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}:1.1
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.27 08:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 13:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.08 13:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.03.14 22:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Extensions
[2011.03.14 22:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.19 15:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions
[2012.01.20 20:17:43 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}
[2011.04.30 14:37:17 | 000,000,000 | ---D | M] (vShare) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar
[2012.01.20 20:17:38 | 000,000,792 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml
[2012.02.19 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.27 08:03:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.19 13:14:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.27 08:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.27 08:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=607cc8c0-439b-11e1-8f3c-00221558181e&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: VshareComplete plugin for chrome = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: vshare plugin = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: TV for Google Chrome\u2122 = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk SE] C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()
O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914CF204-BB59-4A13-AAF8-04FC46F20E60}: DhcpNameServer = 80.227.2.3 80.227.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B29C7892-224C-4C46-ABED-5A51DEBC5675}: DhcpNameServer = 213.132.63.25 80.227.2.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell - "" = AutoRun
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\AutoRun\command - "" = J:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\install\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\Shell\AutoRun\command - "" = K:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.27 13:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.27 10:08:58 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Malwarebytes
[2012.02.27 10:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.27 10:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.27 10:08:28 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.27 10:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.20 09:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.02.20 09:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.02.20 09:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.02.20 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Avira
[2012.02.20 09:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.20 09:40:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.20 09:40:29 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.20 09:40:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.20 09:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.20 09:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.20 09:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.02.19 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.02.19 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.02.19 15:00:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.02.19 13:22:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.02.19 13:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.13 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Upsyc
[2012.02.13 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Izva
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.28 10:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.28 10:10:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job
[2012.02.28 08:59:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.28 08:59:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.28 00:10:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job
[2012.02.28 00:02:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.28 00:02:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 13:12:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jxle.sys
[2012.02.27 10:08:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.27 08:08:11 | 000,619,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.27 08:08:11 | 000,108,826 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.27 08:02:27 | 000,002,032 | ---- | M] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat
[2012.02.27 08:02:12 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.20 09:47:34 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.20 09:43:39 | 000,001,081 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012.02.20 09:43:39 | 000,001,057 | ---- | M] () -- C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk
[2012.02.20 09:41:28 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.20 09:09:38 | 000,308,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.20 08:36:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.02.20 08:35:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.02.19 13:18:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.02.16 04:13:15 | 000,002,044 | ---- | M] () -- C:\Users\OWNER\Desktop\Google Chrome.lnk
[2012.02.16 04:13:15 | 000,002,006 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.02.16 03:05:29 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
 
========== Files Created - No Company Name ==========
 
[2012.02.27 13:12:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jxle.sys
[2012.02.27 10:08:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.20 09:43:39 | 000,001,081 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012.02.20 09:43:39 | 000,001,057 | ---- | C] () -- C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk
[2012.02.20 09:41:28 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.20 08:36:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.02.20 08:35:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.02.19 13:18:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.02.19 13:18:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.02.16 03:05:29 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.11.27 07:13:17 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.11.27 07:11:06 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.10.25 07:37:18 | 000,006,656 | ---- | C] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Image Zone Express
[2012.02.18 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Izva
[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Printer Info Cache
[2012.02.07 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\TeamViewer
[2011.03.14 22:04:44 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Thunderbird
[2012.02.16 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Upsyc
[2012.01.20 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\VshareComplete
[2012.02.26 21:00:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.14 08:53:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Adobe
[2012.02.20 09:42:03 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Avira
[2009.06.15 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Google
[2011.12.08 08:40:34 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\HP
[2009.05.25 07:25:02 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Identities
[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Image Zone Express
[2012.02.18 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Izva
[2009.05.25 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Macromedia
[2012.02.27 10:08:58 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Malwarebytes
[2012.02.13 20:23:31 | 000,000,000 | --SD | M] -- C:\Users\OWNER\AppData\Roaming\Microsoft
[2009.05.25 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Mozilla
[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Printer Info Cache
[2012.02.28 10:35:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Skype
[2012.02.28 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\skypePM
[2012.02.07 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\TeamViewer
[2011.03.14 22:04:44 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Thunderbird
[2012.02.16 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Upsyc
[2012.02.04 17:55:03 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\vlc
[2012.01.20 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\VshareComplete
[2009.06.15 18:26:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.03.29 08:31:11 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\OWNER\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.18 03:53:00 | 000,091,128 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\VshareComplete\KeepMeUpdated.exe
[2011.12.18 03:53:00 | 000,091,128 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\VshareComplete\64\KeepMeUpdated.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 19:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.01.25 20:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvrd32.inf_e2a5b24c\nvstor32.sys
[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\hp\DRIVERS\nvidia_storage\nvstor32.sys
[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows.old\Windows\System32\drivers\nvstor32.sys
[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b55bb8a8\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Alt 28.02.2012, 12:59   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 24 63 AD 9A 05 CC 01  [binary data]
IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
[2012.01.20 20:17:43 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}
[2011.04.30 14:37:17 | 000,000,000 | ---D | M] (vShare) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar
[2012.01.20 20:17:38 | 000,000,792 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=607cc8c0-439b-11e1-8f3c-00221558181e&q={searchTerms}
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()
O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell - "" = AutoRun
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\AutoRun\command - "" = J:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\install\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\Shell\AutoRun\command - "" = K:\Menu.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2012, 13:32   #10
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: vshare@toolbar:1.0.2 removed from extensions.enabledItems
Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\defaults\preferences folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\defaults folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\chrome\content folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\chrome folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a} folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar folder moved successfully.
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
C:\Program Files\vShare\vshare_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222f31fb-a14e-4af2-bb14-997f28294370}\ deleted successfully.
C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CLRHost deleted successfully.
C:\blp\API\Office Tools\bbxlcmd.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ deleted successfully.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.
File J:\SETUP.EXE /AUTORUN not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\ not found.
File K:\Menu.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: OWNER
->Temp folder emptied: 197407427 bytes
->Temporary Internet Files folder emptied: 66359629 bytes
->Java cache emptied: 134963781 bytes
->FireFox cache emptied: 845821488 bytes
->Google Chrome cache emptied: 38534855 bytes
->Flash cache emptied: 134469 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 147030 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.224,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02282012_130909

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 28.02.2012, 13:33   #11
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Zur Info: Im Zuge des Neustarts war Avira wieder mit den üblichen Viruswarnungen parat. "BOO/whistler was found ......"

Alt 28.02.2012, 13:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2012, 13:50   #13
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Code:
ATTFilter
13:46:03.0190 2712	TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
13:46:03.0765 2712	============================================================
13:46:03.0765 2712	Current date / time: 2012/02/28 13:46:03.0765
13:46:03.0765 2712	SystemInfo:
13:46:03.0765 2712	
13:46:03.0765 2712	OS Version: 6.0.6002 ServicePack: 2.0
13:46:03.0765 2712	Product type: Workstation
13:46:03.0765 2712	ComputerName: TOBIASROLLEHOME
13:46:03.0765 2712	UserName: OWNER
13:46:03.0765 2712	Windows directory: C:\Windows
13:46:03.0765 2712	System windows directory: C:\Windows
13:46:03.0765 2712	Processor architecture: Intel x86
13:46:03.0765 2712	Number of processors: 2
13:46:03.0765 2712	Page size: 0x1000
13:46:03.0765 2712	Boot type: Normal boot
13:46:03.0765 2712	============================================================
13:46:04.0512 2712	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:46:04.0524 2712	\Device\Harddisk0\DR0:
13:46:04.0524 2712	MBR used
13:46:04.0524 2712	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x394698A8
13:46:04.0524 2712	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x394698E7, BlocksNum 0xF1B35A
13:46:04.0596 2712	Initialize success
13:46:04.0596 2712	============================================================
13:46:47.0490 5412	============================================================
13:46:47.0490 5412	Scan started
13:46:47.0490 5412	Mode: Manual; SigCheck; TDLFS; 
13:46:47.0490 5412	============================================================
13:46:48.0055 5412	3xHybrid        (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys
13:46:48.0233 5412	3xHybrid - ok
13:46:48.0359 5412	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:46:48.0374 5412	ACPI - ok
13:46:48.0417 5412	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:46:48.0437 5412	adp94xx - ok
13:46:48.0513 5412	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:46:48.0528 5412	adpahci - ok
13:46:48.0546 5412	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:46:48.0557 5412	adpu160m - ok
13:46:48.0573 5412	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:46:48.0585 5412	adpu320 - ok
13:46:48.0724 5412	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:46:48.0800 5412	AFD - ok
13:46:48.0849 5412	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:46:48.0859 5412	agp440 - ok
13:46:48.0899 5412	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:46:48.0910 5412	aic78xx - ok
13:46:48.0948 5412	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:46:48.0956 5412	aliide - ok
13:46:48.0996 5412	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:46:49.0005 5412	amdagp - ok
13:46:49.0093 5412	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:46:49.0122 5412	amdide - ok
13:46:49.0155 5412	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:46:49.0213 5412	AmdK7 - ok
13:46:49.0236 5412	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:46:49.0276 5412	AmdK8 - ok
13:46:49.0399 5412	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:46:49.0409 5412	arc - ok
13:46:49.0441 5412	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:46:49.0450 5412	arcsas - ok
13:46:49.0489 5412	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:46:49.0538 5412	AsyncMac - ok
13:46:49.0576 5412	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:46:49.0585 5412	atapi - ok
13:46:49.0687 5412	atikmdag        (c6eec3603b6d66d0f5a2edd430d338b3) C:\Windows\system32\DRIVERS\atikmdag.sys
13:46:49.0848 5412	atikmdag - ok
13:46:49.0937 5412	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
13:46:49.0965 5412	avgntflt - ok
13:46:49.0985 5412	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
13:46:49.0994 5412	avipbb - ok
13:46:50.0008 5412	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:46:50.0016 5412	avkmgr - ok
13:46:50.0051 5412	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:46:50.0118 5412	Beep - ok
13:46:50.0168 5412	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:46:50.0227 5412	blbdrive - ok
13:46:50.0325 5412	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:46:50.0342 5412	bowser - ok
13:46:50.0377 5412	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:46:50.0425 5412	BrFiltLo - ok
13:46:50.0444 5412	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:46:50.0480 5412	BrFiltUp - ok
13:46:50.0568 5412	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:46:50.0703 5412	Brserid - ok
13:46:50.0800 5412	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:46:50.0862 5412	BrSerWdm - ok
13:46:50.0879 5412	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:46:50.0932 5412	BrUsbMdm - ok
13:46:50.0951 5412	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:46:51.0014 5412	BrUsbSer - ok
13:46:51.0067 5412	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:46:51.0117 5412	BTHMODEM - ok
13:46:51.0217 5412	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:46:51.0250 5412	cdfs - ok
13:46:51.0315 5412	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:46:51.0344 5412	cdrom - ok
13:46:51.0362 5412	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
13:46:51.0391 5412	circlass - ok
13:46:51.0455 5412	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:46:51.0470 5412	CLFS - ok
13:46:51.0555 5412	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:46:51.0563 5412	cmdide - ok
13:46:51.0609 5412	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:46:51.0617 5412	Compbatt - ok
13:46:51.0635 5412	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:46:51.0643 5412	crcdisk - ok
13:46:51.0673 5412	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:46:51.0695 5412	Crusoe - ok
13:46:51.0779 5412	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
13:46:51.0871 5412	CSC - ok
13:46:52.0010 5412	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:46:52.0050 5412	DfsC - ok
13:46:52.0109 5412	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:46:52.0120 5412	disk - ok
13:46:52.0219 5412	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:46:52.0271 5412	Dot4 - ok
13:46:52.0328 5412	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:46:52.0402 5412	Dot4Print - ok
13:46:52.0450 5412	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:46:52.0495 5412	dot4usb - ok
13:46:52.0539 5412	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:46:52.0555 5412	drmkaud - ok
13:46:52.0804 5412	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:46:52.0854 5412	DXGKrnl - ok
13:46:53.0011 5412	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:46:53.0080 5412	E1G60 - ok
13:46:53.0185 5412	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:46:53.0198 5412	Ecache - ok
13:46:53.0271 5412	ElbyCDIO        (28cb0b64134ad62c2acf77db8501a619) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:46:53.0280 5412	ElbyCDIO - ok
13:46:53.0495 5412	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:46:53.0528 5412	elxstor - ok
13:46:53.0635 5412	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:46:53.0657 5412	ErrDev - ok
13:46:53.0735 5412	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:46:53.0782 5412	exfat - ok
13:46:53.0822 5412	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:46:53.0864 5412	fastfat - ok
13:46:53.0898 5412	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:46:53.0930 5412	fdc - ok
13:46:53.0999 5412	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:46:54.0009 5412	FileInfo - ok
13:46:54.0032 5412	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:46:54.0079 5412	Filetrace - ok
13:46:54.0133 5412	FLMckUsb        (9a5f86048cd1190071a826f22bb88f47) C:\Windows\system32\DRIVERS\ATTchDrv.sys
13:46:54.0143 5412	FLMckUsb - ok
13:46:54.0172 5412	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:46:54.0236 5412	flpydisk - ok
13:46:54.0298 5412	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:46:54.0311 5412	FltMgr - ok
13:46:54.0394 5412	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:46:54.0423 5412	Fs_Rec - ok
13:46:54.0454 5412	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:46:54.0463 5412	gagp30kx - ok
13:46:54.0560 5412	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:46:54.0599 5412	HdAudAddService - ok
13:46:54.0688 5412	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:46:54.0753 5412	HDAudBus - ok
13:46:54.0802 5412	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:46:54.0846 5412	HidBth - ok
13:46:54.0878 5412	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
13:46:54.0907 5412	HidIr - ok
13:46:54.0997 5412	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:46:55.0024 5412	HidUsb - ok
13:46:55.0072 5412	hoplfb - ok
13:46:55.0109 5412	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:46:55.0118 5412	HpCISSs - ok
13:46:55.0163 5412	HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
13:46:55.0171 5412	HPFXBULK - ok
13:46:55.0203 5412	HPFXFAX         (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys
13:46:55.0210 5412	HPFXFAX - ok
13:46:55.0298 5412	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:46:55.0402 5412	HTTP - ok
13:46:55.0492 5412	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:46:55.0501 5412	i2omp - ok
13:46:55.0589 5412	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:46:55.0620 5412	i8042prt - ok
13:46:55.0641 5412	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:46:55.0654 5412	iaStorV - ok
13:46:55.0691 5412	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:46:55.0700 5412	iirsp - ok
13:46:55.0783 5412	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:46:55.0792 5412	intelide - ok
13:46:55.0822 5412	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:46:55.0862 5412	intelppm - ok
13:46:55.0921 5412	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:46:55.0956 5412	IpFilterDriver - ok
13:46:55.0967 5412	IpInIp - ok
13:46:55.0990 5412	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:46:56.0012 5412	IPMIDRV - ok
13:46:56.0043 5412	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:46:56.0078 5412	IPNAT - ok
13:46:56.0129 5412	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:46:56.0167 5412	IRENUM - ok
13:46:56.0191 5412	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:46:56.0200 5412	isapnp - ok
13:46:56.0287 5412	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:46:56.0298 5412	iScsiPrt - ok
13:46:56.0329 5412	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:46:56.0338 5412	iteatapi - ok
13:46:56.0358 5412	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:46:56.0366 5412	iteraid - ok
13:46:56.0395 5412	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:46:56.0404 5412	kbdclass - ok
13:46:56.0491 5412	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:46:56.0507 5412	kbdhid - ok
13:46:56.0576 5412	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:46:56.0634 5412	KSecDD - ok
13:46:56.0731 5412	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:46:56.0771 5412	lltdio - ok
13:46:56.0828 5412	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:46:56.0838 5412	LSI_FC - ok
13:46:56.0915 5412	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:46:56.0924 5412	LSI_SAS - ok
13:46:56.0971 5412	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:46:56.0981 5412	LSI_SCSI - ok
13:46:57.0005 5412	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:46:57.0040 5412	luafv - ok
13:46:57.0132 5412	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:46:57.0139 5412	MBAMProtector - ok
13:46:57.0259 5412	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:46:57.0267 5412	megasas - ok
13:46:57.0303 5412	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:46:57.0352 5412	MegaSR - ok
13:46:57.0445 5412	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:46:57.0467 5412	Modem - ok
13:46:57.0499 5412	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:46:57.0526 5412	monitor - ok
13:46:57.0582 5412	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:46:57.0591 5412	mouclass - ok
13:46:57.0613 5412	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:46:57.0653 5412	mouhid - ok
13:46:57.0680 5412	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:46:57.0690 5412	MountMgr - ok
13:46:57.0711 5412	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:46:57.0724 5412	mpio - ok
13:46:57.0766 5412	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:46:57.0791 5412	mpsdrv - ok
13:46:57.0852 5412	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:46:57.0861 5412	Mraid35x - ok
13:46:57.0913 5412	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:46:57.0975 5412	MRxDAV - ok
13:46:58.0010 5412	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:46:58.0049 5412	mrxsmb - ok
13:46:58.0131 5412	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:46:58.0146 5412	mrxsmb10 - ok
13:46:58.0187 5412	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:46:58.0211 5412	mrxsmb20 - ok
13:46:58.0237 5412	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:46:58.0246 5412	msahci - ok
13:46:58.0265 5412	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:46:58.0275 5412	msdsm - ok
13:46:58.0314 5412	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:46:58.0348 5412	Msfs - ok
13:46:58.0384 5412	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:46:58.0392 5412	msisadrv - ok
13:46:58.0462 5412	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:46:58.0483 5412	MSKSSRV - ok
13:46:58.0517 5412	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:46:58.0548 5412	MSPCLOCK - ok
13:46:58.0582 5412	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:46:58.0612 5412	MSPQM - ok
13:46:58.0684 5412	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:46:58.0696 5412	MsRPC - ok
13:46:58.0741 5412	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:46:58.0749 5412	mssmbios - ok
13:46:58.0786 5412	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:46:58.0828 5412	MSTEE - ok
13:46:58.0917 5412	MTXPAR          (1171baf750ff1772dd128317bb5de001) C:\Windows\system32\DRIVERS\MTXPARM.sys
13:46:58.0946 5412	MTXPAR ( UnsignedFile.Multi.Generic ) - warning
13:46:58.0947 5412	MTXPAR - detected UnsignedFile.Multi.Generic (1)
13:46:59.0027 5412	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:46:59.0058 5412	Mup - ok
13:46:59.0229 5412	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:46:59.0262 5412	NativeWifiP - ok
13:46:59.0364 5412	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:46:59.0383 5412	NDIS - ok
13:46:59.0421 5412	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:46:59.0458 5412	NdisTapi - ok
13:46:59.0512 5412	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:46:59.0545 5412	Ndisuio - ok
13:46:59.0605 5412	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:46:59.0638 5412	NdisWan - ok
13:46:59.0689 5412	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:46:59.0712 5412	NDProxy - ok
13:46:59.0736 5412	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:46:59.0769 5412	NetBIOS - ok
13:46:59.0857 5412	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:46:59.0895 5412	netbt - ok
13:46:59.0959 5412	netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys
13:47:00.0039 5412	netr73 - ok
13:47:00.0157 5412	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:47:00.0165 5412	nfrd960 - ok
13:47:00.0234 5412	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:47:00.0273 5412	Npfs - ok
13:47:00.0325 5412	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:47:00.0393 5412	nsiproxy - ok
13:47:00.0475 5412	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:47:00.0550 5412	Ntfs - ok
13:47:00.0643 5412	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:47:00.0682 5412	ntrigdigi - ok
13:47:00.0721 5412	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:47:00.0743 5412	Null - ok
13:47:00.0787 5412	NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
13:47:00.0851 5412	NVENETFD - ok
13:47:01.0042 5412	nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:47:01.0166 5412	nvlddmkm - ok
13:47:01.0213 5412	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:47:01.0224 5412	nvraid - ok
13:47:01.0265 5412	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:47:01.0273 5412	nvstor - ok
13:47:01.0289 5412	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:47:01.0300 5412	nv_agp - ok
13:47:01.0310 5412	NwlnkFlt - ok
13:47:01.0320 5412	NwlnkFwd - ok
13:47:01.0387 5412	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:47:01.0404 5412	ohci1394 - ok
13:47:01.0444 5412	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:47:01.0507 5412	Parport - ok
13:47:01.0592 5412	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:47:01.0604 5412	partmgr - ok
13:47:01.0699 5412	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:47:01.0748 5412	Parvdm - ok
13:47:01.0799 5412	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:47:01.0812 5412	pci - ok
13:47:01.0880 5412	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:47:01.0890 5412	pciide - ok
13:47:01.0918 5412	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:47:01.0930 5412	pcmcia - ok
13:47:01.0999 5412	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:47:02.0116 5412	PEAUTH - ok
13:47:02.0246 5412	Ph3xIB32        (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
13:47:02.0353 5412	Ph3xIB32 - ok
13:47:02.0460 5412	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:47:02.0482 5412	PptpMiniport - ok
13:47:02.0529 5412	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:47:02.0564 5412	Processor - ok
13:47:02.0653 5412	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:47:02.0682 5412	PSched - ok
13:47:02.0761 5412	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:47:02.0821 5412	ql2300 - ok
13:47:02.0903 5412	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:47:02.0913 5412	ql40xx - ok
13:47:02.0958 5412	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:47:03.0011 5412	QWAVEdrv - ok
13:47:03.0071 5412	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:47:03.0098 5412	RasAcd - ok
13:47:03.0122 5412	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:47:03.0152 5412	Rasl2tp - ok
13:47:03.0226 5412	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:47:03.0255 5412	RasPppoe - ok
13:47:03.0307 5412	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:47:03.0319 5412	RasSstp - ok
13:47:03.0399 5412	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:47:03.0429 5412	rdbss - ok
13:47:03.0456 5412	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:47:03.0500 5412	RDPCDD - ok
13:47:03.0607 5412	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
13:47:03.0654 5412	rdpdr - ok
13:47:03.0697 5412	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:47:03.0719 5412	RDPENCDD - ok
13:47:03.0781 5412	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:47:03.0800 5412	RDPWD - ok
13:47:03.0838 5412	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:47:03.0860 5412	rspndr - ok
13:47:03.0880 5412	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:47:03.0890 5412	sbp2port - ok
13:47:03.0963 5412	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:47:04.0008 5412	secdrv - ok
13:47:04.0043 5412	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:47:04.0082 5412	Serenum - ok
13:47:04.0111 5412	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:47:04.0162 5412	Serial - ok
13:47:04.0212 5412	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:47:04.0242 5412	sermouse - ok
13:47:04.0285 5412	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:47:04.0312 5412	sffdisk - ok
13:47:04.0359 5412	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:47:04.0380 5412	sffp_mmc - ok
13:47:04.0391 5412	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:47:04.0423 5412	sffp_sd - ok
13:47:04.0442 5412	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:47:04.0504 5412	sfloppy - ok
13:47:04.0568 5412	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:47:04.0578 5412	sisagp - ok
13:47:04.0604 5412	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:47:04.0613 5412	SiSRaid2 - ok
13:47:04.0633 5412	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:47:04.0643 5412	SiSRaid4 - ok
13:47:04.0738 5412	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:47:04.0779 5412	Smb - ok
13:47:04.0822 5412	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:47:04.0830 5412	spldr - ok
13:47:04.0889 5412	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:47:04.0909 5412	srv - ok
13:47:04.0986 5412	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:47:05.0000 5412	srv2 - ok
13:47:05.0037 5412	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:47:05.0060 5412	srvnet - ok
13:47:05.0113 5412	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:47:05.0120 5412	ssmdrv - ok
13:47:05.0159 5412	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:47:05.0167 5412	swenum - ok
13:47:05.0268 5412	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:47:05.0276 5412	Symc8xx - ok
13:47:05.0335 5412	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:47:05.0344 5412	Sym_hi - ok
13:47:05.0374 5412	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:47:05.0382 5412	Sym_u3 - ok
13:47:05.0457 5412	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:47:05.0510 5412	Tcpip - ok
13:47:05.0576 5412	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:47:05.0603 5412	Tcpip6 - ok
13:47:05.0694 5412	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:47:05.0714 5412	tcpipreg - ok
13:47:05.0796 5412	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:47:05.0827 5412	TDPIPE - ok
13:47:05.0857 5412	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:47:05.0891 5412	TDTCP - ok
13:47:05.0964 5412	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:47:05.0988 5412	tdx - ok
13:47:06.0087 5412	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:47:06.0097 5412	TermDD - ok
13:47:06.0143 5412	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:47:06.0179 5412	tssecsrv - ok
13:47:06.0200 5412	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:47:06.0259 5412	tunmp - ok
13:47:06.0333 5412	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:47:06.0355 5412	tunnel - ok
13:47:06.0419 5412	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:47:06.0429 5412	uagp35 - ok
13:47:06.0480 5412	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:47:06.0501 5412	udfs - ok
13:47:06.0531 5412	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:47:06.0540 5412	uliagpkx - ok
13:47:06.0566 5412	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:47:06.0580 5412	uliahci - ok
13:47:06.0640 5412	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:47:06.0650 5412	UlSata - ok
13:47:06.0663 5412	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:47:06.0674 5412	ulsata2 - ok
13:47:06.0748 5412	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:47:06.0784 5412	umbus - ok
13:47:06.0853 5412	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:47:06.0891 5412	usbaudio - ok
13:47:06.0945 5412	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:47:06.0973 5412	usbccgp - ok
13:47:07.0025 5412	usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
13:47:07.0048 5412	usbcir - ok
13:47:07.0070 5412	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:47:07.0107 5412	usbehci - ok
13:47:07.0157 5412	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:47:07.0191 5412	usbhub - ok
13:47:07.0268 5412	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:47:07.0285 5412	usbohci - ok
13:47:07.0359 5412	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:47:07.0399 5412	usbprint - ok
13:47:07.0422 5412	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:47:07.0456 5412	usbscan - ok
13:47:07.0477 5412	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:47:07.0495 5412	USBSTOR - ok
13:47:07.0542 5412	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:47:07.0581 5412	usbuhci - ok
13:47:07.0653 5412	VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys
13:47:07.0695 5412	VClone - ok
13:47:07.0730 5412	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:47:07.0774 5412	vga - ok
13:47:07.0795 5412	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:47:07.0830 5412	VgaSave - ok
13:47:07.0888 5412	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:47:07.0898 5412	viaagp - ok
13:47:07.0963 5412	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:47:07.0986 5412	ViaC7 - ok
13:47:08.0016 5412	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:47:08.0024 5412	viaide - ok
13:47:08.0093 5412	vncmirror       (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys
13:47:08.0111 5412	vncmirror - ok
13:47:08.0135 5412	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:47:08.0145 5412	volmgr - ok
13:47:08.0221 5412	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:47:08.0237 5412	volmgrx - ok
13:47:08.0314 5412	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:47:08.0328 5412	volsnap - ok
13:47:08.0353 5412	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:47:08.0364 5412	vsmraid - ok
13:47:08.0391 5412	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:47:08.0439 5412	WacomPen - ok
13:47:08.0457 5412	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:47:08.0475 5412	Wanarp - ok
13:47:08.0479 5412	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:47:08.0496 5412	Wanarpv6 - ok
13:47:08.0531 5412	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:47:08.0541 5412	Wd - ok
13:47:08.0564 5412	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:47:08.0585 5412	Wdf01000 - ok
13:47:08.0679 5412	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:47:08.0720 5412	WmiAcpi - ok
13:47:08.0813 5412	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:47:08.0833 5412	WpdUsb - ok
13:47:08.0896 5412	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:47:08.0925 5412	ws2ifsl - ok
13:47:08.0991 5412	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:47:09.0024 5412	WUDFRd - ok
13:47:09.0049 5412	MBR (0x1B8)     (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
13:47:09.0079 5412	\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
13:47:09.0079 5412	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
13:47:09.0119 5412	Boot (0x1200)   (29c67c2b976e00795037b915e7320e33) \Device\Harddisk0\DR0\Partition0
13:47:09.0120 5412	\Device\Harddisk0\DR0\Partition0 - ok
13:47:09.0133 5412	Boot (0x1200)   (b0a0a90b9d885581915bfdef59d9eec8) \Device\Harddisk0\DR0\Partition1
13:47:09.0134 5412	\Device\Harddisk0\DR0\Partition1 - ok
13:47:09.0135 5412	============================================================
13:47:09.0135 5412	Scan finished
13:47:09.0135 5412	============================================================
13:47:09.0151 3436	Detected object count: 2
13:47:09.0151 3436	Actual detected object count: 2
13:47:19.0675 3436	MTXPAR ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:19.0675 3436	MTXPAR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:47:19.0677 3436	\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
13:47:19.0677 3436	\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
         

Alt 28.02.2012, 15:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Zitat:
\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
Bitte (nur diesen!!) mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2012, 16:53   #15
loco-dubai
 
BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Standard

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen



Code:
ATTFilter
16:50:31.0541 3984	TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:50:32.0041 3984	============================================================
16:50:32.0041 3984	Current date / time: 2012/02/28 16:50:32.0041
16:50:32.0041 3984	SystemInfo:
16:50:32.0041 3984	
16:50:32.0041 3984	OS Version: 6.0.6002 ServicePack: 2.0
16:50:32.0042 3984	Product type: Workstation
16:50:32.0042 3984	ComputerName: TOBIASROLLEHOME
16:50:32.0042 3984	UserName: OWNER
16:50:32.0042 3984	Windows directory: C:\Windows
16:50:32.0042 3984	System windows directory: C:\Windows
16:50:32.0042 3984	Processor architecture: Intel x86
16:50:32.0042 3984	Number of processors: 2
16:50:32.0042 3984	Page size: 0x1000
16:50:32.0042 3984	Boot type: Normal boot
16:50:32.0042 3984	============================================================
16:50:33.0935 3984	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:50:33.0946 3984	\Device\Harddisk0\DR0:
16:50:33.0947 3984	MBR used
16:50:33.0947 3984	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x394698A8
16:50:33.0947 3984	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x394698E7, BlocksNum 0xF1B35A
16:50:34.0152 3984	Initialize success
16:50:34.0152 3984	============================================================
16:50:45.0818 2300	============================================================
16:50:45.0818 2300	Scan started
16:50:45.0818 2300	Mode: Manual; SigCheck; TDLFS; 
16:50:45.0818 2300	============================================================
16:50:50.0696 2300	3xHybrid        (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys
16:51:14.0755 2300	3xHybrid - ok
16:51:14.0910 2300	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:51:14.0927 2300	ACPI - ok
16:51:14.0965 2300	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:51:14.0986 2300	adp94xx - ok
16:51:15.0045 2300	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:51:15.0063 2300	adpahci - ok
16:51:15.0378 2300	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:51:15.0433 2300	adpu160m - ok
16:51:15.0606 2300	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:51:15.0681 2300	adpu320 - ok
16:51:16.0342 2300	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:51:16.0414 2300	AFD - ok
16:51:16.0739 2300	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:51:16.0784 2300	agp440 - ok
16:51:17.0148 2300	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:51:17.0158 2300	aic78xx - ok
16:51:17.0337 2300	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:51:17.0386 2300	aliide - ok
16:51:17.0460 2300	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:51:17.0469 2300	amdagp - ok
16:51:17.0891 2300	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:51:17.0937 2300	amdide - ok
16:51:18.0078 2300	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:51:18.0689 2300	AmdK7 - ok
16:51:19.0000 2300	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
16:51:19.0066 2300	AmdK8 - ok
16:51:19.0299 2300	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:51:19.0332 2300	arc - ok
16:51:19.0458 2300	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:51:19.0566 2300	arcsas - ok
16:51:19.0712 2300	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:19.0756 2300	AsyncMac - ok
16:51:19.0857 2300	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:51:19.0881 2300	atapi - ok
16:51:21.0636 2300	atikmdag        (c6eec3603b6d66d0f5a2edd430d338b3) C:\Windows\system32\DRIVERS\atikmdag.sys
16:51:21.0921 2300	atikmdag - ok
16:51:22.0053 2300	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
16:51:22.0078 2300	avgntflt - ok
16:51:22.0111 2300	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
16:51:22.0120 2300	avipbb - ok
16:51:22.0264 2300	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:51:22.0273 2300	avkmgr - ok
16:51:22.0665 2300	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:51:22.0733 2300	Beep - ok
16:51:22.0799 2300	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:51:22.0867 2300	blbdrive - ok
16:51:23.0023 2300	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:51:23.0090 2300	bowser - ok
16:51:23.0158 2300	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:51:23.0689 2300	BrFiltLo - ok
16:51:23.0784 2300	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:51:23.0836 2300	BrFiltUp - ok
16:51:23.0915 2300	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:51:24.0010 2300	Brserid - ok
16:51:24.0247 2300	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:51:24.0348 2300	BrSerWdm - ok
16:51:24.0419 2300	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:51:24.0456 2300	BrUsbMdm - ok
16:51:24.0514 2300	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:51:24.0559 2300	BrUsbSer - ok
16:51:24.0632 2300	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:51:24.0670 2300	BTHMODEM - ok
16:51:24.0831 2300	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:51:24.0853 2300	cdfs - ok
16:51:24.0913 2300	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:51:24.0939 2300	cdrom - ok
16:51:24.0960 2300	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
16:51:24.0981 2300	circlass - ok
16:51:25.0104 2300	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:51:25.0177 2300	CLFS - ok
16:51:25.0361 2300	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:51:25.0406 2300	cmdide - ok
16:51:25.0431 2300	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
16:51:25.0439 2300	Compbatt - ok
16:51:25.0457 2300	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:51:25.0465 2300	crcdisk - ok
16:51:25.0704 2300	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:51:25.0746 2300	Crusoe - ok
16:51:25.0878 2300	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
16:51:25.0910 2300	CSC - ok
16:51:26.0068 2300	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:51:26.0105 2300	DfsC - ok
16:51:26.0198 2300	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:51:26.0220 2300	disk - ok
16:51:26.0450 2300	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:51:26.0676 2300	Dot4 - ok
16:51:26.0933 2300	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:51:26.0955 2300	Dot4Print - ok
16:51:26.0990 2300	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:51:27.0029 2300	dot4usb - ok
16:51:27.0128 2300	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:51:27.0297 2300	drmkaud - ok
16:51:27.0793 2300	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:51:27.0887 2300	DXGKrnl - ok
16:51:28.0608 2300	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:51:28.0658 2300	E1G60 - ok
16:51:28.0799 2300	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:51:28.0820 2300	Ecache - ok
16:51:28.0915 2300	ElbyCDIO        (28cb0b64134ad62c2acf77db8501a619) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:51:28.0923 2300	ElbyCDIO - ok
16:51:29.0251 2300	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:51:29.0304 2300	elxstor - ok
16:51:29.0341 2300	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:51:29.0362 2300	ErrDev - ok
16:51:29.0557 2300	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:51:29.0604 2300	exfat - ok
16:51:29.0738 2300	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:51:29.0788 2300	fastfat - ok
16:51:29.0945 2300	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:51:29.0967 2300	fdc - ok
16:51:29.0996 2300	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:51:30.0005 2300	FileInfo - ok
16:51:30.0021 2300	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:51:30.0043 2300	Filetrace - ok
16:51:30.0097 2300	FLMckUsb        (9a5f86048cd1190071a826f22bb88f47) C:\Windows\system32\DRIVERS\ATTchDrv.sys
16:51:30.0106 2300	FLMckUsb - ok
16:51:30.0136 2300	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:30.0157 2300	flpydisk - ok
16:51:30.0322 2300	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:51:30.0340 2300	FltMgr - ok
16:51:30.0399 2300	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:51:30.0428 2300	Fs_Rec - ok
16:51:30.0493 2300	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:51:30.0526 2300	gagp30kx - ok
16:51:30.0632 2300	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
16:51:30.0663 2300	HdAudAddService - ok
16:51:30.0910 2300	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:51:31.0000 2300	HDAudBus - ok
16:51:31.0357 2300	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:51:31.0425 2300	HidBth - ok
16:51:31.0933 2300	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
16:51:31.0950 2300	HidIr - ok
16:51:32.0052 2300	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:51:32.0085 2300	HidUsb - ok
16:51:32.0118 2300	hoplfb - ok
16:51:32.0164 2300	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:51:32.0193 2300	HpCISSs - ok
16:51:32.0285 2300	HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
16:51:32.0293 2300	HPFXBULK - ok
16:51:32.0350 2300	HPFXFAX         (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys
16:51:32.0357 2300	HPFXFAX - ok
16:51:32.0428 2300	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:51:32.0491 2300	HTTP - ok
16:51:32.0581 2300	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:51:32.0606 2300	i2omp - ok
16:51:32.0645 2300	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:51:32.0662 2300	i8042prt - ok
16:51:32.0688 2300	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:51:32.0701 2300	iaStorV - ok
16:51:32.0730 2300	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:51:32.0762 2300	iirsp - ok
16:51:32.0830 2300	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:51:32.0852 2300	intelide - ok
16:51:32.0886 2300	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:51:32.0907 2300	intelppm - ok
16:51:33.0035 2300	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:33.0094 2300	IpFilterDriver - ok
16:51:33.0127 2300	IpInIp - ok
16:51:33.0479 2300	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:51:33.0550 2300	IPMIDRV - ok
16:51:33.0906 2300	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:51:33.0929 2300	IPNAT - ok
16:51:34.0285 2300	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:51:34.0319 2300	IRENUM - ok
16:51:34.0355 2300	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:51:34.0365 2300	isapnp - ok
16:51:34.0459 2300	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:51:34.0470 2300	iScsiPrt - ok
16:51:34.0735 2300	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:51:34.0776 2300	iteatapi - ok
16:51:34.0913 2300	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:51:35.0046 2300	iteraid - ok
16:51:35.0075 2300	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:35.0084 2300	kbdclass - ok
16:51:35.0146 2300	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:51:35.0163 2300	kbdhid - ok
16:51:35.0322 2300	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:51:35.0343 2300	KSecDD - ok
16:51:35.0403 2300	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:51:35.0425 2300	lltdio - ok
16:51:35.0484 2300	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:51:35.0494 2300	LSI_FC - ok
16:51:35.0587 2300	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:51:35.0597 2300	LSI_SAS - ok
16:51:35.0651 2300	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:51:35.0661 2300	LSI_SCSI - ok
16:51:35.0702 2300	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:51:35.0725 2300	luafv - ok
16:51:35.0812 2300	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:51:35.0819 2300	MBAMProtector - ok
16:51:35.0906 2300	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:51:35.0915 2300	megasas - ok
16:51:35.0958 2300	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:51:35.0987 2300	MegaSR - ok
16:51:36.0059 2300	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:51:36.0087 2300	Modem - ok
16:51:36.0104 2300	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:51:36.0126 2300	monitor - ok
16:51:36.0387 2300	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:51:36.0395 2300	mouclass - ok
16:51:36.0785 2300	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:51:36.0834 2300	mouhid - ok
16:51:36.0886 2300	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:51:36.0894 2300	MountMgr - ok
16:51:36.0917 2300	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:51:36.0926 2300	mpio - ok
16:51:36.0954 2300	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:51:36.0971 2300	mpsdrv - ok
16:51:36.0991 2300	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:51:36.0999 2300	Mraid35x - ok
16:51:37.0068 2300	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:51:37.0097 2300	MRxDAV - ok
16:51:37.0252 2300	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:37.0280 2300	mrxsmb - ok
16:51:37.0390 2300	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:37.0413 2300	mrxsmb10 - ok
16:51:37.0636 2300	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:41.0218 2300	mrxsmb20 - ok
16:51:41.0984 2300	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:51:41.0992 2300	msahci - ok
16:51:42.0086 2300	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:51:42.0127 2300	msdsm - ok
16:51:42.0152 2300	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:51:42.0174 2300	Msfs - ok
16:51:42.0197 2300	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:51:42.0205 2300	msisadrv - ok
16:51:42.0283 2300	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:42.0304 2300	MSKSSRV - ok
16:51:42.0355 2300	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:42.0376 2300	MSPCLOCK - ok
16:51:42.0387 2300	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:51:42.0430 2300	MSPQM - ok
16:51:42.0690 2300	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:51:42.0723 2300	MsRPC - ok
16:51:43.0279 2300	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:51:43.0287 2300	mssmbios - ok
16:51:43.0407 2300	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:51:43.0465 2300	MSTEE - ok
16:51:43.0946 2300	MTXPAR          (1171baf750ff1772dd128317bb5de001) C:\Windows\system32\DRIVERS\MTXPARM.sys
16:51:43.0995 2300	MTXPAR ( UnsignedFile.Multi.Generic ) - warning
16:51:43.0995 2300	MTXPAR - detected UnsignedFile.Multi.Generic (1)
16:51:44.0540 2300	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:51:44.0580 2300	Mup - ok
16:51:44.0711 2300	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:44.0751 2300	NativeWifiP - ok
16:51:44.0802 2300	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:51:44.0823 2300	NDIS - ok
16:51:44.0859 2300	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:44.0875 2300	NdisTapi - ok
16:51:44.0892 2300	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:44.0913 2300	Ndisuio - ok
16:51:44.0969 2300	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:44.0992 2300	NdisWan - ok
16:51:45.0619 2300	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:51:45.0687 2300	NDProxy - ok
16:51:46.0283 2300	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:51:46.0321 2300	NetBIOS - ok
16:51:46.0395 2300	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:51:46.0416 2300	netbt - ok
16:51:46.0473 2300	netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys
16:51:46.0513 2300	netr73 - ok
16:51:46.0545 2300	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:51:46.0554 2300	nfrd960 - ok
16:51:46.0631 2300	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:51:46.0653 2300	Npfs - ok
16:51:46.0713 2300	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:51:46.0758 2300	nsiproxy - ok
16:51:46.0891 2300	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:51:46.0932 2300	Ntfs - ok
16:51:46.0973 2300	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:51:47.0013 2300	ntrigdigi - ok
16:51:47.0117 2300	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:51:47.0142 2300	Null - ok
16:51:47.0292 2300	NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
16:51:47.0347 2300	NVENETFD - ok
16:51:47.0555 2300	nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:51:47.0698 2300	nvlddmkm - ok
16:51:47.0835 2300	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:51:47.0847 2300	nvraid - ok
16:51:47.0886 2300	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:51:47.0896 2300	nvstor - ok
16:51:47.0936 2300	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:51:47.0948 2300	nv_agp - ok
16:51:48.0247 2300	NwlnkFlt - ok
16:51:48.0784 2300	NwlnkFwd - ok
16:51:48.0900 2300	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:51:48.0938 2300	ohci1394 - ok
16:51:49.0006 2300	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:51:49.0046 2300	Parport - ok
16:51:49.0113 2300	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:51:49.0145 2300	partmgr - ok
16:51:49.0187 2300	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:51:49.0249 2300	Parvdm - ok
16:51:49.0746 2300	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:51:49.0778 2300	pci - ok
16:51:49.0910 2300	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:51:49.0918 2300	pciide - ok
16:51:50.0208 2300	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:51:50.0219 2300	pcmcia - ok
16:51:50.0304 2300	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:51:50.0361 2300	PEAUTH - ok
16:51:51.0159 2300	Ph3xIB32        (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
16:51:51.0248 2300	Ph3xIB32 - ok
16:51:51.0406 2300	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:51.0467 2300	PptpMiniport - ok
16:51:51.0484 2300	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:51:51.0506 2300	Processor - ok
16:51:51.0599 2300	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:51:51.0616 2300	PSched - ok
16:51:51.0791 2300	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:51:51.0829 2300	ql2300 - ok
16:51:51.0866 2300	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:51:51.0889 2300	ql40xx - ok
16:51:51.0979 2300	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:51:51.0990 2300	QWAVEdrv - ok
16:51:52.0017 2300	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:52.0038 2300	RasAcd - ok
16:51:52.0052 2300	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:52.0081 2300	Rasl2tp - ok
16:51:52.0147 2300	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:52.0165 2300	RasPppoe - ok
16:51:52.0293 2300	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:52.0314 2300	RasSstp - ok
16:51:52.0395 2300	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:52.0416 2300	rdbss - ok
16:51:52.0444 2300	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:52.0466 2300	RDPCDD - ok
16:51:52.0632 2300	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
16:51:52.0659 2300	rdpdr - ok
16:51:52.0688 2300	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:51:52.0709 2300	RDPENCDD - ok
16:51:52.0889 2300	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:51:52.0942 2300	RDPWD - ok
16:51:53.0034 2300	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:53.0056 2300	rspndr - ok
16:51:53.0152 2300	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:51:53.0175 2300	sbp2port - ok
16:51:53.0209 2300	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:51:53.0247 2300	secdrv - ok
16:51:53.0281 2300	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:51:53.0319 2300	Serenum - ok
16:51:53.0361 2300	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:51:53.0416 2300	Serial - ok
16:51:53.0542 2300	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:51:53.0612 2300	sermouse - ok
16:51:53.0664 2300	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:51:53.0699 2300	sffdisk - ok
16:51:53.0780 2300	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:53.0801 2300	sffp_mmc - ok
16:51:53.0838 2300	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:51:53.0868 2300	sffp_sd - ok
16:51:53.0888 2300	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:51:53.0928 2300	sfloppy - ok
16:51:53.0972 2300	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:51:53.0982 2300	sisagp - ok
16:51:54.0059 2300	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:51:54.0067 2300	SiSRaid2 - ok
16:51:54.0096 2300	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:51:54.0106 2300	SiSRaid4 - ok
16:51:54.0189 2300	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:51:54.0214 2300	Smb - ok
16:51:54.0419 2300	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:51:54.0427 2300	spldr - ok
16:51:55.0003 2300	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:51:55.0031 2300	srv - ok
16:51:55.0183 2300	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:51:55.0204 2300	srv2 - ok
16:51:55.0250 2300	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:55.0273 2300	srvnet - ok
16:51:55.0314 2300	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:51:55.0322 2300	ssmdrv - ok
16:51:55.0430 2300	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:51:55.0438 2300	swenum - ok
16:51:55.0622 2300	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:51:55.0631 2300	Symc8xx - ok
16:51:55.0756 2300	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:51:55.0779 2300	Sym_hi - ok
16:51:55.0828 2300	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:51:55.0837 2300	Sym_u3 - ok
16:51:56.0022 2300	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:51:56.0053 2300	Tcpip - ok
16:51:56.0131 2300	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:56.0157 2300	Tcpip6 - ok
16:51:56.0240 2300	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:51:56.0260 2300	tcpipreg - ok
16:51:56.0301 2300	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:51:56.0322 2300	TDPIPE - ok
16:51:56.0353 2300	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:51:56.0387 2300	TDTCP - ok
16:51:56.0462 2300	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:51:56.0493 2300	tdx - ok
16:51:56.0616 2300	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:51:56.0625 2300	TermDD - ok
16:51:56.0781 2300	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:56.0825 2300	tssecsrv - ok
16:51:56.0871 2300	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:51:56.0888 2300	tunmp - ok
16:51:56.0963 2300	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:57.0000 2300	tunnel - ok
16:51:57.0032 2300	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:51:57.0055 2300	uagp35 - ok
16:51:57.0185 2300	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:51:57.0206 2300	udfs - ok
16:51:57.0235 2300	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:51:57.0265 2300	uliagpkx - ok
16:51:57.0446 2300	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:51:57.0459 2300	uliahci - ok
16:51:57.0511 2300	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:51:57.0521 2300	UlSata - ok
16:51:57.0651 2300	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:51:57.0661 2300	ulsata2 - ok
16:51:57.0676 2300	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:51:57.0721 2300	umbus - ok
16:51:57.0841 2300	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:51:57.0879 2300	usbaudio - ok
16:51:57.0958 2300	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:57.0975 2300	usbccgp - ok
16:51:58.0005 2300	usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
16:51:58.0027 2300	usbcir - ok
16:51:58.0099 2300	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:58.0136 2300	usbehci - ok
16:51:58.0344 2300	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:51:58.0364 2300	usbhub - ok
16:51:58.0448 2300	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
16:51:58.0493 2300	usbohci - ok
16:51:58.0546 2300	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:51:58.0586 2300	usbprint - ok
16:51:58.0626 2300	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:51:58.0648 2300	usbscan - ok
16:51:58.0673 2300	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:58.0690 2300	USBSTOR - ok
16:51:58.0771 2300	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:58.0818 2300	usbuhci - ok
16:51:58.0871 2300	VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys
16:51:58.0900 2300	VClone - ok
16:51:58.0935 2300	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:58.0978 2300	vga - ok
16:51:58.0992 2300	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:51:59.0014 2300	VgaSave - ok
16:51:59.0042 2300	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:51:59.0075 2300	viaagp - ok
16:51:59.0218 2300	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:51:59.0283 2300	ViaC7 - ok
16:51:59.0629 2300	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:51:59.0652 2300	viaide - ok
16:51:59.0763 2300	vncmirror       (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys
16:51:59.0806 2300	vncmirror - ok
16:51:59.0847 2300	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:51:59.0860 2300	volmgr - ok
16:51:59.0926 2300	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:51:59.0940 2300	volmgrx - ok
16:52:00.0002 2300	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:52:00.0015 2300	volsnap - ok
16:52:00.0799 2300	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:52:00.0838 2300	vsmraid - ok
16:52:00.0904 2300	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:52:00.0942 2300	WacomPen - ok
16:52:00.0962 2300	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:01.0002 2300	Wanarp - ok
16:52:01.0006 2300	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:01.0023 2300	Wanarpv6 - ok
16:52:01.0110 2300	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:52:01.0118 2300	Wd - ok
16:52:01.0143 2300	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:52:01.0164 2300	Wdf01000 - ok
16:52:01.0275 2300	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
16:52:01.0324 2300	WmiAcpi - ok
16:52:01.0443 2300	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:52:01.0496 2300	WpdUsb - ok
16:52:01.0542 2300	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:01.0604 2300	ws2ifsl - ok
16:52:01.0653 2300	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:01.0685 2300	WUDFRd - ok
16:52:01.0711 2300	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:03.0794 2300	\Device\Harddisk0\DR0 - ok
16:52:03.0845 2300	Boot (0x1200)   (29c67c2b976e00795037b915e7320e33) \Device\Harddisk0\DR0\Partition0
16:52:03.0874 2300	\Device\Harddisk0\DR0\Partition0 - ok
16:52:03.0946 2300	Boot (0x1200)   (b0a0a90b9d885581915bfdef59d9eec8) \Device\Harddisk0\DR0\Partition1
16:52:04.0083 2300	\Device\Harddisk0\DR0\Partition1 - ok
16:52:04.0084 2300	============================================================
16:52:04.0084 2300	Scan finished
16:52:04.0084 2300	============================================================
16:52:04.0097 2592	Detected object count: 1
16:52:04.0097 2592	Actual detected object count: 1
16:52:11.0285 2592	MTXPAR ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:11.0285 2592	MTXPAR ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu BOO/Whistler gefunden - wie entfernen? bitte kurz helfen
anbei, antivirus, avira, datei, datein, entferne, entfernen, gefunde, kurze, laufwerke, leute, log, log datei, schonmal, tagen, verschiedene, verschiedenen, wie entfernen, wie entfernen?



Ähnliche Themen: BOO/Whistler gefunden - wie entfernen? bitte kurz helfen


  1. Virus BOO/Whistler.DB im Masterbootsektor HD1 gefunden(Avira)
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (5)
  2. boo/whistler.db im Masterbootsektor gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (33)
  3. Avira meldet BOO/Whistler.A [virus] gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (27)
  4. BOO/Whistler.A in Masterbootsektor HD0, sowie in beiden Partitionen gefunden
    Log-Analyse und Auswertung - 02.01.2012 (27)
  5. BOO/whistler.A virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (2)
  6. Whistler entfernen
    Log-Analyse und Auswertung - 25.11.2011 (19)
  7. BOO/Whistler.A in Masterbootsektor gefunden F und I
    Log-Analyse und Auswertung - 21.11.2011 (22)
  8. BOO/Whistler.A in Masterbootsektor gefunden,Lfw D: ist verschwunden
    Log-Analyse und Auswertung - 11.08.2011 (25)
  9. BOO/Whistler.A von AntiVir in "Bootsector G" gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (24)
  10. Whistler / Black Internet - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 16.10.2010 (3)
  11. Bitte nur mal kurz gucken ;-)
    Mülltonne - 27.01.2009 (0)
  12. Mal kurz helfen ?
    Log-Analyse und Auswertung - 11.01.2008 (4)
  13. Trojaner gefunden -Wer kann mir bitte helfen?
    Plagegeister aller Art und deren Bekämpfung - 05.02.2007 (3)
  14. Trojaner gefunden -Wer kann mir bitte helfen?
    Plagegeister aller Art und deren Bekämpfung - 05.02.2007 (1)
  15. bitte mal kurz ansehen
    Plagegeister aller Art und deren Bekämpfung - 16.09.2005 (3)
  16. Adware gefunden, bitte helfen
    Log-Analyse und Auswertung - 01.08.2005 (1)
  17. Kurz drüberfliegen bitte
    Log-Analyse und Auswertung - 26.05.2005 (1)

Zum Thema BOO/Whistler gefunden - wie entfernen? bitte kurz helfen - Hi Leute, seit ein paar Tagen findet mein Avira Antivirus den BOO/whistler auf verschiedenen Laufwerken. Wie kann ich das Teil schnellstmöglichst und sicher löschen. Bitte um kurze Hilfe - anbei - BOO/Whistler gefunden - wie entfernen? bitte kurz helfen...
Archiv
Du betrachtest: BOO/Whistler gefunden - wie entfernen? bitte kurz helfen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.