Trojaner-Board - BOO/Whistler gefunden - wie entfernen? bitte kurz helfen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BOO/Whistler gefunden - wie entfernen? bitte kurz helfen (https://www.trojaner-board.de/110500-boo-whistler-gefunden-entfernen-bitte-kurz-helfen.html)

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen

Hi Leute,

seit ein paar Tagen findet mein Avira Antivirus den BOO/whistler auf verschiedenen Laufwerken.
Wie kann ich das Teil schnellstmöglichst und sicher löschen.

Bitte um kurze Hilfe - anbei die Log Datein vom Avira.

Danke schonmal u bis gleich

loco-dubai

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Sorry mit dem Code-Tags kam ich nicht zurecht.

Anbei die Logs von den 2 Programmen

Was ist an den CODE-Tags denn nicht zu verstehen?

Code:

 alwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org
 

Database version: v2012.02.26.07
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19190

OWNER :: TOBIASROLLEHOME [administrator]
 

Protection: Enabled
 

27.02.2012 10:10:01

mbam-log-2012-02-27 (10-10-01).txt
 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 409099

Time elapsed: 1 hour(s), 18 minute(s), 46 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 15

HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
 

Registry Values Detected: 5

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{A97CF973-60D0-6DE1-74C4-FD48DF453075} (Trojan.ZbotR.Gen) -> Data: C:\Users\OWNER\AppData\Roaming\Upsyc\orfer.exe -> Quarantined and deleted successfully.
 

Registry Data Items Detected: 3

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=607cc8c0-439b-11e1-8f3c-00221558181e) Good: (hxxp://www.google.com) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=607cc8c0-439b-11e1-8f3c-00221558181e) Good: (hxxp://www.google.com) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Documents and Settings\svshost.exe) Good: (Userinit.exe) -> Quarantined and repaired successfully.
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 1

C:\Program Files\StartSearch plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
 

(end)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=34ba86f737bf054a857602a8c1113aa3

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-27 02:50:08

# local_time=2012-02-27 03:50:08 (+0100, W. Europe Standard Time)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 621419 621419 0 0

# compatibility_mode=5892 16776573 100 100 62220 167877739 0 0

# compatibility_mode=8192 67108863 100 0 3793 3793 0 0

# scanned=335818

# found=0

# cleaned=0

# scan_time=9170

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 28.02.2012 10:35:52 - Run 1

OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\OWNER\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19190)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,21% Memory free

6,23 Gb Paging File | 4,41 Gb Available in Paging File | 70,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 458,21 Gb Total Space | 379,97 Gb Free Space | 82,93% Space Free | Partition Type: NTFS

Drive D: | 7,55 Gb Total Space | 0,99 Gb Free Space | 13,12% Space Free | Partition Type: NTFS

 

Computer Name: TOBIASROLLEHOME | User Name: OWNER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.28 10:32:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Downloads\OTL.exe

PRC - [2012.02.27 08:03:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012.02.20 09:47:31 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.10.11 15:06:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.10.11 15:06:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 15:06:20 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.10.11 15:06:18 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 15:06:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.23 16:58:36 | 000,093,696 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlaui.exe

PRC - [2011.05.23 16:25:44 | 000,028,672 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlartd.exe

PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009.06.15 07:52:08 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.08.04 15:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe

PRC - [2008.08.01 08:47:20 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007.10.09 21:07:58 | 000,914,808 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

PRC - [2005.09.23 07:58:42 | 000,163,840 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.27 08:03:02 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012.02.20 09:13:55 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2ddd7acbd58ff39deff6c5cd732e1474\System.Deployment.ni.dll

MOD - [2012.02.20 09:13:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

MOD - [2012.02.20 09:13:52 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0ac84704dce924c06b1913f7c75e6fde\System.Runtime.Serialization.Formatters.Soap.ni.dll

MOD - [2012.02.20 09:13:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MOD - [2012.02.20 09:13:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MOD - [2012.02.20 09:13:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

MOD - [2012.02.20 09:13:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

MOD - [2012.02.20 09:12:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2012.02.20 09:12:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2012.01.03 21:54:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Weblink.DEU

MOD - [2011.12.09 10:36:40 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011.11.30 10:01:48 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll

MOD - [2011.05.23 17:11:16 | 000,050,992 | ---- | M] () -- c:\blp\API\dde\bbloader.dll

MOD - [2011.05.23 17:02:16 | 000,106,496 | ---- | M] () -- c:\blp\API\Office Tools\FieldServiceDesktopSchemaV8.XmlSerializers.dll

MOD - [2011.05.23 17:01:58 | 000,389,120 | ---- | M] () -- c:\blp\API\Office Tools\Bloomberg.OfficeTools.DataModel.Schemas.XmlSerializers.dll

MOD - [2011.05.23 16:46:26 | 000,069,632 | ---- | M] () -- c:\blp\API\Office Tools\BlissAdaptor.XmlSerializers.dll

MOD - [2011.05.23 16:45:06 | 000,196,608 | ---- | M] () -- c:\blp\API\Office Tools\Microsoft.ApplicationBlocks.UIProcess.dll

MOD - [2011.05.23 16:44:02 | 000,065,536 | ---- | M] () -- c:\blp\API\Office Tools\FavoriteFieldsServiceSchema.XmlSerializers.dll

MOD - [2009.10.03 01:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu

MOD - [2009.10.03 01:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU

MOD - [2009.06.25 22:30:48 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll

MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009.02.27 16:41:26 | 000,011,264 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\pddom.DEU

MOD - [2009.02.27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU

MOD - [2008.08.04 15:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe

MOD - [2008.08.04 15:29:12 | 000,114,688 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPToolkit.dll

MOD - [2008.08.04 15:29:12 | 000,057,344 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll

MOD - [2008.08.04 15:29:12 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\Enumeration.dll

MOD - [2008.08.04 15:28:54 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPTools.dll

MOD - [2008.08.04 15:28:52 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll

MOD - [2008.08.01 08:47:02 | 000,102,400 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll

MOD - [2008.08.01 08:47:00 | 000,552,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Alerts.dll

MOD - [2008.08.01 08:46:36 | 000,593,920 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll

MOD - [2008.08.01 08:46:30 | 000,126,976 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll

MOD - [2008.08.01 08:46:30 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll

MOD - [2008.08.01 08:46:30 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll

MOD - [2008.08.01 08:46:28 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPStreamsInterface.dll

MOD - [2008.08.01 08:46:26 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll

MOD - [2008.07.31 13:37:06 | 000,086,016 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll

MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll

MOD - [2005.09.23 07:58:32 | 000,163,840 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.CustomLayout.dll

MOD - [2005.09.23 07:58:28 | 000,196,608 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.Medical.dll

MOD - [2005.09.23 07:58:26 | 000,253,952 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.AppHint.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.02.20 09:47:31 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.10.11 15:06:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 15:06:20 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011.10.11 15:06:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.10.09 21:07:58 | 000,914,808 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - [2005.09.27 11:17:00 | 000,155,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\MtxDrvService.exe -- (MtxDrvService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.02.20 09:47:34 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.10.11 15:06:39 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.11 15:06:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.05.14 23:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.02.26 06:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2008.01.21 03:23:28 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.10.09 21:02:34 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)

DRV - [2007.08.28 13:44:56 | 000,088,064 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATTchDrv.sys -- (FLMckUsb)

DRV - [2007.07.16 22:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)

DRV - [2007.07.16 22:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)

DRV - [2007.01.26 07:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2006.11.02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)

DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

DRV - [2005.09.27 11:13:00 | 001,028,864 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MTXPARM.sys -- (MTXPAR)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 24 63 AD 9A 05 CC 01  [binary data]

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

FF - prefs.js..extensions.enabledItems: {4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}:1.1

FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.27 08:03:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 13:18:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.08 13:40:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.03.14 22:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Extensions

[2011.03.14 22:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.02.19 15:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions

[2012.01.20 20:17:43 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}

[2011.04.30 14:37:17 | 000,000,000 | ---D | M] (vShare) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar

[2012.01.20 20:17:38 | 000,000,792 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml

[2012.02.19 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.02.27 08:03:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.02.19 13:14:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2012.02.27 08:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.27 08:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=607cc8c0-439b-11e1-8f3c-00221558181e&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: vshare plugin = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: TV for Google Chrome\u2122 = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found

O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Matrox PowerDesk SE] C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)

O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914CF204-BB59-4A13-AAF8-04FC46F20E60}: DhcpNameServer = 80.227.2.3 80.227.2.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B29C7892-224C-4C46-ABED-5A51DEBC5675}: DhcpNameServer = 213.132.63.25 80.227.2.4

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell - "" = AutoRun

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\AutoRun\command - "" = J:\SETUP.EXE /AUTORUN

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\configure\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\install\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\Shell\AutoRun\command - "" = K:\Menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.27 13:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.02.27 10:08:58 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Malwarebytes

[2012.02.27 10:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.27 10:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.27 10:08:28 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.02.27 10:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.02.20 09:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012.02.20 09:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.02.20 09:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.02.20 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Avira

[2012.02.20 09:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.02.20 09:40:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.02.20 09:40:29 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.20 09:40:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.02.20 09:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.02.20 09:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.02.20 09:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2012.02.19 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2012.02.19 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2012.02.19 15:00:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2012.02.19 13:22:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2012.02.19 13:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.02.13 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Upsyc

[2012.02.13 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Izva

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.28 10:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.28 10:10:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job

[2012.02.28 08:59:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.28 08:59:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.28 00:10:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job

[2012.02.28 00:02:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.28 00:02:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.27 13:12:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jxle.sys

[2012.02.27 10:08:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.27 08:08:11 | 000,619,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.27 08:08:11 | 000,108,826 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.27 08:02:27 | 000,002,032 | ---- | M] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat

[2012.02.27 08:02:12 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.20 09:47:34 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.20 09:43:39 | 000,001,081 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012.02.20 09:43:39 | 000,001,057 | ---- | M] () -- C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk

[2012.02.20 09:41:28 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.20 09:09:38 | 000,308,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.20 08:36:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012.02.20 08:35:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012.02.19 13:18:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.02.16 04:13:15 | 000,002,044 | ---- | M] () -- C:\Users\OWNER\Desktop\Google Chrome.lnk

[2012.02.16 04:13:15 | 000,002,006 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012.02.16 03:05:29 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI

 
 ========== Files Created - No Company Name ==========

 

[2012.02.27 13:12:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jxle.sys

[2012.02.27 10:08:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.20 09:43:39 | 000,001,081 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012.02.20 09:43:39 | 000,001,057 | ---- | C] () -- C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk

[2012.02.20 09:41:28 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.20 08:36:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012.02.20 08:35:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012.02.19 13:18:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.02.19 13:18:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.02.16 03:05:29 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.11.27 07:13:17 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat

[2011.11.27 07:11:06 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2010.10.25 07:37:18 | 000,006,656 | ---- | C] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== LOP Check ==========

 

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Image Zone Express

[2012.02.18 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Izva

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Printer Info Cache

[2012.02.07 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\TeamViewer

[2011.03.14 22:04:44 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Thunderbird

[2012.02.16 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Upsyc

[2012.01.20 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\VshareComplete

[2012.02.26 21:00:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.10.14 08:53:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Adobe

[2012.02.20 09:42:03 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Avira

[2009.06.15 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Google

[2011.12.08 08:40:34 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\HP

[2009.05.25 07:25:02 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Identities

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Image Zone Express

[2012.02.18 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Izva

[2009.05.25 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Macromedia

[2012.02.27 10:08:58 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Malwarebytes

[2012.02.13 20:23:31 | 000,000,000 | --SD | M] -- C:\Users\OWNER\AppData\Roaming\Microsoft

[2009.05.25 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Mozilla

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Printer Info Cache

[2012.02.28 10:35:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Skype

[2012.02.28 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\skypePM

[2012.02.07 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\TeamViewer

[2011.03.14 22:04:44 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Thunderbird

[2012.02.16 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Upsyc

[2012.02.04 17:55:03 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\vlc

[2012.01.20 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\VshareComplete

[2009.06.15 18:26:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.03.29 08:31:11 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\OWNER\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.12.18 03:53:00 | 000,091,128 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\VshareComplete\KeepMeUpdated.exe

[2011.12.18 03:53:00 | 000,091,128 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\VshareComplete\64\KeepMeUpdated.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.01.12 19:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: NVSTOR32.SYS  >

[2008.01.25 20:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvrd32.inf_e2a5b24c\nvstor32.sys

[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\hp\DRIVERS\nvidia_storage\nvstor32.sys

[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows.old\Windows\System32\drivers\nvstor32.sys

[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b55bb8a8\nvstor32.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 24 63 AD 9A 05 CC 01  [binary data]

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

[2012.01.20 20:17:43 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}

[2011.04.30 14:37:17 | 000,000,000 | ---D | M] (vShare) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar

[2012.01.20 20:17:38 | 000,000,792 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml

[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=607cc8c0-439b-11e1-8f3c-00221558181e&q={searchTerms}

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell - "" = AutoRun

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\AutoRun\command - "" = J:\SETUP.EXE /AUTORUN

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\configure\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\install\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\Shell\AutoRun\command - "" = K:\Menu.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Prefs.js: "Web Search" removed from browser.search.defaultengine

Prefs.js: "Web Search" removed from browser.search.defaultenginename

Prefs.js: "Web Search" removed from browser.search.order.1

Prefs.js: "Web Search" removed from browser.search.selectedEngine

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: vshare@toolbar:1.0.2 removed from extensions.enabledItems

Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\defaults\preferences folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\defaults folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\chrome\content folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\chrome folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a} folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\modules folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\locale folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\components folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\chrome folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar folder moved successfully.

C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml moved successfully.

C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

C:\Program Files\vShare\vshare_toolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222f31fb-a14e-4af2-bb14-997f28294370}\ deleted successfully.

C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CLRHost deleted successfully.

C:\blp\API\Office Tools\bbxlcmd.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ deleted successfully.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

File J:\SETUP.EXE /AUTORUN not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

File J:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

File J:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\ not found.

File K:\Menu.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: OWNER

->Temp folder emptied: 197407427 bytes

->Temporary Internet Files folder emptied: 66359629 bytes

->Java cache emptied: 134963781 bytes

->FireFox cache emptied: 845821488 bytes

->Google Chrome cache emptied: 38534855 bytes

->Flash cache emptied: 134469 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 147030 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.224,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.33.2 log created on 02282012_130909
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Zur Info: Im Zuge des Neustarts war Avira wieder mit den üblichen Viruswarnungen parat. "BOO/whistler was found ......"

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

13:46:03.0190 2712        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

13:46:03.0765 2712        ============================================================

13:46:03.0765 2712        Current date / time: 2012/02/28 13:46:03.0765

13:46:03.0765 2712        SystemInfo:

13:46:03.0765 2712        

13:46:03.0765 2712        OS Version: 6.0.6002 ServicePack: 2.0

13:46:03.0765 2712        Product type: Workstation

13:46:03.0765 2712        ComputerName: TOBIASROLLEHOME

13:46:03.0765 2712        UserName: OWNER

13:46:03.0765 2712        Windows directory: C:\Windows

13:46:03.0765 2712        System windows directory: C:\Windows

13:46:03.0765 2712        Processor architecture: Intel x86

13:46:03.0765 2712        Number of processors: 2

13:46:03.0765 2712        Page size: 0x1000

13:46:03.0765 2712        Boot type: Normal boot

13:46:03.0765 2712        ============================================================

13:46:04.0512 2712        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:46:04.0524 2712        \Device\Harddisk0\DR0:

13:46:04.0524 2712        MBR used

13:46:04.0524 2712        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x394698A8

13:46:04.0524 2712        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x394698E7, BlocksNum 0xF1B35A

13:46:04.0596 2712        Initialize success

13:46:04.0596 2712        ============================================================

13:46:47.0490 5412        ============================================================

13:46:47.0490 5412        Scan started

13:46:47.0490 5412        Mode: Manual; SigCheck; TDLFS; 

13:46:47.0490 5412        ============================================================

13:46:48.0055 5412        3xHybrid        (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys

13:46:48.0233 5412        3xHybrid - ok

13:46:48.0359 5412        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:46:48.0374 5412        ACPI - ok

13:46:48.0417 5412        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

13:46:48.0437 5412        adp94xx - ok

13:46:48.0513 5412        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

13:46:48.0528 5412        adpahci - ok

13:46:48.0546 5412        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

13:46:48.0557 5412        adpu160m - ok

13:46:48.0573 5412        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

13:46:48.0585 5412        adpu320 - ok

13:46:48.0724 5412        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:46:48.0800 5412        AFD - ok

13:46:48.0849 5412        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

13:46:48.0859 5412        agp440 - ok

13:46:48.0899 5412        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:46:48.0910 5412        aic78xx - ok

13:46:48.0948 5412        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

13:46:48.0956 5412        aliide - ok

13:46:48.0996 5412        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

13:46:49.0005 5412        amdagp - ok

13:46:49.0093 5412        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

13:46:49.0122 5412        amdide - ok

13:46:49.0155 5412        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

13:46:49.0213 5412        AmdK7 - ok

13:46:49.0236 5412        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

13:46:49.0276 5412        AmdK8 - ok

13:46:49.0399 5412        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

13:46:49.0409 5412        arc - ok

13:46:49.0441 5412        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

13:46:49.0450 5412        arcsas - ok

13:46:49.0489 5412        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:46:49.0538 5412        AsyncMac - ok

13:46:49.0576 5412        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:46:49.0585 5412        atapi - ok

13:46:49.0687 5412        atikmdag        (c6eec3603b6d66d0f5a2edd430d338b3) C:\Windows\system32\DRIVERS\atikmdag.sys

13:46:49.0848 5412        atikmdag - ok

13:46:49.0937 5412        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

13:46:49.0965 5412        avgntflt - ok

13:46:49.0985 5412        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

13:46:49.0994 5412        avipbb - ok

13:46:50.0008 5412        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

13:46:50.0016 5412        avkmgr - ok

13:46:50.0051 5412        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:46:50.0118 5412        Beep - ok

13:46:50.0168 5412        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

13:46:50.0227 5412        blbdrive - ok

13:46:50.0325 5412        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:46:50.0342 5412        bowser - ok

13:46:50.0377 5412        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:46:50.0425 5412        BrFiltLo - ok

13:46:50.0444 5412        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:46:50.0480 5412        BrFiltUp - ok

13:46:50.0568 5412        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:46:50.0703 5412        Brserid - ok

13:46:50.0800 5412        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:46:50.0862 5412        BrSerWdm - ok

13:46:50.0879 5412        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:46:50.0932 5412        BrUsbMdm - ok

13:46:50.0951 5412        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:46:51.0014 5412        BrUsbSer - ok

13:46:51.0067 5412        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:46:51.0117 5412        BTHMODEM - ok

13:46:51.0217 5412        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:46:51.0250 5412        cdfs - ok

13:46:51.0315 5412        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:46:51.0344 5412        cdrom - ok

13:46:51.0362 5412        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

13:46:51.0391 5412        circlass - ok

13:46:51.0455 5412        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:46:51.0470 5412        CLFS - ok

13:46:51.0555 5412        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

13:46:51.0563 5412        cmdide - ok

13:46:51.0609 5412        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

13:46:51.0617 5412        Compbatt - ok

13:46:51.0635 5412        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

13:46:51.0643 5412        crcdisk - ok

13:46:51.0673 5412        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

13:46:51.0695 5412        Crusoe - ok

13:46:51.0779 5412        CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

13:46:51.0871 5412        CSC - ok

13:46:52.0010 5412        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:46:52.0050 5412        DfsC - ok

13:46:52.0109 5412        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:46:52.0120 5412        disk - ok

13:46:52.0219 5412        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

13:46:52.0271 5412        Dot4 - ok

13:46:52.0328 5412        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

13:46:52.0402 5412        Dot4Print - ok

13:46:52.0450 5412        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

13:46:52.0495 5412        dot4usb - ok

13:46:52.0539 5412        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:46:52.0555 5412        drmkaud - ok

13:46:52.0804 5412        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:46:52.0854 5412        DXGKrnl - ok

13:46:53.0011 5412        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:46:53.0080 5412        E1G60 - ok

13:46:53.0185 5412        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:46:53.0198 5412        Ecache - ok

13:46:53.0271 5412        ElbyCDIO        (28cb0b64134ad62c2acf77db8501a619) C:\Windows\system32\Drivers\ElbyCDIO.sys

13:46:53.0280 5412        ElbyCDIO - ok

13:46:53.0495 5412        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

13:46:53.0528 5412        elxstor - ok

13:46:53.0635 5412        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

13:46:53.0657 5412        ErrDev - ok

13:46:53.0735 5412        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:46:53.0782 5412        exfat - ok

13:46:53.0822 5412        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:46:53.0864 5412        fastfat - ok

13:46:53.0898 5412        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

13:46:53.0930 5412        fdc - ok

13:46:53.0999 5412        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:46:54.0009 5412        FileInfo - ok

13:46:54.0032 5412        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:46:54.0079 5412        Filetrace - ok

13:46:54.0133 5412        FLMckUsb        (9a5f86048cd1190071a826f22bb88f47) C:\Windows\system32\DRIVERS\ATTchDrv.sys

13:46:54.0143 5412        FLMckUsb - ok

13:46:54.0172 5412        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

13:46:54.0236 5412        flpydisk - ok

13:46:54.0298 5412        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:46:54.0311 5412        FltMgr - ok

13:46:54.0394 5412        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

13:46:54.0423 5412        Fs_Rec - ok

13:46:54.0454 5412        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

13:46:54.0463 5412        gagp30kx - ok

13:46:54.0560 5412        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

13:46:54.0599 5412        HdAudAddService - ok

13:46:54.0688 5412        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:46:54.0753 5412        HDAudBus - ok

13:46:54.0802 5412        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:46:54.0846 5412        HidBth - ok

13:46:54.0878 5412        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

13:46:54.0907 5412        HidIr - ok

13:46:54.0997 5412        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

13:46:55.0024 5412        HidUsb - ok

13:46:55.0072 5412        hoplfb - ok

13:46:55.0109 5412        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

13:46:55.0118 5412        HpCISSs - ok

13:46:55.0163 5412        HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

13:46:55.0171 5412        HPFXBULK - ok

13:46:55.0203 5412        HPFXFAX         (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys

13:46:55.0210 5412        HPFXFAX - ok

13:46:55.0298 5412        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

13:46:55.0402 5412        HTTP - ok

13:46:55.0492 5412        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

13:46:55.0501 5412        i2omp - ok

13:46:55.0589 5412        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:46:55.0620 5412        i8042prt - ok

13:46:55.0641 5412        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

13:46:55.0654 5412        iaStorV - ok

13:46:55.0691 5412        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:46:55.0700 5412        iirsp - ok

13:46:55.0783 5412        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

13:46:55.0792 5412        intelide - ok

13:46:55.0822 5412        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

13:46:55.0862 5412        intelppm - ok

13:46:55.0921 5412        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:46:55.0956 5412        IpFilterDriver - ok

13:46:55.0967 5412        IpInIp - ok

13:46:55.0990 5412        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

13:46:56.0012 5412        IPMIDRV - ok

13:46:56.0043 5412        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:46:56.0078 5412        IPNAT - ok

13:46:56.0129 5412        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:46:56.0167 5412        IRENUM - ok

13:46:56.0191 5412        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

13:46:56.0200 5412        isapnp - ok

13:46:56.0287 5412        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:46:56.0298 5412        iScsiPrt - ok

13:46:56.0329 5412        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:46:56.0338 5412        iteatapi - ok

13:46:56.0358 5412        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:46:56.0366 5412        iteraid - ok

13:46:56.0395 5412        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:46:56.0404 5412        kbdclass - ok

13:46:56.0491 5412        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

13:46:56.0507 5412        kbdhid - ok

13:46:56.0576 5412        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:46:56.0634 5412        KSecDD - ok

13:46:56.0731 5412        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:46:56.0771 5412        lltdio - ok

13:46:56.0828 5412        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

13:46:56.0838 5412        LSI_FC - ok

13:46:56.0915 5412        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

13:46:56.0924 5412        LSI_SAS - ok

13:46:56.0971 5412        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

13:46:56.0981 5412        LSI_SCSI - ok

13:46:57.0005 5412        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:46:57.0040 5412        luafv - ok

13:46:57.0132 5412        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

13:46:57.0139 5412        MBAMProtector - ok

13:46:57.0259 5412        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

13:46:57.0267 5412        megasas - ok

13:46:57.0303 5412        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

13:46:57.0352 5412        MegaSR - ok

13:46:57.0445 5412        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:46:57.0467 5412        Modem - ok

13:46:57.0499 5412        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:46:57.0526 5412        monitor - ok

13:46:57.0582 5412        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:46:57.0591 5412        mouclass - ok

13:46:57.0613 5412        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:46:57.0653 5412        mouhid - ok

13:46:57.0680 5412        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:46:57.0690 5412        MountMgr - ok

13:46:57.0711 5412        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

13:46:57.0724 5412        mpio - ok

13:46:57.0766 5412        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:46:57.0791 5412        mpsdrv - ok

13:46:57.0852 5412        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:46:57.0861 5412        Mraid35x - ok

13:46:57.0913 5412        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:46:57.0975 5412        MRxDAV - ok

13:46:58.0010 5412        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:46:58.0049 5412        mrxsmb - ok

13:46:58.0131 5412        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:46:58.0146 5412        mrxsmb10 - ok

13:46:58.0187 5412        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:46:58.0211 5412        mrxsmb20 - ok

13:46:58.0237 5412        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

13:46:58.0246 5412        msahci - ok

13:46:58.0265 5412        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

13:46:58.0275 5412        msdsm - ok

13:46:58.0314 5412        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:46:58.0348 5412        Msfs - ok

13:46:58.0384 5412        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:46:58.0392 5412        msisadrv - ok

13:46:58.0462 5412        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:46:58.0483 5412        MSKSSRV - ok

13:46:58.0517 5412        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:46:58.0548 5412        MSPCLOCK - ok

13:46:58.0582 5412        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:46:58.0612 5412        MSPQM - ok

13:46:58.0684 5412        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:46:58.0696 5412        MsRPC - ok

13:46:58.0741 5412        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:46:58.0749 5412        mssmbios - ok

13:46:58.0786 5412        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:46:58.0828 5412        MSTEE - ok

13:46:58.0917 5412        MTXPAR          (1171baf750ff1772dd128317bb5de001) C:\Windows\system32\DRIVERS\MTXPARM.sys

13:46:58.0946 5412        MTXPAR ( UnsignedFile.Multi.Generic ) - warning

13:46:58.0947 5412        MTXPAR - detected UnsignedFile.Multi.Generic (1)

13:46:59.0027 5412        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:46:59.0058 5412        Mup - ok

13:46:59.0229 5412        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:46:59.0262 5412        NativeWifiP - ok

13:46:59.0364 5412        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:46:59.0383 5412        NDIS - ok

13:46:59.0421 5412        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:46:59.0458 5412        NdisTapi - ok

13:46:59.0512 5412        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:46:59.0545 5412        Ndisuio - ok

13:46:59.0605 5412        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:46:59.0638 5412        NdisWan - ok

13:46:59.0689 5412        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:46:59.0712 5412        NDProxy - ok

13:46:59.0736 5412        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:46:59.0769 5412        NetBIOS - ok

13:46:59.0857 5412        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:46:59.0895 5412        netbt - ok

13:46:59.0959 5412        netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys

13:47:00.0039 5412        netr73 - ok

13:47:00.0157 5412        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:47:00.0165 5412        nfrd960 - ok

13:47:00.0234 5412        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:47:00.0273 5412        Npfs - ok

13:47:00.0325 5412        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:47:00.0393 5412        nsiproxy - ok

13:47:00.0475 5412        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:47:00.0550 5412        Ntfs - ok

13:47:00.0643 5412        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:47:00.0682 5412        ntrigdigi - ok

13:47:00.0721 5412        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:47:00.0743 5412        Null - ok

13:47:00.0787 5412        NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

13:47:00.0851 5412        NVENETFD - ok

13:47:01.0042 5412        nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:47:01.0166 5412        nvlddmkm - ok

13:47:01.0213 5412        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

13:47:01.0224 5412        nvraid - ok

13:47:01.0265 5412        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

13:47:01.0273 5412        nvstor - ok

13:47:01.0289 5412        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

13:47:01.0300 5412        nv_agp - ok

13:47:01.0310 5412        NwlnkFlt - ok

13:47:01.0320 5412        NwlnkFwd - ok

13:47:01.0387 5412        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

13:47:01.0404 5412        ohci1394 - ok

13:47:01.0444 5412        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:47:01.0507 5412        Parport - ok

13:47:01.0592 5412        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

13:47:01.0604 5412        partmgr - ok

13:47:01.0699 5412        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:47:01.0748 5412        Parvdm - ok

13:47:01.0799 5412        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:47:01.0812 5412        pci - ok

13:47:01.0880 5412        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

13:47:01.0890 5412        pciide - ok

13:47:01.0918 5412        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:47:01.0930 5412        pcmcia - ok

13:47:01.0999 5412        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:47:02.0116 5412        PEAUTH - ok

13:47:02.0246 5412        Ph3xIB32        (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys

13:47:02.0353 5412        Ph3xIB32 - ok

13:47:02.0460 5412        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:47:02.0482 5412        PptpMiniport - ok

13:47:02.0529 5412        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

13:47:02.0564 5412        Processor - ok

13:47:02.0653 5412        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:47:02.0682 5412        PSched - ok

13:47:02.0761 5412        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

13:47:02.0821 5412        ql2300 - ok

13:47:02.0903 5412        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:47:02.0913 5412        ql40xx - ok

13:47:02.0958 5412        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:47:03.0011 5412        QWAVEdrv - ok

13:47:03.0071 5412        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:47:03.0098 5412        RasAcd - ok

13:47:03.0122 5412        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:47:03.0152 5412        Rasl2tp - ok

13:47:03.0226 5412        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:47:03.0255 5412        RasPppoe - ok

13:47:03.0307 5412        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:47:03.0319 5412        RasSstp - ok

13:47:03.0399 5412        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:47:03.0429 5412        rdbss - ok

13:47:03.0456 5412        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:47:03.0500 5412        RDPCDD - ok

13:47:03.0607 5412        rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

13:47:03.0654 5412        rdpdr - ok

13:47:03.0697 5412        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:47:03.0719 5412        RDPENCDD - ok

13:47:03.0781 5412        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

13:47:03.0800 5412        RDPWD - ok

13:47:03.0838 5412        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:47:03.0860 5412        rspndr - ok

13:47:03.0880 5412        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:47:03.0890 5412        sbp2port - ok

13:47:03.0963 5412        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:47:04.0008 5412        secdrv - ok

13:47:04.0043 5412        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:47:04.0082 5412        Serenum - ok

13:47:04.0111 5412        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:47:04.0162 5412        Serial - ok

13:47:04.0212 5412        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:47:04.0242 5412        sermouse - ok

13:47:04.0285 5412        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

13:47:04.0312 5412        sffdisk - ok

13:47:04.0359 5412        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

13:47:04.0380 5412        sffp_mmc - ok

13:47:04.0391 5412        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

13:47:04.0423 5412        sffp_sd - ok

13:47:04.0442 5412        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:47:04.0504 5412        sfloppy - ok

13:47:04.0568 5412        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

13:47:04.0578 5412        sisagp - ok

13:47:04.0604 5412        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

13:47:04.0613 5412        SiSRaid2 - ok

13:47:04.0633 5412        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

13:47:04.0643 5412        SiSRaid4 - ok

13:47:04.0738 5412        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:47:04.0779 5412        Smb - ok

13:47:04.0822 5412        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:47:04.0830 5412        spldr - ok

13:47:04.0889 5412        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:47:04.0909 5412        srv - ok

13:47:04.0986 5412        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:47:05.0000 5412        srv2 - ok

13:47:05.0037 5412        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:47:05.0060 5412        srvnet - ok

13:47:05.0113 5412        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

13:47:05.0120 5412        ssmdrv - ok

13:47:05.0159 5412        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:47:05.0167 5412        swenum - ok

13:47:05.0268 5412        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:47:05.0276 5412        Symc8xx - ok

13:47:05.0335 5412        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:47:05.0344 5412        Sym_hi - ok

13:47:05.0374 5412        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:47:05.0382 5412        Sym_u3 - ok

13:47:05.0457 5412        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

13:47:05.0510 5412        Tcpip - ok

13:47:05.0576 5412        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

13:47:05.0603 5412        Tcpip6 - ok

13:47:05.0694 5412        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

13:47:05.0714 5412        tcpipreg - ok

13:47:05.0796 5412        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:47:05.0827 5412        TDPIPE - ok

13:47:05.0857 5412        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:47:05.0891 5412        TDTCP - ok

13:47:05.0964 5412        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:47:05.0988 5412        tdx - ok

13:47:06.0087 5412        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:47:06.0097 5412        TermDD - ok

13:47:06.0143 5412        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:47:06.0179 5412        tssecsrv - ok

13:47:06.0200 5412        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:47:06.0259 5412        tunmp - ok

13:47:06.0333 5412        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:47:06.0355 5412        tunnel - ok

13:47:06.0419 5412        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

13:47:06.0429 5412        uagp35 - ok

13:47:06.0480 5412        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:47:06.0501 5412        udfs - ok

13:47:06.0531 5412        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

13:47:06.0540 5412        uliagpkx - ok

13:47:06.0566 5412        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

13:47:06.0580 5412        uliahci - ok

13:47:06.0640 5412        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:47:06.0650 5412        UlSata - ok

13:47:06.0663 5412        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:47:06.0674 5412        ulsata2 - ok

13:47:06.0748 5412        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:47:06.0784 5412        umbus - ok

13:47:06.0853 5412        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

13:47:06.0891 5412        usbaudio - ok

13:47:06.0945 5412        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:47:06.0973 5412        usbccgp - ok

13:47:07.0025 5412        usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys

13:47:07.0048 5412        usbcir - ok

13:47:07.0070 5412        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:47:07.0107 5412        usbehci - ok

13:47:07.0157 5412        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:47:07.0191 5412        usbhub - ok

13:47:07.0268 5412        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

13:47:07.0285 5412        usbohci - ok

13:47:07.0359 5412        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

13:47:07.0399 5412        usbprint - ok

13:47:07.0422 5412        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

13:47:07.0456 5412        usbscan - ok

13:47:07.0477 5412        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:47:07.0495 5412        USBSTOR - ok

13:47:07.0542 5412        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

13:47:07.0581 5412        usbuhci - ok

13:47:07.0653 5412        VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys

13:47:07.0695 5412        VClone - ok

13:47:07.0730 5412        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

13:47:07.0774 5412        vga - ok

13:47:07.0795 5412        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:47:07.0830 5412        VgaSave - ok

13:47:07.0888 5412        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

13:47:07.0898 5412        viaagp - ok

13:47:07.0963 5412        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

13:47:07.0986 5412        ViaC7 - ok

13:47:08.0016 5412        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

13:47:08.0024 5412        viaide - ok

13:47:08.0093 5412        vncmirror       (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys

13:47:08.0111 5412        vncmirror - ok

13:47:08.0135 5412        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:47:08.0145 5412        volmgr - ok

13:47:08.0221 5412        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:47:08.0237 5412        volmgrx - ok

13:47:08.0314 5412        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:47:08.0328 5412        volsnap - ok

13:47:08.0353 5412        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

13:47:08.0364 5412        vsmraid - ok

13:47:08.0391 5412        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:47:08.0439 5412        WacomPen - ok

13:47:08.0457 5412        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:47:08.0475 5412        Wanarp - ok

13:47:08.0479 5412        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:47:08.0496 5412        Wanarpv6 - ok

13:47:08.0531 5412        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

13:47:08.0541 5412        Wd - ok

13:47:08.0564 5412        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

13:47:08.0585 5412        Wdf01000 - ok

13:47:08.0679 5412        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

13:47:08.0720 5412        WmiAcpi - ok

13:47:08.0813 5412        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

13:47:08.0833 5412        WpdUsb - ok

13:47:08.0896 5412        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:47:08.0925 5412        ws2ifsl - ok

13:47:08.0991 5412        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:47:09.0024 5412        WUDFRd - ok

13:47:09.0049 5412        MBR (0x1B8)     (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0

13:47:09.0079 5412        \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected

13:47:09.0079 5412        \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)

13:47:09.0119 5412        Boot (0x1200)   (29c67c2b976e00795037b915e7320e33) \Device\Harddisk0\DR0\Partition0

13:47:09.0120 5412        \Device\Harddisk0\DR0\Partition0 - ok

13:47:09.0133 5412        Boot (0x1200)   (b0a0a90b9d885581915bfdef59d9eec8) \Device\Harddisk0\DR0\Partition1

13:47:09.0134 5412        \Device\Harddisk0\DR0\Partition1 - ok

13:47:09.0135 5412        ============================================================

13:47:09.0135 5412        Scan finished

13:47:09.0135 5412        ============================================================

13:47:09.0151 3436        Detected object count: 2

13:47:09.0151 3436        Actual detected object count: 2

13:47:19.0675 3436        MTXPAR ( UnsignedFile.Multi.Generic ) - skipped by user

13:47:19.0675 3436        MTXPAR ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:47:19.0677 3436        \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user

13:47:19.0677 3436        \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip

Zitat:

\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user

Bitte (nur diesen!!) mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Code:

16:50:31.0541 3984        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

16:50:32.0041 3984        ============================================================

16:50:32.0041 3984        Current date / time: 2012/02/28 16:50:32.0041

16:50:32.0041 3984        SystemInfo:

16:50:32.0041 3984        

16:50:32.0041 3984        OS Version: 6.0.6002 ServicePack: 2.0

16:50:32.0042 3984        Product type: Workstation

16:50:32.0042 3984        ComputerName: TOBIASROLLEHOME

16:50:32.0042 3984        UserName: OWNER

16:50:32.0042 3984        Windows directory: C:\Windows

16:50:32.0042 3984        System windows directory: C:\Windows

16:50:32.0042 3984        Processor architecture: Intel x86

16:50:32.0042 3984        Number of processors: 2

16:50:32.0042 3984        Page size: 0x1000

16:50:32.0042 3984        Boot type: Normal boot

16:50:32.0042 3984        ============================================================

16:50:33.0935 3984        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:50:33.0946 3984        \Device\Harddisk0\DR0:

16:50:33.0947 3984        MBR used

16:50:33.0947 3984        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x394698A8

16:50:33.0947 3984        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x394698E7, BlocksNum 0xF1B35A

16:50:34.0152 3984        Initialize success

16:50:34.0152 3984        ============================================================

16:50:45.0818 2300        ============================================================

16:50:45.0818 2300        Scan started

16:50:45.0818 2300        Mode: Manual; SigCheck; TDLFS; 

16:50:45.0818 2300        ============================================================

16:50:50.0696 2300        3xHybrid        (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys

16:51:14.0755 2300        3xHybrid - ok

16:51:14.0910 2300        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

16:51:14.0927 2300        ACPI - ok

16:51:14.0965 2300        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

16:51:14.0986 2300        adp94xx - ok

16:51:15.0045 2300        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

16:51:15.0063 2300        adpahci - ok

16:51:15.0378 2300        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

16:51:15.0433 2300        adpu160m - ok

16:51:15.0606 2300        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

16:51:15.0681 2300        adpu320 - ok

16:51:16.0342 2300        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

16:51:16.0414 2300        AFD - ok

16:51:16.0739 2300        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

16:51:16.0784 2300        agp440 - ok

16:51:17.0148 2300        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

16:51:17.0158 2300        aic78xx - ok

16:51:17.0337 2300        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

16:51:17.0386 2300        aliide - ok

16:51:17.0460 2300        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

16:51:17.0469 2300        amdagp - ok

16:51:17.0891 2300        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

16:51:17.0937 2300        amdide - ok

16:51:18.0078 2300        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

16:51:18.0689 2300        AmdK7 - ok

16:51:19.0000 2300        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

16:51:19.0066 2300        AmdK8 - ok

16:51:19.0299 2300        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

16:51:19.0332 2300        arc - ok

16:51:19.0458 2300        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

16:51:19.0566 2300        arcsas - ok

16:51:19.0712 2300        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

16:51:19.0756 2300        AsyncMac - ok

16:51:19.0857 2300        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

16:51:19.0881 2300        atapi - ok

16:51:21.0636 2300        atikmdag        (c6eec3603b6d66d0f5a2edd430d338b3) C:\Windows\system32\DRIVERS\atikmdag.sys

16:51:21.0921 2300        atikmdag - ok

16:51:22.0053 2300        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

16:51:22.0078 2300        avgntflt - ok

16:51:22.0111 2300        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

16:51:22.0120 2300        avipbb - ok

16:51:22.0264 2300        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

16:51:22.0273 2300        avkmgr - ok

16:51:22.0665 2300        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

16:51:22.0733 2300        Beep - ok

16:51:22.0799 2300        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

16:51:22.0867 2300        blbdrive - ok

16:51:23.0023 2300        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

16:51:23.0090 2300        bowser - ok

16:51:23.0158 2300        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

16:51:23.0689 2300        BrFiltLo - ok

16:51:23.0784 2300        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

16:51:23.0836 2300        BrFiltUp - ok

16:51:23.0915 2300        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

16:51:24.0010 2300        Brserid - ok

16:51:24.0247 2300        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

16:51:24.0348 2300        BrSerWdm - ok

16:51:24.0419 2300        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

16:51:24.0456 2300        BrUsbMdm - ok

16:51:24.0514 2300        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

16:51:24.0559 2300        BrUsbSer - ok

16:51:24.0632 2300        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

16:51:24.0670 2300        BTHMODEM - ok

16:51:24.0831 2300        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

16:51:24.0853 2300        cdfs - ok

16:51:24.0913 2300        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

16:51:24.0939 2300        cdrom - ok

16:51:24.0960 2300        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

16:51:24.0981 2300        circlass - ok

16:51:25.0104 2300        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

16:51:25.0177 2300        CLFS - ok

16:51:25.0361 2300        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

16:51:25.0406 2300        cmdide - ok

16:51:25.0431 2300        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

16:51:25.0439 2300        Compbatt - ok

16:51:25.0457 2300        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

16:51:25.0465 2300        crcdisk - ok

16:51:25.0704 2300        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

16:51:25.0746 2300        Crusoe - ok

16:51:25.0878 2300        CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

16:51:25.0910 2300        CSC - ok

16:51:26.0068 2300        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

16:51:26.0105 2300        DfsC - ok

16:51:26.0198 2300        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

16:51:26.0220 2300        disk - ok

16:51:26.0450 2300        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

16:51:26.0676 2300        Dot4 - ok

16:51:26.0933 2300        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:51:26.0955 2300        Dot4Print - ok

16:51:26.0990 2300        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

16:51:27.0029 2300        dot4usb - ok

16:51:27.0128 2300        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

16:51:27.0297 2300        drmkaud - ok

16:51:27.0793 2300        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

16:51:27.0887 2300        DXGKrnl - ok

16:51:28.0608 2300        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

16:51:28.0658 2300        E1G60 - ok

16:51:28.0799 2300        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

16:51:28.0820 2300        Ecache - ok

16:51:28.0915 2300        ElbyCDIO        (28cb0b64134ad62c2acf77db8501a619) C:\Windows\system32\Drivers\ElbyCDIO.sys

16:51:28.0923 2300        ElbyCDIO - ok

16:51:29.0251 2300        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

16:51:29.0304 2300        elxstor - ok

16:51:29.0341 2300        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

16:51:29.0362 2300        ErrDev - ok

16:51:29.0557 2300        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

16:51:29.0604 2300        exfat - ok

16:51:29.0738 2300        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

16:51:29.0788 2300        fastfat - ok

16:51:29.0945 2300        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

16:51:29.0967 2300        fdc - ok

16:51:29.0996 2300        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

16:51:30.0005 2300        FileInfo - ok

16:51:30.0021 2300        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

16:51:30.0043 2300        Filetrace - ok

16:51:30.0097 2300        FLMckUsb        (9a5f86048cd1190071a826f22bb88f47) C:\Windows\system32\DRIVERS\ATTchDrv.sys

16:51:30.0106 2300        FLMckUsb - ok

16:51:30.0136 2300        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

16:51:30.0157 2300        flpydisk - ok

16:51:30.0322 2300        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

16:51:30.0340 2300        FltMgr - ok

16:51:30.0399 2300        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

16:51:30.0428 2300        Fs_Rec - ok

16:51:30.0493 2300        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

16:51:30.0526 2300        gagp30kx - ok

16:51:30.0632 2300        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

16:51:30.0663 2300        HdAudAddService - ok

16:51:30.0910 2300        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:51:31.0000 2300        HDAudBus - ok

16:51:31.0357 2300        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

16:51:31.0425 2300        HidBth - ok

16:51:31.0933 2300        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

16:51:31.0950 2300        HidIr - ok

16:51:32.0052 2300        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

16:51:32.0085 2300        HidUsb - ok

16:51:32.0118 2300        hoplfb - ok

16:51:32.0164 2300        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

16:51:32.0193 2300        HpCISSs - ok

16:51:32.0285 2300        HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

16:51:32.0293 2300        HPFXBULK - ok

16:51:32.0350 2300        HPFXFAX         (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys

16:51:32.0357 2300        HPFXFAX - ok

16:51:32.0428 2300        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

16:51:32.0491 2300        HTTP - ok

16:51:32.0581 2300        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

16:51:32.0606 2300        i2omp - ok

16:51:32.0645 2300        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

16:51:32.0662 2300        i8042prt - ok

16:51:32.0688 2300        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

16:51:32.0701 2300        iaStorV - ok

16:51:32.0730 2300        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

16:51:32.0762 2300        iirsp - ok

16:51:32.0830 2300        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

16:51:32.0852 2300        intelide - ok

16:51:32.0886 2300        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

16:51:32.0907 2300        intelppm - ok

16:51:33.0035 2300        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:51:33.0094 2300        IpFilterDriver - ok

16:51:33.0127 2300        IpInIp - ok

16:51:33.0479 2300        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

16:51:33.0550 2300        IPMIDRV - ok

16:51:33.0906 2300        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

16:51:33.0929 2300        IPNAT - ok

16:51:34.0285 2300        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

16:51:34.0319 2300        IRENUM - ok

16:51:34.0355 2300        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

16:51:34.0365 2300        isapnp - ok

16:51:34.0459 2300        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

16:51:34.0470 2300        iScsiPrt - ok

16:51:34.0735 2300        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

16:51:34.0776 2300        iteatapi - ok

16:51:34.0913 2300        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

16:51:35.0046 2300        iteraid - ok

16:51:35.0075 2300        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:51:35.0084 2300        kbdclass - ok

16:51:35.0146 2300        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

16:51:35.0163 2300        kbdhid - ok

16:51:35.0322 2300        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

16:51:35.0343 2300        KSecDD - ok

16:51:35.0403 2300        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

16:51:35.0425 2300        lltdio - ok

16:51:35.0484 2300        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

16:51:35.0494 2300        LSI_FC - ok

16:51:35.0587 2300        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

16:51:35.0597 2300        LSI_SAS - ok

16:51:35.0651 2300        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

16:51:35.0661 2300        LSI_SCSI - ok

16:51:35.0702 2300        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

16:51:35.0725 2300        luafv - ok

16:51:35.0812 2300        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

16:51:35.0819 2300        MBAMProtector - ok

16:51:35.0906 2300        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

16:51:35.0915 2300        megasas - ok

16:51:35.0958 2300        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

16:51:35.0987 2300        MegaSR - ok

16:51:36.0059 2300        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

16:51:36.0087 2300        Modem - ok

16:51:36.0104 2300        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

16:51:36.0126 2300        monitor - ok

16:51:36.0387 2300        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

16:51:36.0395 2300        mouclass - ok

16:51:36.0785 2300        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

16:51:36.0834 2300        mouhid - ok

16:51:36.0886 2300        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

16:51:36.0894 2300        MountMgr - ok

16:51:36.0917 2300        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

16:51:36.0926 2300        mpio - ok

16:51:36.0954 2300        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

16:51:36.0971 2300        mpsdrv - ok

16:51:36.0991 2300        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

16:51:36.0999 2300        Mraid35x - ok

16:51:37.0068 2300        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

16:51:37.0097 2300        MRxDAV - ok

16:51:37.0252 2300        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:51:37.0280 2300        mrxsmb - ok

16:51:37.0390 2300        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:51:37.0413 2300        mrxsmb10 - ok

16:51:37.0636 2300        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:51:41.0218 2300        mrxsmb20 - ok

16:51:41.0984 2300        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

16:51:41.0992 2300        msahci - ok

16:51:42.0086 2300        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

16:51:42.0127 2300        msdsm - ok

16:51:42.0152 2300        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

16:51:42.0174 2300        Msfs - ok

16:51:42.0197 2300        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

16:51:42.0205 2300        msisadrv - ok

16:51:42.0283 2300        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

16:51:42.0304 2300        MSKSSRV - ok

16:51:42.0355 2300        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

16:51:42.0376 2300        MSPCLOCK - ok

16:51:42.0387 2300        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

16:51:42.0430 2300        MSPQM - ok

16:51:42.0690 2300        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

16:51:42.0723 2300        MsRPC - ok

16:51:43.0279 2300        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

16:51:43.0287 2300        mssmbios - ok

16:51:43.0407 2300        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

16:51:43.0465 2300        MSTEE - ok

16:51:43.0946 2300        MTXPAR          (1171baf750ff1772dd128317bb5de001) C:\Windows\system32\DRIVERS\MTXPARM.sys

16:51:43.0995 2300        MTXPAR ( UnsignedFile.Multi.Generic ) - warning

16:51:43.0995 2300        MTXPAR - detected UnsignedFile.Multi.Generic (1)

16:51:44.0540 2300        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

16:51:44.0580 2300        Mup - ok

16:51:44.0711 2300        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

16:51:44.0751 2300        NativeWifiP - ok

16:51:44.0802 2300        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

16:51:44.0823 2300        NDIS - ok

16:51:44.0859 2300        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

16:51:44.0875 2300        NdisTapi - ok

16:51:44.0892 2300        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

16:51:44.0913 2300        Ndisuio - ok

16:51:44.0969 2300        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:51:44.0992 2300        NdisWan - ok

16:51:45.0619 2300        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

16:51:45.0687 2300        NDProxy - ok

16:51:46.0283 2300        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

16:51:46.0321 2300        NetBIOS - ok

16:51:46.0395 2300        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

16:51:46.0416 2300        netbt - ok

16:51:46.0473 2300        netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys

16:51:46.0513 2300        netr73 - ok

16:51:46.0545 2300        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

16:51:46.0554 2300        nfrd960 - ok

16:51:46.0631 2300        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

16:51:46.0653 2300        Npfs - ok

16:51:46.0713 2300        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

16:51:46.0758 2300        nsiproxy - ok

16:51:46.0891 2300        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

16:51:46.0932 2300        Ntfs - ok

16:51:46.0973 2300        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

16:51:47.0013 2300        ntrigdigi - ok

16:51:47.0117 2300        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

16:51:47.0142 2300        Null - ok

16:51:47.0292 2300        NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

16:51:47.0347 2300        NVENETFD - ok

16:51:47.0555 2300        nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:51:47.0698 2300        nvlddmkm - ok

16:51:47.0835 2300        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

16:51:47.0847 2300        nvraid - ok

16:51:47.0886 2300        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

16:51:47.0896 2300        nvstor - ok

16:51:47.0936 2300        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

16:51:47.0948 2300        nv_agp - ok

16:51:48.0247 2300        NwlnkFlt - ok

16:51:48.0784 2300        NwlnkFwd - ok

16:51:48.0900 2300        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

16:51:48.0938 2300        ohci1394 - ok

16:51:49.0006 2300        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

16:51:49.0046 2300        Parport - ok

16:51:49.0113 2300        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

16:51:49.0145 2300        partmgr - ok

16:51:49.0187 2300        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

16:51:49.0249 2300        Parvdm - ok

16:51:49.0746 2300        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

16:51:49.0778 2300        pci - ok

16:51:49.0910 2300        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

16:51:49.0918 2300        pciide - ok

16:51:50.0208 2300        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

16:51:50.0219 2300        pcmcia - ok

16:51:50.0304 2300        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

16:51:50.0361 2300        PEAUTH - ok

16:51:51.0159 2300        Ph3xIB32        (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys

16:51:51.0248 2300        Ph3xIB32 - ok

16:51:51.0406 2300        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

16:51:51.0467 2300        PptpMiniport - ok

16:51:51.0484 2300        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

16:51:51.0506 2300        Processor - ok

16:51:51.0599 2300        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

16:51:51.0616 2300        PSched - ok

16:51:51.0791 2300        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

16:51:51.0829 2300        ql2300 - ok

16:51:51.0866 2300        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

16:51:51.0889 2300        ql40xx - ok

16:51:51.0979 2300        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

16:51:51.0990 2300        QWAVEdrv - ok

16:51:52.0017 2300        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

16:51:52.0038 2300        RasAcd - ok

16:51:52.0052 2300        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:51:52.0081 2300        Rasl2tp - ok

16:51:52.0147 2300        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

16:51:52.0165 2300        RasPppoe - ok

16:51:52.0293 2300        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

16:51:52.0314 2300        RasSstp - ok

16:51:52.0395 2300        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

16:51:52.0416 2300        rdbss - ok

16:51:52.0444 2300        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:51:52.0466 2300        RDPCDD - ok

16:51:52.0632 2300        rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

16:51:52.0659 2300        rdpdr - ok

16:51:52.0688 2300        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

16:51:52.0709 2300        RDPENCDD - ok

16:51:52.0889 2300        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

16:51:52.0942 2300        RDPWD - ok

16:51:53.0034 2300        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

16:51:53.0056 2300        rspndr - ok

16:51:53.0152 2300        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

16:51:53.0175 2300        sbp2port - ok

16:51:53.0209 2300        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:51:53.0247 2300        secdrv - ok

16:51:53.0281 2300        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

16:51:53.0319 2300        Serenum - ok

16:51:53.0361 2300        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

16:51:53.0416 2300        Serial - ok

16:51:53.0542 2300        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

16:51:53.0612 2300        sermouse - ok

16:51:53.0664 2300        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

16:51:53.0699 2300        sffdisk - ok

16:51:53.0780 2300        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

16:51:53.0801 2300        sffp_mmc - ok

16:51:53.0838 2300        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

16:51:53.0868 2300        sffp_sd - ok

16:51:53.0888 2300        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

16:51:53.0928 2300        sfloppy - ok

16:51:53.0972 2300        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

16:51:53.0982 2300        sisagp - ok

16:51:54.0059 2300        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

16:51:54.0067 2300        SiSRaid2 - ok

16:51:54.0096 2300        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

16:51:54.0106 2300        SiSRaid4 - ok

16:51:54.0189 2300        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

16:51:54.0214 2300        Smb - ok

16:51:54.0419 2300        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

16:51:54.0427 2300        spldr - ok

16:51:55.0003 2300        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

16:51:55.0031 2300        srv - ok

16:51:55.0183 2300        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

16:51:55.0204 2300        srv2 - ok

16:51:55.0250 2300        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

16:51:55.0273 2300        srvnet - ok

16:51:55.0314 2300        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

16:51:55.0322 2300        ssmdrv - ok

16:51:55.0430 2300        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

16:51:55.0438 2300        swenum - ok

16:51:55.0622 2300        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

16:51:55.0631 2300        Symc8xx - ok

16:51:55.0756 2300        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

16:51:55.0779 2300        Sym_hi - ok

16:51:55.0828 2300        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

16:51:55.0837 2300        Sym_u3 - ok

16:51:56.0022 2300        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

16:51:56.0053 2300        Tcpip - ok

16:51:56.0131 2300        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

16:51:56.0157 2300        Tcpip6 - ok

16:51:56.0240 2300        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

16:51:56.0260 2300        tcpipreg - ok

16:51:56.0301 2300        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

16:51:56.0322 2300        TDPIPE - ok

16:51:56.0353 2300        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

16:51:56.0387 2300        TDTCP - ok

16:51:56.0462 2300        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

16:51:56.0493 2300        tdx - ok

16:51:56.0616 2300        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

16:51:56.0625 2300        TermDD - ok

16:51:56.0781 2300        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:51:56.0825 2300        tssecsrv - ok

16:51:56.0871 2300        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

16:51:56.0888 2300        tunmp - ok

16:51:56.0963 2300        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

16:51:57.0000 2300        tunnel - ok

16:51:57.0032 2300        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

16:51:57.0055 2300        uagp35 - ok

16:51:57.0185 2300        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

16:51:57.0206 2300        udfs - ok

16:51:57.0235 2300        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

16:51:57.0265 2300        uliagpkx - ok

16:51:57.0446 2300        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

16:51:57.0459 2300        uliahci - ok

16:51:57.0511 2300        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

16:51:57.0521 2300        UlSata - ok

16:51:57.0651 2300        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

16:51:57.0661 2300        ulsata2 - ok

16:51:57.0676 2300        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

16:51:57.0721 2300        umbus - ok

16:51:57.0841 2300        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

16:51:57.0879 2300        usbaudio - ok

16:51:57.0958 2300        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

16:51:57.0975 2300        usbccgp - ok

16:51:58.0005 2300        usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys

16:51:58.0027 2300        usbcir - ok

16:51:58.0099 2300        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

16:51:58.0136 2300        usbehci - ok

16:51:58.0344 2300        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

16:51:58.0364 2300        usbhub - ok

16:51:58.0448 2300        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

16:51:58.0493 2300        usbohci - ok

16:51:58.0546 2300        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

16:51:58.0586 2300        usbprint - ok

16:51:58.0626 2300        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

16:51:58.0648 2300        usbscan - ok

16:51:58.0673 2300        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:51:58.0690 2300        USBSTOR - ok

16:51:58.0771 2300        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

16:51:58.0818 2300        usbuhci - ok

16:51:58.0871 2300        VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys

16:51:58.0900 2300        VClone - ok

16:51:58.0935 2300        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

16:51:58.0978 2300        vga - ok

16:51:58.0992 2300        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

16:51:59.0014 2300        VgaSave - ok

16:51:59.0042 2300        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

16:51:59.0075 2300        viaagp - ok

16:51:59.0218 2300        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

16:51:59.0283 2300        ViaC7 - ok

16:51:59.0629 2300        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

16:51:59.0652 2300        viaide - ok

16:51:59.0763 2300        vncmirror       (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys

16:51:59.0806 2300        vncmirror - ok

16:51:59.0847 2300        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

16:51:59.0860 2300        volmgr - ok

16:51:59.0926 2300        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

16:51:59.0940 2300        volmgrx - ok

16:52:00.0002 2300        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

16:52:00.0015 2300        volsnap - ok

16:52:00.0799 2300        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

16:52:00.0838 2300        vsmraid - ok

16:52:00.0904 2300        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

16:52:00.0942 2300        WacomPen - ok

16:52:00.0962 2300        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:52:01.0002 2300        Wanarp - ok

16:52:01.0006 2300        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:52:01.0023 2300        Wanarpv6 - ok

16:52:01.0110 2300        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

16:52:01.0118 2300        Wd - ok

16:52:01.0143 2300        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

16:52:01.0164 2300        Wdf01000 - ok

16:52:01.0275 2300        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

16:52:01.0324 2300        WmiAcpi - ok

16:52:01.0443 2300        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

16:52:01.0496 2300        WpdUsb - ok

16:52:01.0542 2300        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

16:52:01.0604 2300        ws2ifsl - ok

16:52:01.0653 2300        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:52:01.0685 2300        WUDFRd - ok

16:52:01.0711 2300        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:52:03.0794 2300        \Device\Harddisk0\DR0 - ok

16:52:03.0845 2300        Boot (0x1200)   (29c67c2b976e00795037b915e7320e33) \Device\Harddisk0\DR0\Partition0

16:52:03.0874 2300        \Device\Harddisk0\DR0\Partition0 - ok

16:52:03.0946 2300        Boot (0x1200)   (b0a0a90b9d885581915bfdef59d9eec8) \Device\Harddisk0\DR0\Partition1

16:52:04.0083 2300        \Device\Harddisk0\DR0\Partition1 - ok

16:52:04.0084 2300        ============================================================

16:52:04.0084 2300        Scan finished

16:52:04.0084 2300        ============================================================

16:52:04.0097 2592        Detected object count: 1

16:52:04.0097 2592        Actual detected object count: 1

16:52:11.0285 2592        MTXPAR ( UnsignedFile.Multi.Generic ) - skipped by user

16:52:11.0285 2592        MTXPAR ( UnsignedFile.Multi.Generic ) - User select action: Skip