Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: unbekannte Bedrohung UDS: dangerousobject.multi.generic

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.11.2011, 20:19   #1
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Hallo zusammen

Kaspersky hat gestern einen Fund gemacht während ich im Internet unterwegs war. Hab den fehler gemacht und vergessen dass mein Laptop so sachen wie noscript, adblocker etc. nicht an hat und schon war ein eine Fundmeldung da.

Im kaspersky wurde mir folgendes angezeigt
"unbekannte Bedrohung UDS: dangerousobject.multi.generic" welche bereits auf zwei Dateien gefunden wurde. Erstes mal am 16.11. und heute am 17.11 in einer zweiten Datei.

1. \AppData\Roaming\Sun\Java\Deployment\cache\6.0\20\1456c14-2e953c34

2. \AppData\Local\Temp\0.21020593048302882.EXE

Malwarebytes Scan läuft grade noch...

Bitte um Hilfe

Mit freundlichen Grüßen

Mücke

Alt 17.11.2011, 20:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Zitat:
Malwarebytes Scan läuft grade noch...
Ok, wenn durch bitte alle Logs posten.
__________________

__________________

Alt 17.11.2011, 22:01   #3
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



So hier mal die Malwarebyes log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8184

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

17.11.2011 21:55:56
mbam-log-2011-11-17 (21-55-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 316371
Laufzeit: 2 Stunde(n), 5 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 17.11.2011, 22:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.11.2011, 06:59   #5
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



nur noch die protection log

19:48:03 MESSAGE Protection started successfully
19:48:08 MESSAGE IP Protection started successfully

Gruß

Mücke


Alt 18.11.2011, 11:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> unbekannte Bedrohung UDS: dangerousobject.multi.generic

Alt 19.11.2011, 12:35   #7
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Hier die log Datei

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d1dc636c1a54be419b32e69f78abdebb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-19 11:21:52
# local_time=2011-11-19 12:21:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 40429760 40429760 0 0
# compatibility_mode=5892 16776574 100 100 5528951 159228101 0 0
# compatibility_mode=8192 67108863 100 0 3722 3722 0 0
# scanned=173658
# found=0
# cleaned=0
# scan_time=6339

Alt 20.11.2011, 12:21   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2011, 17:29   #9
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Hab den normalen Scan gemacht. Hoffe der geht auch.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.11.2011 16:21:58 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,30% Memory free
6,19 Gb Paging File | 4,90 Gb Available in Paging File | 79,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 196,23 Gb Free Space | 71,25% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.20 16:19:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Downloads\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.05.07 11:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010.05.07 11:37:14 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010.03.17 16:26:24 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2008.07.25 08:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2008.07.03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.03 15:39:26 | 000,599,312 | ---- | M] (Pinnacle Systems) -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
PRC - [2007.11.07 10:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 11:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 08:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 10:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 10:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
MOD - [2008.07.18 19:52:08 | 000,649,704 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.12.03 15:39:28 | 000,111,888 | ---- | M] () -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll
MOD - [2007.11.02 11:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 11:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 11:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 11:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 11:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 11:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 11:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 11:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.05.07 11:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.03.17 16:26:24 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.07.25 08:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.06.15 18:41:34 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.06.15 18:41:33 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.08.08 12:06:14 | 000,475,224 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.05.06 23:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.05.06 23:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008.09.02 15:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.03.13 02:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.12.11 00:05:36 | 000,554,240 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2007.10.19 13:32:58 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.07.09 13:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 12:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.06.25 12:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.24 10:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.24 10:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007.04.24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007.04.24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007.04.24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007.03.30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=13170&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 13:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.25 13:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.08 12:07:19 | 000,000,000 | ---D | M]
 
[2008.09.08 16:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.08 13:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions
[2010.11.28 16:05:29 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions\toolbar@ask.com
[2011.11.19 12:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions
[2011.11.19 12:31:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.19 12:43:17 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2011.11.19 12:31:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.11.16 21:07:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.11.19 12:43:17 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.11.19 10:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.25 20:48:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.10.24 17:48:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.06 17:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.25 13:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.10.11 13:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.08.08 12:09:24 | 000,000,000 | ---D | M] (Kaspersky Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.08.08 12:09:25 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.10.25 20:48:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.10.24 17:48:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.06 17:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.25 13:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.10.11 13:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.08.08 12:09:24 | 000,000,000 | ---D | M] (Kaspersky Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU
[2010.08.08 12:09:25 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\HomeCinema\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [PMCRemote]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CAAD4A-4038-4144-BD58-DD33CDF138E4}: DhcpNameServer = 193.254.160.1 193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell - "" = AutoRun
O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.ZMBV - zmbv.dll ()
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.19 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.17 19:47:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.11.17 19:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.17 19:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.17 19:46:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.17 19:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.16 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun
[2011.11.09 17:12:51 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.01 20:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\My Games
[2011.11.01 20:51:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.11.01 20:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.01 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.01 20:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.11.01 19:21:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\50 DOS Games
[2011.11.01 19:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2011.11.01 19:16:36 | 000,000,000 | ---D | C] -- C:\Users\***\D-Fend Reloaded
[2011.11.01 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2011.10.25 20:49:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Youcam
[2011.10.25 20:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2008.07.25 08:00:57 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.20 16:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.20 16:16:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.20 16:03:58 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EADCF6FB-7C07-45E3-BF4A-6E44A2FF6AEA}.job
[2011.11.20 16:00:33 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.11.20 15:58:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.20 15:58:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 15:58:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 15:58:27 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.17 19:46:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.17 16:55:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.16 21:12:39 | 000,014,783 | ---- | M] () -- C:\Users\***\Documents\maligne.odt
[2011.11.16 21:02:41 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.11.15 19:06:01 | 000,314,305 | ---- | M] () -- C:\Users\***\Documents\St. Gallener Managmentmodell.pdf
[2011.11.12 12:30:12 | 000,018,966 | ---- | M] () -- C:\Users\***\Documents\lymphdrainage skript.odt
[2011.11.09 20:01:38 | 000,000,375 | ---- | M] () -- C:\Users\***\Documents\Bilder - Verknüpfung.lnk
[2011.11.06 20:24:03 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.06 20:24:03 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.06 20:24:03 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.06 20:24:03 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.01 19:16:54 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2011.10.28 09:01:39 | 000,026,384 | ---- | M] () -- C:\Users\***\Documents\Kontrollfragen Lymphdrainage.odt
[2011.10.26 21:08:00 | 002,538,327 | ---- | M] () -- C:\Users\***\Documents\b-daybash flyer.jpg
[2011.10.25 20:47:58 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.17 19:46:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 21:12:37 | 000,014,783 | ---- | C] () -- C:\Users\***\Documents\maligne.odt
[2011.11.15 19:05:41 | 000,314,305 | ---- | C] () -- C:\Users\***\Documents\St. Gallener Managmentmodell.pdf
[2011.11.09 20:01:38 | 000,000,375 | ---- | C] () -- C:\Users\***\Documents\Bilder - Verknüpfung.lnk
[2011.11.01 19:16:54 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2011.10.27 18:44:25 | 000,026,384 | ---- | C] () -- C:\Users\***\Documents\Kontrollfragen Lymphdrainage.odt
[2011.10.26 21:07:17 | 002,538,327 | ---- | C] () -- C:\Users\***\Documents\b-daybash flyer.jpg
[2011.10.25 20:47:58 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.25 20:29:01 | 000,018,966 | ---- | C] () -- C:\Users\***\Documents\lymphdrainage skript.odt
[2011.08.04 09:22:47 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.07.20 06:34:08 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.06.15 18:41:34 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.15 18:41:33 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.14 19:14:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.08 12:51:08 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.08 12:08:45 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.08 12:08:45 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.11 17:50:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.11 17:50:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.07.11 17:49:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.04.09 21:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.01.04 15:05:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2008.12.24 13:24:33 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Default.PLS
[2008.09.15 19:22:39 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2008.09.15 19:22:39 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2008.09.15 19:22:39 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2008.09.15 19:22:39 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2008.09.15 19:22:39 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2008.09.06 16:14:46 | 000,020,480 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.06 09:08:28 | 000,144,358 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.05 19:51:34 | 000,144,358 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.25 08:00:57 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.07.25 08:00:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.07.25 08:00:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.07.17 13:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.07.17 12:56:03 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.17 12:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.17 12:56:03 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.17 12:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.17 10:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.07.17 08:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.07.17 07:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.07.14 10:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.22 00:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.04.22 00:44:54 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008.04.22 00:43:44 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.01 16:17:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.08.03 15:59:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2009.01.04 15:40:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2009.06.23 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.07.10 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2008.09.05 14:07:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2008.09.08 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2008.09.08 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.11.17 19:47:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.03.13 13:06:48 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2008.09.08 16:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2008.09.07 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010.08.08 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2010.10.24 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.11.20 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.26 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2008.09.07 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Ericsson
[2011.11.16 21:02:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2008.09.07 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teleca
[2011.10.11 13:06:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2011.11.01 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.07.10 15:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.07.10 15:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.10 15:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.06 23:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2010.05.06 23:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2010.08.08 12:06:14 | 000,475,224 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.05.07 11:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

< End of report >
         
--- --- ---

Alt 21.11.2011, 09:50   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
[2010.11.28 16:05:29 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions\toolbar@ask.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell - "" = AutoRun
O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2011, 11:37   #11
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



so hier die log

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ not found.
File G:\setup.exe AUTORUN=1 not found.
ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ***
->Temp folder emptied: 3850846 bytes
->Temporary Internet Files folder emptied: 1929067 bytes
->Java cache emptied: 4858 bytes
->FireFox cache emptied: 82627417 bytes
->Flash cache emptied: 533 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50808 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3057173 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 87,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_113202

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 21.11.2011, 11:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2011, 12:18   #13
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



So hab bei allen funden skip gemacht

12:12:30.0515 5912 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
12:12:30.0781 5912 ============================================================
12:12:30.0781 5912 Current date / time: 2011/11/21 12:12:30.0781
12:12:30.0781 5912 SystemInfo:
12:12:30.0781 5912
12:12:30.0781 5912 OS Version: 6.0.6002 ServicePack: 2.0
12:12:30.0781 5912 Product type: Workstation
12:12:30.0781 5912 ComputerName: ***
12:12:30.0781 5912 UserName: ***
12:12:30.0781 5912 Windows directory: C:\Windows
12:12:30.0781 5912 System windows directory: C:\Windows
12:12:30.0781 5912 Processor architecture: Intel x86
12:12:30.0781 5912 Number of processors: 2
12:12:30.0781 5912 Page size: 0x1000
12:12:30.0781 5912 Boot type: Normal boot
12:12:30.0781 5912 ============================================================
12:12:31.0639 5912 Initialize success
12:13:20.0139 5900 ============================================================
12:13:20.0139 5900 Scan started
12:13:20.0139 5900 Mode: Manual; SigCheck; TDLFS;
12:13:20.0139 5900 ============================================================
12:13:20.0825 5900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:13:20.0981 5900 ACPI - ok
12:13:21.0122 5900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:13:21.0153 5900 adp94xx - ok
12:13:21.0278 5900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:13:21.0309 5900 adpahci - ok
12:13:21.0387 5900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:13:21.0403 5900 adpu160m - ok
12:13:21.0465 5900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:13:21.0481 5900 adpu320 - ok
12:13:21.0621 5900 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:13:21.0777 5900 AFD - ok
12:13:21.0902 5900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:13:21.0917 5900 agp440 - ok
12:13:21.0964 5900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:13:21.0995 5900 aic78xx - ok
12:13:22.0027 5900 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:13:22.0042 5900 aliide - ok
12:13:22.0120 5900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:13:22.0136 5900 amdagp - ok
12:13:22.0167 5900 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:13:22.0183 5900 amdide - ok
12:13:22.0198 5900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:13:22.0463 5900 AmdK7 - ok
12:13:22.0604 5900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:13:22.0666 5900 AmdK8 - ok
12:13:22.0729 5900 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:13:22.0744 5900 arc - ok
12:13:22.0822 5900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:13:22.0838 5900 arcsas - ok
12:13:22.0900 5900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:22.0963 5900 AsyncMac - ok
12:13:23.0009 5900 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:13:23.0025 5900 atapi - ok
12:13:23.0119 5900 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
12:13:23.0197 5900 atksgt - ok
12:13:23.0290 5900 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
12:13:23.0306 5900 ATSWPDRV - ok
12:13:23.0446 5900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:13:23.0524 5900 Beep - ok
12:13:23.0602 5900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:13:23.0649 5900 blbdrive - ok
12:13:23.0711 5900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:13:23.0774 5900 bowser - ok
12:13:23.0852 5900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:13:23.0914 5900 BrFiltLo - ok
12:13:23.0930 5900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:13:23.0992 5900 BrFiltUp - ok
12:13:24.0039 5900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:13:24.0257 5900 Brserid - ok
12:13:24.0320 5900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:13:24.0382 5900 BrSerWdm - ok
12:13:24.0398 5900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:13:24.0476 5900 BrUsbMdm - ok
12:13:24.0491 5900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:13:24.0554 5900 BrUsbSer - ok
12:13:24.0616 5900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:13:24.0694 5900 BTHMODEM - ok
12:13:24.0788 5900 Cam5607 (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys
12:13:24.0819 5900 Cam5607 - ok
12:13:24.0850 5900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:13:24.0897 5900 cdfs - ok
12:13:24.0975 5900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:13:25.0022 5900 cdrom - ok
12:13:25.0069 5900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:13:25.0115 5900 circlass - ok
12:13:25.0162 5900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:13:25.0193 5900 CLFS - ok
12:13:25.0240 5900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:13:25.0303 5900 CmBatt - ok
12:13:25.0334 5900 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:13:25.0349 5900 cmdide - ok
12:13:25.0365 5900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:13:25.0381 5900 Compbatt - ok
12:13:25.0396 5900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:13:25.0427 5900 crcdisk - ok
12:13:25.0443 5900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:13:25.0474 5900 Crusoe - ok
12:13:25.0568 5900 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:13:25.0661 5900 DfsC - ok
12:13:25.0739 5900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:13:25.0771 5900 disk - ok
12:13:25.0849 5900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:13:25.0911 5900 drmkaud - ok
12:13:25.0989 5900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:13:26.0051 5900 DXGKrnl - ok
12:13:26.0114 5900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:13:26.0145 5900 E1G60 - ok
12:13:26.0285 5900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:13:26.0317 5900 Ecache - ok
12:13:26.0395 5900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:13:26.0426 5900 elxstor - ok
12:13:26.0441 5900 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:13:26.0504 5900 ErrDev - ok
12:13:26.0582 5900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:13:26.0675 5900 exfat - ok
12:13:26.0722 5900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:13:26.0785 5900 fastfat - ok
12:13:26.0847 5900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:13:26.0909 5900 fdc - ok
12:13:26.0941 5900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:13:26.0972 5900 FileInfo - ok
12:13:27.0019 5900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:13:27.0097 5900 Filetrace - ok
12:13:27.0112 5900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:13:27.0206 5900 flpydisk - ok
12:13:27.0268 5900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:13:27.0315 5900 FltMgr - ok
12:13:27.0377 5900 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:13:27.0502 5900 Fs_Rec - ok
12:13:27.0518 5900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:13:27.0549 5900 gagp30kx - ok
12:13:27.0627 5900 GT72NDISIPXP (9eb33545bc9b1ca0c9b9e6d780ce0d27) C:\Windows\system32\DRIVERS\Gt51Ip.sys
12:13:27.0658 5900 GT72NDISIPXP - ok
12:13:27.0814 5900 GT72UBUS (687a4b740f14c2dff6dd7b848f50f0a6) C:\Windows\system32\DRIVERS\gt72ubus.sys
12:13:27.0845 5900 GT72UBUS - ok
12:13:28.0111 5900 GTPTSER (346ddaefa04e49ad804ee12d4baa0ed3) C:\Windows\system32\DRIVERS\gtptser.sys
12:13:28.0173 5900 GTPTSER - ok
12:13:28.0360 5900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:13:28.0423 5900 HdAudAddService - ok
12:13:28.0501 5900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:13:28.0594 5900 HDAudBus - ok
12:13:28.0641 5900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:13:28.0735 5900 HidBth - ok
12:13:28.0766 5900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:13:28.0875 5900 HidIr - ok
12:13:28.0922 5900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:13:29.0000 5900 HidUsb - ok
12:13:29.0109 5900 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
12:13:29.0125 5900 Hotkey ( UnsignedFile.Multi.Generic ) - warning
12:13:29.0125 5900 Hotkey - detected UnsignedFile.Multi.Generic (1)
12:13:29.0218 5900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:13:29.0249 5900 HpCISSs - ok
12:13:29.0296 5900 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:13:29.0390 5900 HTTP - ok
12:13:29.0421 5900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:13:29.0452 5900 i2omp - ok
12:13:29.0561 5900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:13:29.0655 5900 i8042prt - ok
12:13:29.0702 5900 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
12:13:29.0717 5900 iaStor - ok
12:13:29.0749 5900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:13:29.0764 5900 iaStorV - ok
12:13:29.0795 5900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:13:29.0811 5900 iirsp - ok
12:13:29.0920 5900 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
12:13:30.0061 5900 IntcAzAudAddService - ok
12:13:30.0092 5900 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:13:30.0123 5900 intelide - ok
12:13:30.0185 5900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:13:30.0248 5900 intelppm - ok
12:13:30.0326 5900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:30.0357 5900 IpFilterDriver - ok
12:13:30.0373 5900 IpInIp - ok
12:13:30.0388 5900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:13:30.0419 5900 IPMIDRV - ok
12:13:30.0451 5900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:13:30.0513 5900 IPNAT - ok
12:13:30.0544 5900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:13:30.0591 5900 IRENUM - ok
12:13:30.0607 5900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:13:30.0622 5900 isapnp - ok
12:13:30.0669 5900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:13:30.0700 5900 iScsiPrt - ok
12:13:30.0716 5900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:13:30.0731 5900 iteatapi - ok
12:13:30.0747 5900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:13:30.0778 5900 iteraid - ok
12:13:30.0794 5900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:30.0841 5900 kbdclass - ok
12:13:30.0887 5900 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:30.0934 5900 kbdhid - ok
12:13:31.0012 5900 KL1 (47f4320cff5bd3de472bb300a32a879e) C:\Windows\system32\DRIVERS\kl1.sys
12:13:31.0043 5900 KL1 - ok
12:13:31.0059 5900 kl2 (0e29fe31bd4c72412ad99253e71b25c1) C:\Windows\system32\DRIVERS\kl2.sys
12:13:31.0075 5900 kl2 - ok
12:13:31.0168 5900 KLIF (0fa77171e66d1f6887b02e9f9afe3523) C:\Windows\system32\DRIVERS\klif.sys
12:13:31.0184 5900 KLIF - ok
12:13:31.0262 5900 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
12:13:31.0309 5900 KLIM6 - ok
12:13:31.0371 5900 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
12:13:31.0387 5900 klmouflt - ok
12:13:31.0511 5900 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:13:31.0527 5900 KSecDD - ok
12:13:31.0605 5900 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
12:13:31.0621 5900 lirsgt - ok
12:13:31.0699 5900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:13:31.0823 5900 lltdio - ok
12:13:31.0870 5900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:13:31.0886 5900 LSI_FC - ok
12:13:31.0948 5900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:13:31.0964 5900 LSI_SAS - ok
12:13:31.0979 5900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:13:31.0995 5900 LSI_SCSI - ok
12:13:32.0011 5900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:13:32.0182 5900 luafv - ok
12:13:32.0307 5900 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
12:13:32.0338 5900 MBAMProtector - ok
12:13:32.0401 5900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:13:32.0463 5900 megasas - ok
12:13:32.0494 5900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:13:32.0525 5900 MegaSR - ok
12:13:32.0603 5900 mod7700 (4d2d882daee49b35b7b56fd9444564e9) C:\Windows\system32\Drivers\mod7700.sys
12:13:32.0650 5900 mod7700 - ok
12:13:32.0681 5900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:13:32.0744 5900 Modem - ok
12:13:32.0775 5900 MODRC (370e88453ec0d7bea6eb24be8d865dbe) C:\Windows\system32\DRIVERS\modrc.sys
12:13:32.0791 5900 MODRC ( UnsignedFile.Multi.Generic ) - warning
12:13:32.0791 5900 MODRC - detected UnsignedFile.Multi.Generic (1)
12:13:32.0822 5900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:13:32.0884 5900 monitor - ok
12:13:32.0915 5900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:13:32.0978 5900 mouclass - ok
12:13:33.0040 5900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:13:33.0149 5900 mouhid - ok
12:13:33.0212 5900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:13:33.0243 5900 MountMgr - ok
12:13:33.0290 5900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:13:33.0305 5900 mpio - ok
12:13:33.0337 5900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:13:33.0430 5900 mpsdrv - ok
12:13:33.0493 5900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:13:33.0508 5900 Mraid35x - ok
12:13:33.0571 5900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:13:33.0680 5900 MRxDAV - ok
12:13:33.0727 5900 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:33.0883 5900 mrxsmb - ok
12:13:33.0929 5900 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:33.0976 5900 mrxsmb10 - ok
12:13:34.0007 5900 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:34.0054 5900 mrxsmb20 - ok
12:13:34.0117 5900 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
12:13:34.0132 5900 msahci - ok
12:13:34.0179 5900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:13:34.0195 5900 msdsm - ok
12:13:34.0241 5900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:13:34.0319 5900 Msfs - ok
12:13:34.0366 5900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:13:34.0382 5900 msisadrv - ok
12:13:34.0444 5900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:13:34.0475 5900 MSKSSRV - ok
12:13:34.0522 5900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:34.0553 5900 MSPCLOCK - ok
12:13:34.0600 5900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:13:34.0663 5900 MSPQM - ok
12:13:34.0709 5900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:13:34.0725 5900 MsRPC - ok
12:13:34.0756 5900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:13:34.0865 5900 mssmbios - ok
12:13:34.0912 5900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:13:34.0975 5900 MSTEE - ok
12:13:35.0006 5900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:13:35.0021 5900 Mup - ok
12:13:35.0084 5900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:13:35.0131 5900 NativeWifiP - ok
12:13:35.0193 5900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:13:35.0240 5900 NDIS - ok
12:13:35.0302 5900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:35.0380 5900 NdisTapi - ok
12:13:35.0411 5900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:35.0505 5900 Ndisuio - ok
12:13:35.0552 5900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:35.0614 5900 NdisWan - ok
12:13:35.0645 5900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:13:35.0708 5900 NDProxy - ok
12:13:35.0770 5900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:13:35.0864 5900 NetBIOS - ok
12:13:35.0926 5900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:13:36.0035 5900 netbt - ok
12:13:36.0145 5900 NETw4v32 (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys
12:13:36.0394 5900 NETw4v32 - ok
12:13:36.0425 5900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:13:36.0441 5900 nfrd960 - ok
12:13:36.0488 5900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:13:36.0644 5900 Npfs - ok
12:13:36.0675 5900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:13:36.0815 5900 nsiproxy - ok
12:13:36.0893 5900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:13:36.0956 5900 Ntfs - ok
12:13:36.0987 5900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:13:37.0049 5900 ntrigdigi - ok
12:13:37.0081 5900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:13:37.0205 5900 Null - ok
12:13:37.0502 5900 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:13:38.0001 5900 nvlddmkm - ok
12:13:38.0032 5900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:13:38.0063 5900 nvraid - ok
12:13:38.0079 5900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:13:38.0141 5900 nvstor - ok
12:13:38.0173 5900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:13:38.0188 5900 nv_agp - ok
12:13:38.0204 5900 NwlnkFlt - ok
12:13:38.0219 5900 NwlnkFwd - ok
12:13:38.0266 5900 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:13:38.0360 5900 ohci1394 - ok
12:13:38.0438 5900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:13:38.0563 5900 Parport - ok
12:13:38.0625 5900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:13:38.0656 5900 partmgr - ok
12:13:38.0672 5900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:13:38.0765 5900 Parvdm - ok
12:13:38.0812 5900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:13:38.0843 5900 pci - ok
12:13:38.0843 5900 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:13:38.0859 5900 pciide - ok
12:13:38.0890 5900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:13:38.0921 5900 pcmcia - ok
12:13:39.0031 5900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:13:39.0233 5900 PEAUTH - ok
12:13:39.0296 5900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:13:39.0389 5900 PptpMiniport - ok
12:13:39.0436 5900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:13:39.0530 5900 Processor - ok
12:13:39.0623 5900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:13:39.0686 5900 PSched - ok
12:13:39.0764 5900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:13:39.0826 5900 ql2300 - ok
12:13:39.0857 5900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:13:39.0889 5900 ql40xx - ok
12:13:39.0904 5900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:13:40.0029 5900 QWAVEdrv - ok
12:13:40.0045 5900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:13:40.0169 5900 RasAcd - ok
12:13:40.0216 5900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:40.0294 5900 Rasl2tp - ok
12:13:40.0357 5900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:40.0435 5900 RasPppoe - ok
12:13:40.0481 5900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:13:40.0513 5900 RasSstp - ok
12:13:40.0575 5900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:13:40.0637 5900 rdbss - ok
12:13:40.0669 5900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:40.0840 5900 RDPCDD - ok
12:13:40.0871 5900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:13:40.0903 5900 rdpdr - ok
12:13:40.0918 5900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:13:41.0043 5900 RDPENCDD - ok
12:13:41.0090 5900 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:13:41.0137 5900 RDPWD - ok
12:13:41.0230 5900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:13:41.0339 5900 rspndr - ok
12:13:41.0402 5900 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
12:13:41.0464 5900 RTL8169 - ok
12:13:41.0511 5900 RTSTOR (0d1c1b0de2819fe1ea25098183130b64) C:\Windows\system32\drivers\RTSTOR.SYS
12:13:41.0589 5900 RTSTOR - ok
12:13:41.0651 5900 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
12:13:41.0683 5900 s125bus - ok
12:13:41.0761 5900 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
12:13:41.0776 5900 s125mdfl - ok
12:13:41.0807 5900 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
12:13:41.0823 5900 s125mdm - ok
12:13:41.0854 5900 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys
12:13:41.0870 5900 s125mgmt - ok
12:13:41.0901 5900 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys
12:13:41.0917 5900 s125obex - ok
12:13:42.0073 5900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:13:42.0166 5900 sbp2port - ok
12:13:42.0213 5900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:13:42.0400 5900 secdrv - ok
12:13:42.0431 5900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:13:42.0478 5900 Serenum - ok
12:13:42.0509 5900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:13:42.0650 5900 Serial - ok
12:13:42.0665 5900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:13:42.0712 5900 sermouse - ok
12:13:42.0728 5900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:13:42.0775 5900 sffdisk - ok
12:13:42.0790 5900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:13:42.0868 5900 sffp_mmc - ok
12:13:42.0884 5900 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:13:42.0977 5900 sffp_sd - ok
12:13:43.0009 5900 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
12:13:43.0102 5900 sfloppy - ok
12:13:43.0165 5900 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys
12:13:43.0180 5900 Si3531 - ok
12:13:43.0196 5900 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys
12:13:43.0227 5900 SiFilter - ok
12:13:43.0243 5900 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys
12:13:43.0258 5900 SiRemFil - ok
12:13:43.0289 5900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:13:43.0352 5900 sisagp - ok
12:13:43.0367 5900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:13:43.0430 5900 SiSRaid2 - ok
12:13:43.0445 5900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:13:43.0508 5900 SiSRaid4 - ok
12:13:43.0570 5900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:13:43.0601 5900 Smb - ok
12:13:43.0711 5900 SNP2UVC (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:13:43.0867 5900 SNP2UVC - ok
12:13:43.0898 5900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:13:43.0913 5900 spldr - ok
12:13:43.0991 5900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:13:44.0210 5900 srv - ok
12:13:44.0272 5900 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:13:44.0350 5900 srv2 - ok
12:13:44.0397 5900 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:13:44.0428 5900 srvnet - ok
12:13:44.0522 5900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:13:44.0584 5900 swenum - ok
12:13:44.0615 5900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:13:44.0631 5900 Symc8xx - ok
12:13:44.0647 5900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:13:44.0662 5900 Sym_hi - ok
12:13:44.0678 5900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:13:44.0693 5900 Sym_u3 - ok
12:13:44.0771 5900 SynTP (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
12:13:44.0787 5900 SynTP - ok
12:13:44.0865 5900 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:13:44.0912 5900 Tcpip - ok
12:13:44.0959 5900 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:13:45.0037 5900 Tcpip6 - ok
12:13:45.0083 5900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:13:45.0130 5900 tcpipreg - ok
12:13:45.0177 5900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:13:45.0302 5900 TDPIPE - ok
12:13:45.0333 5900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:13:45.0364 5900 TDTCP - ok
12:13:45.0411 5900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:13:45.0473 5900 tdx - ok
12:13:45.0536 5900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:13:45.0567 5900 TermDD - ok
12:13:45.0629 5900 TridVid (171f41174a88f71e7234d7a48303c6a0) C:\Windows\system32\DRIVERS\TridVid.sys
12:13:45.0676 5900 TridVid ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0676 5900 TridVid - detected UnsignedFile.Multi.Generic (1)
12:13:45.0723 5900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:45.0785 5900 tssecsrv - ok
12:13:45.0848 5900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:13:45.0957 5900 tunmp - ok
12:13:46.0004 5900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:13:46.0051 5900 tunnel - ok
12:13:46.0082 5900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:13:46.0113 5900 uagp35 - ok
12:13:46.0175 5900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:13:46.0207 5900 udfs - ok
12:13:46.0238 5900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:13:46.0269 5900 uliagpkx - ok
12:13:46.0285 5900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:13:46.0316 5900 uliahci - ok
12:13:46.0347 5900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:13:46.0363 5900 UlSata - ok
12:13:46.0378 5900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:13:46.0409 5900 ulsata2 - ok
12:13:46.0441 5900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:13:46.0550 5900 umbus - ok
12:13:46.0612 5900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:13:46.0659 5900 usbccgp - ok
12:13:46.0690 5900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:13:46.0753 5900 usbcir - ok
12:13:46.0815 5900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:13:46.0862 5900 usbehci - ok
12:13:46.0924 5900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:13:47.0002 5900 usbhub - ok
12:13:47.0018 5900 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:13:47.0080 5900 usbohci - ok
12:13:47.0127 5900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:13:47.0158 5900 usbprint - ok
12:13:47.0174 5900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:47.0236 5900 USBSTOR - ok
12:13:47.0299 5900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:13:47.0361 5900 usbuhci - ok
12:13:47.0392 5900 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:13:47.0455 5900 usbvideo - ok
12:13:47.0533 5900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:47.0579 5900 vga - ok
12:13:47.0611 5900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:13:47.0735 5900 VgaSave - ok
12:13:47.0767 5900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:13:47.0782 5900 viaagp - ok
12:13:47.0798 5900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:13:47.0845 5900 ViaC7 - ok
12:13:47.0876 5900 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:13:47.0891 5900 viaide - ok
12:13:47.0907 5900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:13:47.0938 5900 volmgr - ok
12:13:47.0985 5900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:13:48.0016 5900 volmgrx - ok
12:13:48.0047 5900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:13:48.0079 5900 volsnap - ok
12:13:48.0125 5900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:13:48.0157 5900 vsmraid - ok
12:13:48.0188 5900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:13:48.0281 5900 WacomPen - ok
12:13:48.0313 5900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:13:48.0422 5900 Wanarp - ok
12:13:48.0453 5900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:13:48.0484 5900 Wanarpv6 - ok
12:13:48.0531 5900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:13:48.0547 5900 Wd - ok
12:13:48.0593 5900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:13:48.0625 5900 Wdf01000 - ok
12:13:48.0703 5900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:13:48.0765 5900 WmiAcpi - ok
12:13:48.0812 5900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:13:48.0859 5900 ws2ifsl - ok
12:13:48.0890 5900 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:49.0015 5900 WUDFRd - ok
12:13:49.0077 5900 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:13:49.0171 5900 \Device\Harddisk0\DR0 - ok
12:13:49.0186 5900 Boot (0x1200) (a5ecfa4bfdce672c763936ed7c01016f) \Device\Harddisk0\DR0\Partition0
12:13:49.0186 5900 \Device\Harddisk0\DR0\Partition0 - ok
12:13:49.0202 5900 Boot (0x1200) (0f66965ce083ce3a9d3720cf0ca37bfe) \Device\Harddisk0\DR0\Partition1
12:13:49.0202 5900 \Device\Harddisk0\DR0\Partition1 - ok
12:13:49.0202 5900 ============================================================
12:13:49.0202 5900 Scan finished
12:13:49.0202 5900 ============================================================
12:13:49.0217 1736 Detected object count: 3
12:13:49.0217 1736 Actual detected object count: 3
12:14:01.0541 1736 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:01.0541 1736 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:01.0541 1736 MODRC ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:01.0541 1736 MODRC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:01.0541 1736 TridVid ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:01.0541 1736 TridVid ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 21.11.2011, 12:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2011, 13:06   #15
muecke
 
unbekannte Bedrohung UDS: dangerousobject.multi.generic - Standard

unbekannte Bedrohung UDS: dangerousobject.multi.generic



so hier die log

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-20.02 - carlos 21.11.2011  12:38:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1902 [GMT 1:00]
ausgeführt von:: c:\users\carlos\Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-21 bis 2011-11-21  ))))))))))))))))))))))))))))))
.
.
2011-11-21 11:46 . 2011-11-21 11:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-21 10:32 . 2011-11-21 10:32	--------	d-----w-	C:\_OTL
2011-11-19 09:34 . 2011-11-19 09:34	--------	d-----w-	c:\program files\ESET
2011-11-17 18:47 . 2011-11-17 18:47	--------	d-----w-	c:\users\carlos\AppData\Roaming\Malwarebytes
2011-11-17 18:46 . 2011-11-17 18:46	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-17 18:46 . 2011-11-17 18:46	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-17 18:46 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-09 16:19 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 16:19 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:19 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 16:12 . 2011-11-17 15:55	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 18:16 . 2011-11-01 18:19	--------	d-----w-	c:\users\carlos\D-Fend Reloaded
2011-11-01 18:16 . 2011-11-01 18:16	--------	d-----w-	c:\program files\D-Fend Reloaded
2011-10-25 17:48 . 2011-08-13 04:43	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:06 . 2011-10-13 14:36	916480	----a-w-	c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 14:36	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 14:36	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 14:36	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 14:36	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 14:36	385024	----a-w-	c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 14:36	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 14:36	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-13 14:36	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-08-25 16:15 . 2011-10-13 14:36	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 14:36	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-13 14:36	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-13 14:36	4096	----a-w-	c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2008-01-24 644368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="c:\program files\HomeCinema\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2007-08-14 218408]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-12-3 599312]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 798720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 135664]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 135664]
R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-10-19 13824]
R3 TridVid;Video Grabber;c:\windows\system32\DRIVERS\TridVid.sys [2008-09-02 168704]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 15:10]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 15:10]
.
2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{EADCF6FB-7C07-45E3-BF4A-6E44A2FF6AEA}.job
- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\carlos\AppData\Roaming\Mozilla\Firefox\Profiles\skdovq4e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-PMCRemote - (no file)
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-21 12:52
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5044)
c:\program files\Softex\OmniPass\SCUREDLL.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\RtHDVCpl.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-21  12:59:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-21 11:58
.
Vor Suchlauf: 12 Verzeichnis(se), 210.551.865.344 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 209.930.268.672 Bytes frei
.
- - End Of File - - 14E99BB9442B1CCDDE7529525FBDB36B
         
--- --- ---

Antwort

Themen zu unbekannte Bedrohung UDS: dangerousobject.multi.generic
angezeigt, appdata, bedrohung, bekannte, bereits, cache, dateien, fehler, folge, folgendes, fund, fundmeldung, gestern, heute, interne, internet, java, laptop, roaming, sache, sachen, scan, temp, unbekannte, unterwegs, vergessen




Ähnliche Themen: unbekannte Bedrohung UDS: dangerousobject.multi.generic


  1. Problem UDS:DangerousObject.Multi.Generic
    Plagegeister aller Art und deren Bekämpfung - 12.07.2015 (5)
  2. UDS:DangerousObjekt.Multi.Generic taucht alle 3 Stunden wieder auf
    Log-Analyse und Auswertung - 02.04.2015 (11)
  3. Samsung Link.exe;UDS:DangerousObject.Multi.Generic
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (3)
  4. UDS:DangerousObject.Multi.Generic
    Plagegeister aller Art und deren Bekämpfung - 04.10.2014 (7)
  5. HiddenObject.Multi.Generic und PC verhält sich merkwürdig
    Plagegeister aller Art und deren Bekämpfung - 26.12.2013 (10)
  6. UDS:DangerousObject.Multi.Generic Nun hats mich auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (33)
  7. Kaspersky Scan: Gefunden: HiddenObject.Multi.Generic.
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (8)
  8. UDS.DangerousObject.Multi.Generic
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (4)
  9. combofix log auswerten,wei tdsskiller das hier( UnsignedFile.Multi.Generic ) GEFUNDEN HAT
    Mülltonne - 19.12.2012 (1)
  10. Verhaltensüberwachung, unbekannte Bedrohung
    Log-Analyse und Auswertung - 06.12.2012 (5)
  11. Skype-Virus - anschließend UDS:DangerousObject.Multi.Generic / Trojan.Win.32.VBKrypt.nqht
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (7)
  12. runonce - Unbekannte Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  13. dangerousobject.multi.generic
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (1)
  14. Constructor.MSIL.Feka.a und HiddenObject.Multi.Generic
    Log-Analyse und Auswertung - 14.03.2012 (27)
  15. UDS:DangerousObject.Multi.Generic von Kaspersky - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 06.10.2011 (4)
  16. HiddenObject.Multi.Generic - kasdb.fs.tmp
    Plagegeister aller Art und deren Bekämpfung - 09.03.2011 (5)
  17. Kaspersky meldet UDS:DangerousObject.Multi.Generic
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (10)

Zum Thema unbekannte Bedrohung UDS: dangerousobject.multi.generic - Hallo zusammen Kaspersky hat gestern einen Fund gemacht während ich im Internet unterwegs war. Hab den fehler gemacht und vergessen dass mein Laptop so sachen wie noscript, adblocker etc. nicht - unbekannte Bedrohung UDS: dangerousobject.multi.generic...
Archiv
Du betrachtest: unbekannte Bedrohung UDS: dangerousobject.multi.generic auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.