|
Log-Analyse und Auswertung: unbekannte Bedrohung UDS: dangerousobject.multi.genericWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.11.2011, 20:19 | #1 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic Hallo zusammen Kaspersky hat gestern einen Fund gemacht während ich im Internet unterwegs war. Hab den fehler gemacht und vergessen dass mein Laptop so sachen wie noscript, adblocker etc. nicht an hat und schon war ein eine Fundmeldung da. Im kaspersky wurde mir folgendes angezeigt "unbekannte Bedrohung UDS: dangerousobject.multi.generic" welche bereits auf zwei Dateien gefunden wurde. Erstes mal am 16.11. und heute am 17.11 in einer zweiten Datei. 1. \AppData\Roaming\Sun\Java\Deployment\cache\6.0\20\1456c14-2e953c34 2. \AppData\Local\Temp\0.21020593048302882.EXE Malwarebytes Scan läuft grade noch... Bitte um Hilfe Mit freundlichen Grüßen Mücke |
17.11.2011, 20:27 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | unbekannte Bedrohung UDS: dangerousobject.multi.genericZitat:
__________________ |
17.11.2011, 22:01 | #3 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic So hier mal die Malwarebyes log
__________________Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8184 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19154 17.11.2011 21:55:56 mbam-log-2011-11-17 (21-55-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 316371 Laufzeit: 2 Stunde(n), 5 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
17.11.2011, 22:22 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | unbekannte Bedrohung UDS: dangerousobject.multi.generic Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.11.2011, 06:59 | #5 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic nur noch die protection log 19:48:03 MESSAGE Protection started successfully 19:48:08 MESSAGE IP Protection started successfully Gruß Mücke |
18.11.2011, 11:34 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | unbekannte Bedrohung UDS: dangerousobject.multi.generic Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> unbekannte Bedrohung UDS: dangerousobject.multi.generic |
19.11.2011, 12:35 | #7 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic Hier die log Datei ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d1dc636c1a54be419b32e69f78abdebb # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-19 11:21:52 # local_time=2011-11-19 12:21:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1280 16777215 100 0 40429760 40429760 0 0 # compatibility_mode=5892 16776574 100 100 5528951 159228101 0 0 # compatibility_mode=8192 67108863 100 0 3722 3722 0 0 # scanned=173658 # found=0 # cleaned=0 # scan_time=6339 |
20.11.2011, 12:21 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | unbekannte Bedrohung UDS: dangerousobject.multi.generic CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
20.11.2011, 17:29 | #9 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic Hab den normalen Scan gemacht. Hoffe der geht auch. OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.11.2011 16:21:58 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Documents\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,30% Memory free 6,19 Gb Paging File | 4,90 Gb Available in Paging File | 79,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275,41 Gb Total Space | 196,23 Gb Free Space | 71,25% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.20 16:19:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Downloads\OTL.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.05.07 11:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2010.05.07 11:37:14 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe PRC - [2010.03.17 16:26:24 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2008.07.25 08:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe PRC - [2008.07.03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.12.03 15:39:26 | 000,599,312 | ---- | M] (Pinnacle Systems) -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe PRC - [2007.11.07 10:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe PRC - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe PRC - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2007.11.02 11:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 08:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 10:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2006.12.26 10:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe ========== Modules (No Company Name) ========== MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe MOD - [2008.07.18 19:52:08 | 000,649,704 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll MOD - [2007.12.03 15:39:28 | 000,111,888 | ---- | M] () -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll MOD - [2007.11.02 11:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2007.11.02 11:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.11.02 11:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.11.02 11:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.11.02 11:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2007.11.02 11:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2007.11.02 11:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.11.02 11:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.05.07 11:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010.03.17 16:26:24 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008.07.25 08:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc) SRV - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.06.15 18:41:34 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.06.15 18:41:33 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.08.08 12:06:14 | 000,475,224 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2010.05.06 23:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010.05.06 23:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2008.09.02 15:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid) DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.03.13 02:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.12.11 00:05:36 | 000,554,240 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2007.10.19 13:32:58 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.07.09 13:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV - [2007.06.26 12:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS) DRV - [2007.06.25 12:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2007.04.24 10:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 10:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2007.03.30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER) DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=13170&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67 FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 13:58:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.25 13:04:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.08 12:07:19 | 000,000,000 | ---D | M] [2008.09.08 16:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.08 13:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions [2010.11.28 16:05:29 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions\toolbar@ask.com [2011.11.19 12:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions [2011.11.19 12:31:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.19 12:43:17 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2011.11.19 12:31:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.11.16 21:07:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.11.19 12:43:17 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skdovq4e.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2011.11.19 10:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.25 20:48:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.10.24 17:48:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.06 17:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.25 13:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.10.11 13:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2010.08.08 12:09:24 | 000,000,000 | ---D | M] (Kaspersky Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2010.08.08 12:09:25 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011.10.25 20:48:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.10.24 17:48:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.06 17:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.25 13:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.10.11 13:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2010.08.08 12:09:24 | 000,000,000 | ---D | M] (Kaspersky Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU [2010.08.08 12:09:25 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\HomeCinema\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [PMCRemote] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CAAD4A-4038-4144-BD58-DD33CDF138E4}: DhcpNameServer = 193.254.160.1 193.254.160.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell - "" = AutoRun O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.ZMBV - zmbv.dll () Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.19 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.11.17 19:47:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.11.17 19:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.17 19:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.17 19:46:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.17 19:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.16 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun [2011.11.09 17:12:51 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.01 20:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\My Games [2011.11.01 20:51:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2011.11.01 20:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.11.01 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.11.01 20:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.11.01 19:21:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\50 DOS Games [2011.11.01 19:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded [2011.11.01 19:16:36 | 000,000,000 | ---D | C] -- C:\Users\***\D-Fend Reloaded [2011.11.01 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded [2011.10.25 20:49:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Youcam [2011.10.25 20:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2008.07.25 08:00:57 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.20 16:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.20 16:16:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.20 16:03:58 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EADCF6FB-7C07-45E3-BF4A-6E44A2FF6AEA}.job [2011.11.20 16:00:33 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.11.20 15:58:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.20 15:58:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.20 15:58:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.20 15:58:27 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.11.17 19:46:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.17 16:55:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.16 21:12:39 | 000,014,783 | ---- | M] () -- C:\Users\***\Documents\maligne.odt [2011.11.16 21:02:41 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.11.15 19:06:01 | 000,314,305 | ---- | M] () -- C:\Users\***\Documents\St. Gallener Managmentmodell.pdf [2011.11.12 12:30:12 | 000,018,966 | ---- | M] () -- C:\Users\***\Documents\lymphdrainage skript.odt [2011.11.09 20:01:38 | 000,000,375 | ---- | M] () -- C:\Users\***\Documents\Bilder - Verknüpfung.lnk [2011.11.06 20:24:03 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.06 20:24:03 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.06 20:24:03 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.06 20:24:03 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.01 19:16:54 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk [2011.10.28 09:01:39 | 000,026,384 | ---- | M] () -- C:\Users\***\Documents\Kontrollfragen Lymphdrainage.odt [2011.10.26 21:08:00 | 002,538,327 | ---- | M] () -- C:\Users\***\Documents\b-daybash flyer.jpg [2011.10.25 20:47:58 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.17 19:46:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.16 21:12:37 | 000,014,783 | ---- | C] () -- C:\Users\***\Documents\maligne.odt [2011.11.15 19:05:41 | 000,314,305 | ---- | C] () -- C:\Users\***\Documents\St. Gallener Managmentmodell.pdf [2011.11.09 20:01:38 | 000,000,375 | ---- | C] () -- C:\Users\***\Documents\Bilder - Verknüpfung.lnk [2011.11.01 19:16:54 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk [2011.10.27 18:44:25 | 000,026,384 | ---- | C] () -- C:\Users\***\Documents\Kontrollfragen Lymphdrainage.odt [2011.10.26 21:07:17 | 002,538,327 | ---- | C] () -- C:\Users\***\Documents\b-daybash flyer.jpg [2011.10.25 20:47:58 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.10.25 20:29:01 | 000,018,966 | ---- | C] () -- C:\Users\***\Documents\lymphdrainage skript.odt [2011.08.04 09:22:47 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.07.20 06:34:08 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.06.15 18:41:34 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.06.15 18:41:33 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.06.14 19:14:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.08 12:51:08 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2010.08.08 12:08:45 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.08.08 12:08:45 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.07.11 17:50:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.11 17:50:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.11 17:49:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.04.09 21:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.01.04 15:05:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll [2008.12.24 13:24:33 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Default.PLS [2008.09.15 19:22:39 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2008.09.15 19:22:39 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2008.09.15 19:22:39 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2008.09.15 19:22:39 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2008.09.15 19:22:39 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2008.09.06 16:14:46 | 000,020,480 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.06 09:08:28 | 000,144,358 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.09.05 19:51:34 | 000,144,358 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.25 08:00:57 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.07.25 08:00:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.07.25 08:00:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.07.17 13:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.07.17 12:56:03 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.07.17 12:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.07.17 12:56:03 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.07.17 12:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.07.17 10:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2008.07.17 08:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.07.17 07:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.07.14 10:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.04.22 00:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.04.22 00:44:54 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll [2008.04.22 00:43:44 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,359,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.01 16:17:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2010.08.03 15:59:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH [2009.01.04 15:40:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2009.06.23 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2010.07.10 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google [2008.09.05 14:07:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2008.09.08 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2008.09.08 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2011.11.17 19:47:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.03.13 13:06:48 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2008.09.08 16:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2008.09.07 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2010.08.08 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero [2010.10.24 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.11.20 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2011.07.26 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2008.09.07 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Ericsson [2011.11.16 21:02:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun [2008.09.07 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teleca [2011.10.11 13:06:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp [2011.11.01 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.07.10 15:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.07.10 15:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.07.10 15:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.06 23:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2010.05.06 23:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2010.08.08 12:06:14 | 000,475,224 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.05.07 11:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > |
21.11.2011, 09:50 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | unbekannte Bedrohung UDS: dangerousobject.multi.generic Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) [2010.11.28 16:05:29 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions\toolbar@ask.com O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell - "" = AutoRun O33 - MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1 @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2011, 11:37 | #11 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic so hier die log All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully. Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\piq75gda.default\extensions\toolbar@ask.com\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully. C:\Programme\Winamp\winampa.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19327a25-87cb-11dd-a30f-001f1604bfbe}\ not found. File G:\setup.exe AUTORUN=1 not found. ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: *** ->Temp folder emptied: 3850846 bytes ->Temporary Internet Files folder emptied: 1929067 bytes ->Java cache emptied: 4858 bytes ->FireFox cache emptied: 82627417 bytes ->Flash cache emptied: 533 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 50808 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3057173 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 87,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11212011_113202 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
21.11.2011, 11:45 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | unbekannte Bedrohung UDS: dangerousobject.multi.generic Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2011, 12:18 | #13 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic So hab bei allen funden skip gemacht 12:12:30.0515 5912 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 12:12:30.0781 5912 ============================================================ 12:12:30.0781 5912 Current date / time: 2011/11/21 12:12:30.0781 12:12:30.0781 5912 SystemInfo: 12:12:30.0781 5912 12:12:30.0781 5912 OS Version: 6.0.6002 ServicePack: 2.0 12:12:30.0781 5912 Product type: Workstation 12:12:30.0781 5912 ComputerName: *** 12:12:30.0781 5912 UserName: *** 12:12:30.0781 5912 Windows directory: C:\Windows 12:12:30.0781 5912 System windows directory: C:\Windows 12:12:30.0781 5912 Processor architecture: Intel x86 12:12:30.0781 5912 Number of processors: 2 12:12:30.0781 5912 Page size: 0x1000 12:12:30.0781 5912 Boot type: Normal boot 12:12:30.0781 5912 ============================================================ 12:12:31.0639 5912 Initialize success 12:13:20.0139 5900 ============================================================ 12:13:20.0139 5900 Scan started 12:13:20.0139 5900 Mode: Manual; SigCheck; TDLFS; 12:13:20.0139 5900 ============================================================ 12:13:20.0825 5900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 12:13:20.0981 5900 ACPI - ok 12:13:21.0122 5900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 12:13:21.0153 5900 adp94xx - ok 12:13:21.0278 5900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 12:13:21.0309 5900 adpahci - ok 12:13:21.0387 5900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 12:13:21.0403 5900 adpu160m - ok 12:13:21.0465 5900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 12:13:21.0481 5900 adpu320 - ok 12:13:21.0621 5900 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 12:13:21.0777 5900 AFD - ok 12:13:21.0902 5900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 12:13:21.0917 5900 agp440 - ok 12:13:21.0964 5900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 12:13:21.0995 5900 aic78xx - ok 12:13:22.0027 5900 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 12:13:22.0042 5900 aliide - ok 12:13:22.0120 5900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 12:13:22.0136 5900 amdagp - ok 12:13:22.0167 5900 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 12:13:22.0183 5900 amdide - ok 12:13:22.0198 5900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 12:13:22.0463 5900 AmdK7 - ok 12:13:22.0604 5900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 12:13:22.0666 5900 AmdK8 - ok 12:13:22.0729 5900 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 12:13:22.0744 5900 arc - ok 12:13:22.0822 5900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 12:13:22.0838 5900 arcsas - ok 12:13:22.0900 5900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 12:13:22.0963 5900 AsyncMac - ok 12:13:23.0009 5900 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 12:13:23.0025 5900 atapi - ok 12:13:23.0119 5900 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys 12:13:23.0197 5900 atksgt - ok 12:13:23.0290 5900 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 12:13:23.0306 5900 ATSWPDRV - ok 12:13:23.0446 5900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 12:13:23.0524 5900 Beep - ok 12:13:23.0602 5900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 12:13:23.0649 5900 blbdrive - ok 12:13:23.0711 5900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 12:13:23.0774 5900 bowser - ok 12:13:23.0852 5900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 12:13:23.0914 5900 BrFiltLo - ok 12:13:23.0930 5900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 12:13:23.0992 5900 BrFiltUp - ok 12:13:24.0039 5900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 12:13:24.0257 5900 Brserid - ok 12:13:24.0320 5900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 12:13:24.0382 5900 BrSerWdm - ok 12:13:24.0398 5900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 12:13:24.0476 5900 BrUsbMdm - ok 12:13:24.0491 5900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 12:13:24.0554 5900 BrUsbSer - ok 12:13:24.0616 5900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 12:13:24.0694 5900 BTHMODEM - ok 12:13:24.0788 5900 Cam5607 (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys 12:13:24.0819 5900 Cam5607 - ok 12:13:24.0850 5900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 12:13:24.0897 5900 cdfs - ok 12:13:24.0975 5900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 12:13:25.0022 5900 cdrom - ok 12:13:25.0069 5900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 12:13:25.0115 5900 circlass - ok 12:13:25.0162 5900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 12:13:25.0193 5900 CLFS - ok 12:13:25.0240 5900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 12:13:25.0303 5900 CmBatt - ok 12:13:25.0334 5900 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 12:13:25.0349 5900 cmdide - ok 12:13:25.0365 5900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 12:13:25.0381 5900 Compbatt - ok 12:13:25.0396 5900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 12:13:25.0427 5900 crcdisk - ok 12:13:25.0443 5900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 12:13:25.0474 5900 Crusoe - ok 12:13:25.0568 5900 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 12:13:25.0661 5900 DfsC - ok 12:13:25.0739 5900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 12:13:25.0771 5900 disk - ok 12:13:25.0849 5900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 12:13:25.0911 5900 drmkaud - ok 12:13:25.0989 5900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 12:13:26.0051 5900 DXGKrnl - ok 12:13:26.0114 5900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 12:13:26.0145 5900 E1G60 - ok 12:13:26.0285 5900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 12:13:26.0317 5900 Ecache - ok 12:13:26.0395 5900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 12:13:26.0426 5900 elxstor - ok 12:13:26.0441 5900 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 12:13:26.0504 5900 ErrDev - ok 12:13:26.0582 5900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 12:13:26.0675 5900 exfat - ok 12:13:26.0722 5900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 12:13:26.0785 5900 fastfat - ok 12:13:26.0847 5900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 12:13:26.0909 5900 fdc - ok 12:13:26.0941 5900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 12:13:26.0972 5900 FileInfo - ok 12:13:27.0019 5900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 12:13:27.0097 5900 Filetrace - ok 12:13:27.0112 5900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 12:13:27.0206 5900 flpydisk - ok 12:13:27.0268 5900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 12:13:27.0315 5900 FltMgr - ok 12:13:27.0377 5900 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 12:13:27.0502 5900 Fs_Rec - ok 12:13:27.0518 5900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 12:13:27.0549 5900 gagp30kx - ok 12:13:27.0627 5900 GT72NDISIPXP (9eb33545bc9b1ca0c9b9e6d780ce0d27) C:\Windows\system32\DRIVERS\Gt51Ip.sys 12:13:27.0658 5900 GT72NDISIPXP - ok 12:13:27.0814 5900 GT72UBUS (687a4b740f14c2dff6dd7b848f50f0a6) C:\Windows\system32\DRIVERS\gt72ubus.sys 12:13:27.0845 5900 GT72UBUS - ok 12:13:28.0111 5900 GTPTSER (346ddaefa04e49ad804ee12d4baa0ed3) C:\Windows\system32\DRIVERS\gtptser.sys 12:13:28.0173 5900 GTPTSER - ok 12:13:28.0360 5900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 12:13:28.0423 5900 HdAudAddService - ok 12:13:28.0501 5900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 12:13:28.0594 5900 HDAudBus - ok 12:13:28.0641 5900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 12:13:28.0735 5900 HidBth - ok 12:13:28.0766 5900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 12:13:28.0875 5900 HidIr - ok 12:13:28.0922 5900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 12:13:29.0000 5900 HidUsb - ok 12:13:29.0109 5900 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys 12:13:29.0125 5900 Hotkey ( UnsignedFile.Multi.Generic ) - warning 12:13:29.0125 5900 Hotkey - detected UnsignedFile.Multi.Generic (1) 12:13:29.0218 5900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 12:13:29.0249 5900 HpCISSs - ok 12:13:29.0296 5900 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 12:13:29.0390 5900 HTTP - ok 12:13:29.0421 5900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 12:13:29.0452 5900 i2omp - ok 12:13:29.0561 5900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 12:13:29.0655 5900 i8042prt - ok 12:13:29.0702 5900 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys 12:13:29.0717 5900 iaStor - ok 12:13:29.0749 5900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 12:13:29.0764 5900 iaStorV - ok 12:13:29.0795 5900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 12:13:29.0811 5900 iirsp - ok 12:13:29.0920 5900 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys 12:13:30.0061 5900 IntcAzAudAddService - ok 12:13:30.0092 5900 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 12:13:30.0123 5900 intelide - ok 12:13:30.0185 5900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 12:13:30.0248 5900 intelppm - ok 12:13:30.0326 5900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:13:30.0357 5900 IpFilterDriver - ok 12:13:30.0373 5900 IpInIp - ok 12:13:30.0388 5900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 12:13:30.0419 5900 IPMIDRV - ok 12:13:30.0451 5900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 12:13:30.0513 5900 IPNAT - ok 12:13:30.0544 5900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 12:13:30.0591 5900 IRENUM - ok 12:13:30.0607 5900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 12:13:30.0622 5900 isapnp - ok 12:13:30.0669 5900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 12:13:30.0700 5900 iScsiPrt - ok 12:13:30.0716 5900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 12:13:30.0731 5900 iteatapi - ok 12:13:30.0747 5900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 12:13:30.0778 5900 iteraid - ok 12:13:30.0794 5900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 12:13:30.0841 5900 kbdclass - ok 12:13:30.0887 5900 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 12:13:30.0934 5900 kbdhid - ok 12:13:31.0012 5900 KL1 (47f4320cff5bd3de472bb300a32a879e) C:\Windows\system32\DRIVERS\kl1.sys 12:13:31.0043 5900 KL1 - ok 12:13:31.0059 5900 kl2 (0e29fe31bd4c72412ad99253e71b25c1) C:\Windows\system32\DRIVERS\kl2.sys 12:13:31.0075 5900 kl2 - ok 12:13:31.0168 5900 KLIF (0fa77171e66d1f6887b02e9f9afe3523) C:\Windows\system32\DRIVERS\klif.sys 12:13:31.0184 5900 KLIF - ok 12:13:31.0262 5900 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys 12:13:31.0309 5900 KLIM6 - ok 12:13:31.0371 5900 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys 12:13:31.0387 5900 klmouflt - ok 12:13:31.0511 5900 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 12:13:31.0527 5900 KSecDD - ok 12:13:31.0605 5900 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 12:13:31.0621 5900 lirsgt - ok 12:13:31.0699 5900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 12:13:31.0823 5900 lltdio - ok 12:13:31.0870 5900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 12:13:31.0886 5900 LSI_FC - ok 12:13:31.0948 5900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 12:13:31.0964 5900 LSI_SAS - ok 12:13:31.0979 5900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 12:13:31.0995 5900 LSI_SCSI - ok 12:13:32.0011 5900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 12:13:32.0182 5900 luafv - ok 12:13:32.0307 5900 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 12:13:32.0338 5900 MBAMProtector - ok 12:13:32.0401 5900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 12:13:32.0463 5900 megasas - ok 12:13:32.0494 5900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 12:13:32.0525 5900 MegaSR - ok 12:13:32.0603 5900 mod7700 (4d2d882daee49b35b7b56fd9444564e9) C:\Windows\system32\Drivers\mod7700.sys 12:13:32.0650 5900 mod7700 - ok 12:13:32.0681 5900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 12:13:32.0744 5900 Modem - ok 12:13:32.0775 5900 MODRC (370e88453ec0d7bea6eb24be8d865dbe) C:\Windows\system32\DRIVERS\modrc.sys 12:13:32.0791 5900 MODRC ( UnsignedFile.Multi.Generic ) - warning 12:13:32.0791 5900 MODRC - detected UnsignedFile.Multi.Generic (1) 12:13:32.0822 5900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 12:13:32.0884 5900 monitor - ok 12:13:32.0915 5900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 12:13:32.0978 5900 mouclass - ok 12:13:33.0040 5900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 12:13:33.0149 5900 mouhid - ok 12:13:33.0212 5900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 12:13:33.0243 5900 MountMgr - ok 12:13:33.0290 5900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 12:13:33.0305 5900 mpio - ok 12:13:33.0337 5900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 12:13:33.0430 5900 mpsdrv - ok 12:13:33.0493 5900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 12:13:33.0508 5900 Mraid35x - ok 12:13:33.0571 5900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 12:13:33.0680 5900 MRxDAV - ok 12:13:33.0727 5900 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:13:33.0883 5900 mrxsmb - ok 12:13:33.0929 5900 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:13:33.0976 5900 mrxsmb10 - ok 12:13:34.0007 5900 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:13:34.0054 5900 mrxsmb20 - ok 12:13:34.0117 5900 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 12:13:34.0132 5900 msahci - ok 12:13:34.0179 5900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 12:13:34.0195 5900 msdsm - ok 12:13:34.0241 5900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 12:13:34.0319 5900 Msfs - ok 12:13:34.0366 5900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 12:13:34.0382 5900 msisadrv - ok 12:13:34.0444 5900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 12:13:34.0475 5900 MSKSSRV - ok 12:13:34.0522 5900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 12:13:34.0553 5900 MSPCLOCK - ok 12:13:34.0600 5900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 12:13:34.0663 5900 MSPQM - ok 12:13:34.0709 5900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 12:13:34.0725 5900 MsRPC - ok 12:13:34.0756 5900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 12:13:34.0865 5900 mssmbios - ok 12:13:34.0912 5900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 12:13:34.0975 5900 MSTEE - ok 12:13:35.0006 5900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 12:13:35.0021 5900 Mup - ok 12:13:35.0084 5900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 12:13:35.0131 5900 NativeWifiP - ok 12:13:35.0193 5900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 12:13:35.0240 5900 NDIS - ok 12:13:35.0302 5900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 12:13:35.0380 5900 NdisTapi - ok 12:13:35.0411 5900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 12:13:35.0505 5900 Ndisuio - ok 12:13:35.0552 5900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 12:13:35.0614 5900 NdisWan - ok 12:13:35.0645 5900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 12:13:35.0708 5900 NDProxy - ok 12:13:35.0770 5900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 12:13:35.0864 5900 NetBIOS - ok 12:13:35.0926 5900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 12:13:36.0035 5900 netbt - ok 12:13:36.0145 5900 NETw4v32 (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys 12:13:36.0394 5900 NETw4v32 - ok 12:13:36.0425 5900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 12:13:36.0441 5900 nfrd960 - ok 12:13:36.0488 5900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 12:13:36.0644 5900 Npfs - ok 12:13:36.0675 5900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 12:13:36.0815 5900 nsiproxy - ok 12:13:36.0893 5900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 12:13:36.0956 5900 Ntfs - ok 12:13:36.0987 5900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 12:13:37.0049 5900 ntrigdigi - ok 12:13:37.0081 5900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 12:13:37.0205 5900 Null - ok 12:13:37.0502 5900 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:13:38.0001 5900 nvlddmkm - ok 12:13:38.0032 5900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 12:13:38.0063 5900 nvraid - ok 12:13:38.0079 5900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 12:13:38.0141 5900 nvstor - ok 12:13:38.0173 5900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 12:13:38.0188 5900 nv_agp - ok 12:13:38.0204 5900 NwlnkFlt - ok 12:13:38.0219 5900 NwlnkFwd - ok 12:13:38.0266 5900 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 12:13:38.0360 5900 ohci1394 - ok 12:13:38.0438 5900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 12:13:38.0563 5900 Parport - ok 12:13:38.0625 5900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 12:13:38.0656 5900 partmgr - ok 12:13:38.0672 5900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 12:13:38.0765 5900 Parvdm - ok 12:13:38.0812 5900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 12:13:38.0843 5900 pci - ok 12:13:38.0843 5900 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 12:13:38.0859 5900 pciide - ok 12:13:38.0890 5900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 12:13:38.0921 5900 pcmcia - ok 12:13:39.0031 5900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 12:13:39.0233 5900 PEAUTH - ok 12:13:39.0296 5900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 12:13:39.0389 5900 PptpMiniport - ok 12:13:39.0436 5900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 12:13:39.0530 5900 Processor - ok 12:13:39.0623 5900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 12:13:39.0686 5900 PSched - ok 12:13:39.0764 5900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 12:13:39.0826 5900 ql2300 - ok 12:13:39.0857 5900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 12:13:39.0889 5900 ql40xx - ok 12:13:39.0904 5900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 12:13:40.0029 5900 QWAVEdrv - ok 12:13:40.0045 5900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 12:13:40.0169 5900 RasAcd - ok 12:13:40.0216 5900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:13:40.0294 5900 Rasl2tp - ok 12:13:40.0357 5900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 12:13:40.0435 5900 RasPppoe - ok 12:13:40.0481 5900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 12:13:40.0513 5900 RasSstp - ok 12:13:40.0575 5900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 12:13:40.0637 5900 rdbss - ok 12:13:40.0669 5900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:13:40.0840 5900 RDPCDD - ok 12:13:40.0871 5900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 12:13:40.0903 5900 rdpdr - ok 12:13:40.0918 5900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 12:13:41.0043 5900 RDPENCDD - ok 12:13:41.0090 5900 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 12:13:41.0137 5900 RDPWD - ok 12:13:41.0230 5900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 12:13:41.0339 5900 rspndr - ok 12:13:41.0402 5900 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys 12:13:41.0464 5900 RTL8169 - ok 12:13:41.0511 5900 RTSTOR (0d1c1b0de2819fe1ea25098183130b64) C:\Windows\system32\drivers\RTSTOR.SYS 12:13:41.0589 5900 RTSTOR - ok 12:13:41.0651 5900 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys 12:13:41.0683 5900 s125bus - ok 12:13:41.0761 5900 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys 12:13:41.0776 5900 s125mdfl - ok 12:13:41.0807 5900 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys 12:13:41.0823 5900 s125mdm - ok 12:13:41.0854 5900 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys 12:13:41.0870 5900 s125mgmt - ok 12:13:41.0901 5900 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys 12:13:41.0917 5900 s125obex - ok 12:13:42.0073 5900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 12:13:42.0166 5900 sbp2port - ok 12:13:42.0213 5900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 12:13:42.0400 5900 secdrv - ok 12:13:42.0431 5900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 12:13:42.0478 5900 Serenum - ok 12:13:42.0509 5900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 12:13:42.0650 5900 Serial - ok 12:13:42.0665 5900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 12:13:42.0712 5900 sermouse - ok 12:13:42.0728 5900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 12:13:42.0775 5900 sffdisk - ok 12:13:42.0790 5900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 12:13:42.0868 5900 sffp_mmc - ok 12:13:42.0884 5900 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 12:13:42.0977 5900 sffp_sd - ok 12:13:43.0009 5900 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 12:13:43.0102 5900 sfloppy - ok 12:13:43.0165 5900 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys 12:13:43.0180 5900 Si3531 - ok 12:13:43.0196 5900 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys 12:13:43.0227 5900 SiFilter - ok 12:13:43.0243 5900 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys 12:13:43.0258 5900 SiRemFil - ok 12:13:43.0289 5900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 12:13:43.0352 5900 sisagp - ok 12:13:43.0367 5900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 12:13:43.0430 5900 SiSRaid2 - ok 12:13:43.0445 5900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 12:13:43.0508 5900 SiSRaid4 - ok 12:13:43.0570 5900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 12:13:43.0601 5900 Smb - ok 12:13:43.0711 5900 SNP2UVC (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys 12:13:43.0867 5900 SNP2UVC - ok 12:13:43.0898 5900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 12:13:43.0913 5900 spldr - ok 12:13:43.0991 5900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 12:13:44.0210 5900 srv - ok 12:13:44.0272 5900 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 12:13:44.0350 5900 srv2 - ok 12:13:44.0397 5900 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 12:13:44.0428 5900 srvnet - ok 12:13:44.0522 5900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 12:13:44.0584 5900 swenum - ok 12:13:44.0615 5900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 12:13:44.0631 5900 Symc8xx - ok 12:13:44.0647 5900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 12:13:44.0662 5900 Sym_hi - ok 12:13:44.0678 5900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 12:13:44.0693 5900 Sym_u3 - ok 12:13:44.0771 5900 SynTP (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys 12:13:44.0787 5900 SynTP - ok 12:13:44.0865 5900 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 12:13:44.0912 5900 Tcpip - ok 12:13:44.0959 5900 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 12:13:45.0037 5900 Tcpip6 - ok 12:13:45.0083 5900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 12:13:45.0130 5900 tcpipreg - ok 12:13:45.0177 5900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 12:13:45.0302 5900 TDPIPE - ok 12:13:45.0333 5900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 12:13:45.0364 5900 TDTCP - ok 12:13:45.0411 5900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 12:13:45.0473 5900 tdx - ok 12:13:45.0536 5900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 12:13:45.0567 5900 TermDD - ok 12:13:45.0629 5900 TridVid (171f41174a88f71e7234d7a48303c6a0) C:\Windows\system32\DRIVERS\TridVid.sys 12:13:45.0676 5900 TridVid ( UnsignedFile.Multi.Generic ) - warning 12:13:45.0676 5900 TridVid - detected UnsignedFile.Multi.Generic (1) 12:13:45.0723 5900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:13:45.0785 5900 tssecsrv - ok 12:13:45.0848 5900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 12:13:45.0957 5900 tunmp - ok 12:13:46.0004 5900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 12:13:46.0051 5900 tunnel - ok 12:13:46.0082 5900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 12:13:46.0113 5900 uagp35 - ok 12:13:46.0175 5900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 12:13:46.0207 5900 udfs - ok 12:13:46.0238 5900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 12:13:46.0269 5900 uliagpkx - ok 12:13:46.0285 5900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 12:13:46.0316 5900 uliahci - ok 12:13:46.0347 5900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 12:13:46.0363 5900 UlSata - ok 12:13:46.0378 5900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 12:13:46.0409 5900 ulsata2 - ok 12:13:46.0441 5900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 12:13:46.0550 5900 umbus - ok 12:13:46.0612 5900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 12:13:46.0659 5900 usbccgp - ok 12:13:46.0690 5900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 12:13:46.0753 5900 usbcir - ok 12:13:46.0815 5900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 12:13:46.0862 5900 usbehci - ok 12:13:46.0924 5900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 12:13:47.0002 5900 usbhub - ok 12:13:47.0018 5900 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 12:13:47.0080 5900 usbohci - ok 12:13:47.0127 5900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 12:13:47.0158 5900 usbprint - ok 12:13:47.0174 5900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:13:47.0236 5900 USBSTOR - ok 12:13:47.0299 5900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 12:13:47.0361 5900 usbuhci - ok 12:13:47.0392 5900 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 12:13:47.0455 5900 usbvideo - ok 12:13:47.0533 5900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 12:13:47.0579 5900 vga - ok 12:13:47.0611 5900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 12:13:47.0735 5900 VgaSave - ok 12:13:47.0767 5900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 12:13:47.0782 5900 viaagp - ok 12:13:47.0798 5900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 12:13:47.0845 5900 ViaC7 - ok 12:13:47.0876 5900 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 12:13:47.0891 5900 viaide - ok 12:13:47.0907 5900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 12:13:47.0938 5900 volmgr - ok 12:13:47.0985 5900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 12:13:48.0016 5900 volmgrx - ok 12:13:48.0047 5900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 12:13:48.0079 5900 volsnap - ok 12:13:48.0125 5900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 12:13:48.0157 5900 vsmraid - ok 12:13:48.0188 5900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 12:13:48.0281 5900 WacomPen - ok 12:13:48.0313 5900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 12:13:48.0422 5900 Wanarp - ok 12:13:48.0453 5900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 12:13:48.0484 5900 Wanarpv6 - ok 12:13:48.0531 5900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 12:13:48.0547 5900 Wd - ok 12:13:48.0593 5900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 12:13:48.0625 5900 Wdf01000 - ok 12:13:48.0703 5900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 12:13:48.0765 5900 WmiAcpi - ok 12:13:48.0812 5900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 12:13:48.0859 5900 ws2ifsl - ok 12:13:48.0890 5900 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:13:49.0015 5900 WUDFRd - ok 12:13:49.0077 5900 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 12:13:49.0171 5900 \Device\Harddisk0\DR0 - ok 12:13:49.0186 5900 Boot (0x1200) (a5ecfa4bfdce672c763936ed7c01016f) \Device\Harddisk0\DR0\Partition0 12:13:49.0186 5900 \Device\Harddisk0\DR0\Partition0 - ok 12:13:49.0202 5900 Boot (0x1200) (0f66965ce083ce3a9d3720cf0ca37bfe) \Device\Harddisk0\DR0\Partition1 12:13:49.0202 5900 \Device\Harddisk0\DR0\Partition1 - ok 12:13:49.0202 5900 ============================================================ 12:13:49.0202 5900 Scan finished 12:13:49.0202 5900 ============================================================ 12:13:49.0217 1736 Detected object count: 3 12:13:49.0217 1736 Actual detected object count: 3 12:14:01.0541 1736 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user 12:14:01.0541 1736 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:14:01.0541 1736 MODRC ( UnsignedFile.Multi.Generic ) - skipped by user 12:14:01.0541 1736 MODRC ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:14:01.0541 1736 TridVid ( UnsignedFile.Multi.Generic ) - skipped by user 12:14:01.0541 1736 TridVid ( UnsignedFile.Multi.Generic ) - User select action: Skip |
21.11.2011, 12:27 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | unbekannte Bedrohung UDS: dangerousobject.multi.generic Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2011, 13:06 | #15 |
| unbekannte Bedrohung UDS: dangerousobject.multi.generic so hier die log Combofix Logfile: Code:
ATTFilter ComboFix 11-11-20.02 - carlos 21.11.2011 12:38:50.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1902 [GMT 1:00] ausgeführt von:: c:\users\carlos\Documents\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_usnjsvc . . ((((((((((((((((((((((( Dateien erstellt von 2011-10-21 bis 2011-11-21 )))))))))))))))))))))))))))))) . . 2011-11-21 11:46 . 2011-11-21 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-21 10:32 . 2011-11-21 10:32 -------- d-----w- C:\_OTL 2011-11-19 09:34 . 2011-11-19 09:34 -------- d-----w- c:\program files\ESET 2011-11-17 18:47 . 2011-11-17 18:47 -------- d-----w- c:\users\carlos\AppData\Roaming\Malwarebytes 2011-11-17 18:46 . 2011-11-17 18:46 -------- d-----w- c:\programdata\Malwarebytes 2011-11-17 18:46 . 2011-11-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-17 18:46 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-09 16:19 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-11-09 16:19 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 16:19 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 16:12 . 2011-11-17 15:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-01 18:16 . 2011-11-01 18:19 -------- d-----w- c:\users\carlos\D-Fend Reloaded 2011-11-01 18:16 . 2011-11-01 18:16 -------- d-----w- c:\program files\D-Fend Reloaded 2011-10-25 17:48 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-30 23:06 . 2011-10-13 14:36 916480 ----a-w- c:\windows\system32\wininet.dll 2011-09-30 23:02 . 2011-10-13 14:36 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-30 23:01 . 2011-10-13 14:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-30 23:01 . 2011-10-13 14:36 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-09-30 23:01 . 2011-10-13 14:36 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-30 22:07 . 2011-10-13 14:36 385024 ----a-w- c:\windows\system32\html.iec 2011-09-30 21:29 . 2011-10-13 14:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-30 21:28 . 2011-10-13 14:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-06 13:30 . 2011-10-13 14:36 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-08-25 16:15 . 2011-10-13 14:36 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-08-25 16:14 . 2011-10-13 14:36 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-25 16:14 . 2011-10-13 14:36 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-08-25 13:31 . 2011-10-13 14:36 4096 ----a-w- c:\windows\system32\oleaccrc.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2008-01-24 644368] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-10 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880] "Skytel"="Skytel.exe" [2008-06-25 1826816] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016] "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096] "LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256] "UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 220160] "toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896] "CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936] "P2Go_Menu"="c:\program files\HomeCinema\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2007-08-14 218408] "UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-12-3 599312] web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 798720] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 135664] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 135664] R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-10-19 13824] R3 TridVid;Video Grabber;c:\windows\system32\DRIVERS\TridVid.sys [2008-09-02 168704] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104] S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 15:10] . 2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 15:10] . 2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{EADCF6FB-7C07-45E3-BF4A-6E44A2FF6AEA}.job - c:\windows\system32\msfeedssync.exe [2011-10-13 21:29] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\carlos\AppData\Roaming\Mozilla\Firefox\Profiles\skdovq4e.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Kaspersky Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} FF - user.js: yahoo.homepage.dontask - true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-PMCRemote - (no file) AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-11-21 12:52 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(5044) c:\program files\Softex\OmniPass\SCUREDLL.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Softex\OmniPass\OmniServ.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\program files\Softex\OmniPass\opvapp.exe c:\windows\ehome\ehsched.exe c:\windows\ehome\ehRecvr.exe c:\windows\RtHDVCpl.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\windows\ehome\ehmsas.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-11-21 12:59:11 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-11-21 11:58 . Vor Suchlauf: 12 Verzeichnis(se), 210.551.865.344 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 209.930.268.672 Bytes frei . - - End Of File - - 14E99BB9442B1CCDDE7529525FBDB36B |
Themen zu unbekannte Bedrohung UDS: dangerousobject.multi.generic |
angezeigt, appdata, bedrohung, bekannte, bereits, cache, dateien, fehler, folge, folgendes, fund, fundmeldung, gestern, heute, interne, internet, java, laptop, roaming, sache, sachen, scan, temp, unbekannte, unterwegs, vergessen |