| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sicherheitswarnung von Adobe Flash PlayerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.10.2012, 18:16
| #1 |
 |  Sicherheitswarnung von Adobe Flash Player Guten Abend, Seit einigen Tagen bekomme ich beim Ansteuern von einigen Websites, eine Sicherheistwarnung vom Adobe Flash Player (siehe Anhang). Die Suche bei Google brachte leider keine genauen Antworten, manchmal wird gesagt, dass es sich um einen Tracking-Cookie handeln kann oder auch um einen Fehler beim Flashplayer und das eine Neuinstallation Abhilfe schafft. Ein weiteres Symptom ist, das mein Live-Messenger abstürz, wenn es den Internet Explorer startet. Da ich es jetzt aber nicht darauf ankommen lassen wollte, habe ich scans mit meinem Antiviren-Progamm G-Data, Malwarebytes' und SUPERAntiSpyware durchgeführt. Alles ergab 0 Treffer (Logs der letzteren 2 Programme leider wieder gelöscht). Zum Surfen benutze Firefox mit Sandboxie, ob da ein Schädling beim Löschen beseitigt wurde, kann ich leider nicht sagen. Der Anleitung nach habe ich nun auch Scans mit OTL und GMER durchgeführt. (Leider ließ sich G-Data bei den Scans nicht komplett Abschalten, lediglich der Wächter) Code:
ATTFilter OTL logfile created on: 12.10.2012 21:27:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Kuma\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 84,79% Memory free 5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,85% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 292,97 Gb Total Space | 34,01 Gb Free Space | 11,61% Space Free | Partition Type: NTFS Drive D: | 172,78 Gb Total Space | 6,64 Gb Free Space | 3,84% Space Free | Partition Type: NTFS Computer Name: HOMENET | User Name: Kuma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.12 21:19:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kuma\Desktop\OTL.exe PRC - [2010.04.17 12:56:06 | 000,073,960 | ---- | M] (tzuk) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2009.09.25 16:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2008.10.29 09:03:24 | 000,955,976 | ---- | M] (G DATA Software AG) -- C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe PRC - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe PRC - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe PRC - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll MOD - [2009.06.07 17:25:14 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\xvid.ax MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.02.28 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.04.22 15:41:17 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.08.08 22:42:14 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010.07.17 03:22:43 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.04.17 12:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2008.07.18 15:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.07.09 10:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Stopped] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.06.02 15:55:26 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Programme\WinTV\HCWTVServer.exe -- (HauppaugeTVServer) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32) DRV - [2010.07.17 02:56:45 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2010.07.17 02:54:49 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2010.07.17 02:54:46 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2010.07.17 02:54:45 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.04.17 12:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.10.21 16:28:42 | 005,934,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009.10.07 13:26:18 | 000,099,440 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2009.09.25 16:57:40 | 000,138,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009.09.25 16:57:36 | 000,056,576 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.07.28 10:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.07.09 10:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2008.04.17 17:59:02 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2008.04.17 17:58:00 | 000,560,640 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2008.02.27 04:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2007.07.19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.com" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Programme\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) [2010.07.17 18:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kuma\Anwendungsdaten\Mozilla\Firefox\Profiles\afla9uxo.default\extensions [2010.07.17 13:01:51 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Dokumente und Einstellungen\Kuma\Anwendungsdaten\Mozilla\Firefox\Profiles\afla9uxo.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2011.08.08 22:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.17 03:47:12 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Programme\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} [2010.11.16 23:40:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.08 22:42:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [2011.01.03 04:30:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2008.12.18 00:34:33 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll [2008.12.18 00:34:33 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll [2008.12.18 00:34:33 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\myspell.dll [2008.12.18 00:34:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\spellchk.dll [2008.12.18 00:34:33 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll [2011.08.08 22:42:14 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2006.08.24 23:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2006.08.24 23:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2006.11.10 13:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.11 00:32:03 | 000,000,815 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.15 10:21:11 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 121.128.133.26 gwgt1.joymax.com O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NUSB3MON] C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm () O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279325201938 (WUWebControl Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.17 01:41:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.12 21:26:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kuma\Recent [2012.10.12 21:19:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kuma\Desktop\OTL.exe [2012.10.12 12:49:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kuma\Anwendungsdaten\Malwarebytes [2012.10.07 02:18:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kuma\Eigene Dateien\Downloads [2012.09.21 00:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kuma\Anwendungsdaten\Vessel [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.12 21:26:08 | 000,516,590 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.12 21:26:08 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.12 21:26:08 | 000,100,688 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.12 21:26:08 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.12 21:25:58 | 334,004,256 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2012.10.12 21:23:49 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Kuma\Desktop\8krum8i2.exe [2012.10.12 21:20:31 | 000,084,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Kuma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.12 21:19:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kuma\Desktop\OTL.exe [2012.10.12 20:57:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.12 20:48:07 | 000,010,260 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI [2012.10.12 19:37:56 | 000,413,046 | ---- | M] () -- C:\Dokumente und Einstellungen\Kuma\Desktop\Neu Bitmap.bmp [2012.10.12 19:18:41 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2012.10.12 19:18:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.12 15:57:36 | 003,917,696 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2012.10.12 14:00:44 | 000,010,290 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2012.10.08 19:29:42 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.12 21:23:56 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Kuma\Desktop\8krum8i2.exe [2012.10.12 19:37:14 | 000,413,046 | ---- | C] () -- C:\Dokumente und Einstellungen\Kuma\Desktop\Neu Bitmap.bmp [2011.12.25 00:05:25 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2011.08.27 17:28:56 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.08.27 17:27:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.08.27 17:23:14 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.08.27 17:23:14 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.08.27 17:23:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.06.25 23:02:33 | 000,000,032 | R--- | C] () -- C:\WINDOWS\hash.dat [2011.06.25 19:28:43 | 000,003,005 | ---- | C] () -- C:\Dokumente und Einstellungen\Kuma\.recently-used.xbel [2011.06.19 00:59:31 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI [2011.05.11 14:41:39 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2011.04.19 07:08:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011.04.19 07:08:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011.04.19 07:08:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011.04.19 07:08:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011.04.19 07:08:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011.04.19 07:08:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011.04.19 07:08:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011.04.19 07:08:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011.04.19 07:08:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011.04.19 07:08:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011.04.19 07:08:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011.04.19 07:08:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011.04.19 07:08:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011.04.19 07:08:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011.04.19 07:08:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011.04.19 07:08:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011.04.19 07:08:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011.04.19 07:08:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011.04.19 07:08:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011.04.19 07:04:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini [2011.02.13 14:46:09 | 000,196,424 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.02.06 20:48:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2011.02.02 15:03:54 | 000,000,015 | ---- | C] () -- C:\WINDOWS\entpack.ini [2010.12.05 06:19:35 | 334,004,256 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.12.05 06:16:25 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2010.12.05 06:16:25 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2010.12.05 06:16:13 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2010.11.24 00:33:26 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010.11.02 23:41:19 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.11.02 23:41:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.07.18 12:11:06 | 000,084,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Kuma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.17 02:44:40 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2010.07.17 02:44:40 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2010.07.17 02:44:40 | 000,000,853 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak ========== ZeroAccess Check ========== [2010.08.25 00:27:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 17:35:16 | 001,506,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:18:19 | 000,473,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006.02.28 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:44807EFA @Alternate Data Stream - 180 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:408F95E5 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.10.2012 21:27:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Kuma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 84,79% Memory free
5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 292,97 Gb Total Space | 34,01 Gb Free Space | 11,61% Space Free | Partition Type: NTFS
Drive D: | 172,78 Gb Total Space | 6,64 Gb Free Space | 3,84% Space Free | Partition Type: NTFS
Computer Name: HOMENET | User Name: Kuma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{534802E0-761E-47F4-BD27-061BC8F976AE}" = O&O SafeErase
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Fraps" = Fraps (remove only)
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"ImgBurn" = ImgBurn
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (10.0)" = Mozilla Firefox (10.0)
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 2.0.2
"Sandboxie" = Sandboxie 3.70
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 108500" = Vessel
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 206500" = AirMech
"Steam App 211600" = Thief Gold
"Steam App 22000" = World of Goo
"Steam App 35720" = Trine 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 40800" = Super Meat Boy
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 63000" = HOARD
"Steam App 65300" = Dustforce
"Steam App 65800" = Dungeon Defenders
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 94200" = Jamestown
"Unlocker" = Unlocker 1.9.0
"VideoGet_is1" = Nuclear Coffee - VideoGet
"VideoMach" = VideoMach
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Inkscape" = Inkscape 0.48.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.05.2011 18:18:45 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x003f3125.
Error - 11.05.2011 07:23:21 | Computer Name = HOMENET | Source = NVIDIA OpenGL Driver | ID = 1
Description = Too many errors occured, which indicates a serious problem from which
we cannot recover. The application must close. Please visit hxxp://www.nvidia.com/page/support.html
for help.
Error - 20.05.2011 16:37:50 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung darksiderspc.exe, Version 1.0.0.1, fehlgeschlagenes
Modul d3d9.dll, Version 5.3.2600.2180, Fehleradresse 0x0002b1fc.
Error - 24.05.2011 09:17:02 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mpc-hc.exe, Version 1.5.0.2827, fehlgeschlagenes
Modul d3dim700.dll, Version 5.3.2600.2180, Fehleradresse 0x00012f6b.
Error - 25.05.2011 17:58:15 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung supermeatboy.exe, Version 0.0.0.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x00018af2.
Error - 06.06.2011 20:06:06 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x003f3125.
Error - 08.06.2011 09:07:05 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung supermeatboy.exe, Version 0.0.0.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x00018af2.
Error - 06.07.2011 10:03:44 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mpc-hc.exe, Version 1.5.0.2827, fehlgeschlagenes
Modul flash10h.ocx, Version 10.1.53.64, Fehleradresse 0x0014e391.
Error - 09.07.2011 14:27:16 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung supermeatboy.exe, Version 0.0.0.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x00018af2.
Error - 10.07.2011 07:14:43 | Computer Name = HOMENET | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung supermeatboy.exe, Version 0.0.0.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x00018af2.
[ System Events ]
Error - 10.10.2012 13:43:06 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 11.10.2012 13:18:55 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.10.2012 13:22:46 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 12.10.2012 06:20:18 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.10.2012 06:24:09 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 12.10.2012 09:25:51 | Computer Name = HOMENET | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_SASKUTIL\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.
Error - 12.10.2012 13:19:47 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.10.2012 13:23:38 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 12.10.2012 15:22:49 | Computer Name = HOMENET | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "helpsvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
Error - 12.10.2012 15:26:07 | Computer Name = HOMENET | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-12 23:55:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 WDC_WD5001AALS-00L3B2 rev.01.03B01
Running: 8krum8i2.exe; Driver: C:\DOKUME~1\Kuma\LOKALE~1\Temp\pwdyrpog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwClose [0xB84A13B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xB0248040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB0244930]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwCreateKey [0xB84A2090]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB0248510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB0248600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB0244F20]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwDeleteKey [0xB84A21B2]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwDeleteValueKey [0xB84A21D4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB02508B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB0244D70]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwOpenKey [0xB84A2118]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwOpenProcess [0xB84A12D6]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xB0251250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB0250CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xB0247C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB0251080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB0245120]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwSetValueKey [0xB84A2184]
Code 895DBCEC ZwRequestPort
Code 895DBC4C ZwTraceEvent
Code 895DBCEB NtRequestPort
Code 895DBC4B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 80534374 5 Bytes JMP 895DBC50
PAGE ntkrnlpa.exe!NtRequestPort 805A1520 5 Bytes JMP 895DBCF0
? srescan.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB2D0F380, 0x8D6CD5, 0xE8000020]
.text win32k.sys!EngPaint + 4F1 BF8255EF 5 Bytes JMP 895DB610
.text win32k.sys!CLIPOBJ_bEnum + 2982 BF831388 5 Bytes JMP 895DB750
.text win32k.sys!EngUnmapFontFileFD + EE41 BF841183 5 Bytes JMP 895DB6B0
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP 895DBA70
.text win32k.sys!EngStretchBltROP + 34B9 BF8BA262 5 Bytes JMP 895DB930
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F9A45 5 Bytes JMP 895DB9D0
.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP 895DBB10
.text win32k.sys!EngCreateClip + 1F51 BF9137D5 5 Bytes JMP 895DBBB0
.text win32k.sys!EngCreateClip + 2597 BF913E1B 5 Bytes JMP 895DB890
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys (G DATA Software AG)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE03.00.00.01MSWINDOWS 884C7AE65D275E69A8B62833A62E5254ED4AE9A914F268E005544AC3E530E5444106C0883BDFF4551E63D59B796AF29C16479E4B8FF996F1C57783BB7C4F58A95D445799AEAEB9D56DBCC566315BD213F16F844B259E34E6BD41607C1164142EA9CB14377CE8531D1E4FF1425DEC4BCB65B75A885104EE564DB086382EEE3C89A143A0855D0679A26B0BA8E30431499F86F8B4E7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555BA7FD869164D6794E576934CCDF81329D36FD4267AEF8D04A514DFCAA6695BE3BA0416D7A8C1AEDECF9C2E41638F9B3426F4BDA5D2E4CDAE07692226722594FB0934A9D8F5E4B830AF191945455DA443D89DFAF35AEE61AEF8583B0EDEB0D78D2648A188249970D5753B086566ACF62127D27002E13E5381A303667436C596E449B82C799D414C8E0577BBF5EC272B9E431F99836C6805A82730F18D7A8214D31FA58D020025979B38E50F0FB35FB08E513502F032E7A72715473F535F6A6B3145D21E3B1C6EEC4559C1EC89C8C74BC8EB6A4B851E98C48572D7C5824EE207564E25C584F72FC0552AEB5505EF3B11A79E36AB43D03D3952B9130F9CE2B6A820432A87FE4DD8589A5BE65E669E74EB0DEAB66AEC9C7A311DD8D0B866ED9465711D0FF49
---- EOF - GMER 1.0.15 ----
|
|
15.10.2012, 07:21
| #2 |
| /// Malwareteam    | Sicherheitswarnung von Adobe Flash Player Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: Scan mit Adwcleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
15.10.2012, 09:31
| #3 |
| | Sicherheitswarnung von Adobe Flash Player Guten Morgen,
__________________hier sind die scans von TDSS-Killer und Adwcleaner Code:
ATTFilter 10:27:49.0578 1456 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
10:27:51.0578 1456 ============================================================
10:27:51.0578 1456 Current date / time: 2012/10/15 10:27:51.0578
10:27:51.0578 1456 SystemInfo:
10:27:51.0578 1456
10:27:51.0578 1456 OS Version: 5.1.2600 ServicePack: 3.0
10:27:51.0578 1456 Product type: Workstation
10:27:51.0578 1456 ComputerName: HOMENET
10:27:51.0578 1456 UserName: Kuma
10:27:51.0578 1456 Windows directory: C:\WINDOWS
10:27:51.0578 1456 System windows directory: C:\WINDOWS
10:27:51.0578 1456 Processor architecture: Intel x86
10:27:51.0578 1456 Number of processors: 4
10:27:51.0578 1456 Page size: 0x1000
10:27:51.0578 1456 Boot type: Normal boot
10:27:51.0578 1456 ============================================================
10:27:53.0140 1456 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:27:53.0140 1456 ============================================================
10:27:53.0140 1456 \Device\Harddisk0\DR0:
10:27:53.0140 1456 MBR partitions:
10:27:53.0140 1456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249F16E6
10:27:53.0171 1456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F1764, BlocksNum 0x1598F61C
10:27:53.0171 1456 ============================================================
10:27:53.0187 1456 C: <-> \Device\Harddisk0\DR0\Partition1
10:27:53.0203 1456 D: <-> \Device\Harddisk0\DR0\Partition2
10:27:53.0203 1456 ============================================================
10:27:53.0203 1456 Initialize success
10:27:53.0203 1456 ============================================================
10:28:12.0421 2244 ============================================================
10:28:12.0421 2244 Scan started
10:28:12.0421 2244 Mode: Manual;
10:28:12.0421 2244 ============================================================
10:28:12.0750 2244 ================ Scan system memory ========================
10:28:12.0750 2244 System memory - ok
10:28:12.0750 2244 ================ Scan services =============================
10:28:12.0843 2244 Abiosdsk - ok
10:28:12.0843 2244 abp480n5 - ok
10:28:12.0875 2244 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:28:12.0875 2244 ACPI - ok
10:28:12.0890 2244 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:28:12.0953 2244 ACPIEC - ok
10:28:13.0046 2244 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:28:13.0046 2244 AdobeFlashPlayerUpdateSvc - ok
10:28:13.0046 2244 adpu160m - ok
10:28:13.0078 2244 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
10:28:13.0093 2244 aec - ok
10:28:13.0140 2244 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:28:13.0140 2244 AFD - ok
10:28:13.0156 2244 Aha154x - ok
10:28:13.0156 2244 aic78u2 - ok
10:28:13.0156 2244 aic78xx - ok
10:28:13.0187 2244 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:28:13.0187 2244 Alerter - ok
10:28:13.0203 2244 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
10:28:13.0218 2244 ALG - ok
10:28:13.0218 2244 AliIde - ok
10:28:13.0265 2244 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
10:28:13.0296 2244 Ambfilt - ok
10:28:13.0328 2244 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
10:28:13.0328 2244 AmdLLD - ok
10:28:13.0359 2244 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
10:28:13.0359 2244 AmdPPM - ok
10:28:13.0359 2244 amsint - ok
10:28:13.0359 2244 AppMgmt - ok
10:28:13.0375 2244 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:28:13.0390 2244 Arp1394 - ok
10:28:13.0390 2244 asc - ok
10:28:13.0390 2244 asc3350p - ok
10:28:13.0390 2244 asc3550 - ok
10:28:13.0390 2244 Aspi32 - ok
10:28:13.0500 2244 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:28:13.0515 2244 aspnet_state - ok
10:28:13.0515 2244 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:28:13.0531 2244 AsyncMac - ok
10:28:13.0531 2244 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:28:13.0531 2244 atapi - ok
10:28:13.0531 2244 Atdisk - ok
10:28:13.0546 2244 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:28:13.0546 2244 Atmarpc - ok
10:28:13.0578 2244 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:28:13.0578 2244 AudioSrv - ok
10:28:13.0609 2244 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:28:13.0609 2244 audstub - ok
10:28:13.0718 2244 [ 4ED37A7F41891769AEB88C2408B3016F ] AVKProxy C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
10:28:13.0718 2244 AVKProxy - ok
10:28:13.0734 2244 [ 909270C00354439BCC649A92C25D8B3F ] AVKService C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe
10:28:13.0750 2244 AVKService - ok
10:28:13.0781 2244 [ 690468933B8D00B66EF5DB73150F96EA ] AVKWCtl C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe
10:28:13.0796 2244 AVKWCtl - ok
10:28:13.0828 2244 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:28:13.0828 2244 Beep - ok
10:28:13.0859 2244 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
10:28:13.0953 2244 BITS - ok
10:28:13.0968 2244 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
10:28:13.0968 2244 Browser - ok
10:28:14.0000 2244 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:28:14.0000 2244 cbidf2k - ok
10:28:14.0015 2244 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:28:14.0015 2244 CCDECODE - ok
10:28:14.0031 2244 cd20xrnt - ok
10:28:14.0046 2244 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:28:14.0062 2244 Cdaudio - ok
10:28:14.0062 2244 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:28:14.0062 2244 Cdfs - ok
10:28:14.0093 2244 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:28:14.0109 2244 Cdrom - ok
10:28:14.0109 2244 Changer - ok
10:28:14.0125 2244 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:28:14.0140 2244 CiSvc - ok
10:28:14.0140 2244 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:28:14.0156 2244 ClipSrv - ok
10:28:14.0187 2244 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:28:14.0218 2244 clr_optimization_v2.0.50727_32 - ok
10:28:14.0234 2244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:28:14.0234 2244 clr_optimization_v4.0.30319_32 - ok
10:28:14.0250 2244 CmdIde - ok
10:28:14.0250 2244 COMSysApp - ok
10:28:14.0250 2244 Cpqarray - ok
10:28:14.0281 2244 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:28:14.0281 2244 CryptSvc - ok
10:28:14.0281 2244 dac2w2k - ok
10:28:14.0281 2244 dac960nt - ok
10:28:14.0328 2244 [ D45BBCDDC74A1B0259A0C4B00C190D20 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:28:14.0328 2244 DcomLaunch - ok
10:28:14.0359 2244 [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:28:14.0375 2244 Dhcp - ok
10:28:14.0375 2244 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:28:14.0375 2244 Disk - ok
10:28:14.0375 2244 dmadmin - ok
10:28:14.0390 2244 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:28:14.0421 2244 dmboot - ok
10:28:14.0421 2244 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:28:14.0437 2244 dmio - ok
10:28:14.0453 2244 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:28:14.0468 2244 dmload - ok
10:28:14.0468 2244 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
10:28:14.0468 2244 dmserver - ok
10:28:14.0500 2244 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:28:14.0515 2244 DMusic - ok
10:28:14.0546 2244 [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:28:14.0546 2244 Dnscache - ok
10:28:14.0546 2244 dpti2o - ok
10:28:14.0546 2244 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:28:14.0562 2244 drmkaud - ok
10:28:14.0562 2244 EagleNT - ok
10:28:14.0562 2244 EagleXNt - ok
10:28:14.0578 2244 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:28:14.0578 2244 ERSvc - ok
10:28:14.0625 2244 [ 65F6B774819BD727358157CEDEA67B8E ] Eventlog C:\WINDOWS\system32\services.exe
10:28:14.0625 2244 Eventlog - ok
10:28:14.0656 2244 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll
10:28:14.0656 2244 EventSystem - ok
10:28:14.0671 2244 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:28:14.0703 2244 Fastfat - ok
10:28:14.0734 2244 [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:28:14.0750 2244 FastUserSwitchingCompatibility - ok
10:28:14.0765 2244 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:28:14.0765 2244 Fdc - ok
10:28:14.0796 2244 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:28:14.0812 2244 Fips - ok
10:28:14.0812 2244 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:28:14.0812 2244 Flpydisk - ok
10:28:14.0859 2244 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:28:14.0859 2244 FltMgr - ok
10:28:14.0921 2244 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:28:14.0953 2244 FontCache3.0.0.0 - ok
10:28:14.0953 2244 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:28:14.0953 2244 Fs_Rec - ok
10:28:14.0953 2244 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:28:14.0953 2244 Ftdisk - ok
10:28:14.0984 2244 [ 9A58148406E1BB4A2265B84320DEDC2B ] GDMnIcpt C:\WINDOWS\system32\drivers\MiniIcpt.sys
10:28:15.0000 2244 GDMnIcpt - ok
10:28:15.0000 2244 gdrv - ok
10:28:15.0015 2244 [ E6D8269EE03119FA4C54B7B59D9699BF ] GDTdiInterceptor C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
10:28:15.0015 2244 GDTdiInterceptor - ok
10:28:15.0046 2244 [ 5DC17164F66380CBFEFD895C18467773 ] GearAspiWDM C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
10:28:15.0046 2244 GearAspiWDM - ok
10:28:15.0062 2244 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:28:15.0062 2244 Gpc - ok
10:28:15.0078 2244 [ AAEA50A15F0E0B0E92848DBFDC072ECE ] GRD C:\WINDOWS\system32\drivers\GRD.sys
10:28:15.0078 2244 GRD - ok
10:28:15.0171 2244 [ 19FEE61C78B50D70BA8900150D2A3A8A ] HauppaugeTVServer C:\PROGRA~1\WinTV\HCWTVS~1.EXE
10:28:15.0218 2244 HauppaugeTVServer - ok
10:28:15.0265 2244 [ A036414384B1F3F36D7E40286CF6DD07 ] hcw95bda C:\WINDOWS\system32\Drivers\hcw95bda.sys
10:28:15.0265 2244 hcw95bda - ok
10:28:15.0265 2244 [ A83862F32F86DA77B1AB3A11E18BB62F ] hcw95rc C:\WINDOWS\system32\DRIVERS\hcw95rc.sys
10:28:15.0281 2244 hcw95rc - ok
10:28:15.0296 2244 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:28:15.0296 2244 HDAudBus - ok
10:28:15.0375 2244 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:28:15.0375 2244 helpsvc - ok
10:28:15.0375 2244 [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ C:\WINDOWS\System32\hidserv.dll
10:28:15.0375 2244 HidServ - ok
10:28:15.0390 2244 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:28:15.0390 2244 HidUsb - ok
10:28:15.0406 2244 [ 33EF584AA0B583D2F106D62FD3A5A053 ] HookCentre C:\WINDOWS\system32\drivers\HookCentre.sys
10:28:15.0421 2244 HookCentre - ok
10:28:15.0421 2244 hpn - ok
10:28:15.0468 2244 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:28:15.0468 2244 HTTP - ok
10:28:15.0484 2244 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:28:15.0500 2244 HTTPFilter - ok
10:28:15.0500 2244 i2omgmt - ok
10:28:15.0500 2244 i2omp - ok
10:28:15.0515 2244 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:28:15.0515 2244 i8042prt - ok
10:28:15.0578 2244 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:28:15.0609 2244 IDriverT - ok
10:28:15.0656 2244 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:28:15.0703 2244 idsvc - ok
10:28:15.0750 2244 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:28:15.0765 2244 Imapi - ok
10:28:15.0796 2244 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
10:28:15.0796 2244 ImapiService - ok
10:28:15.0812 2244 ini910u - ok
10:28:15.0906 2244 [ 3D3F703B44A26D9C676EC3E2A03BA811 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:28:15.0937 2244 IntcAzAudAddService - ok
10:28:15.0937 2244 IntelIde - ok
10:28:15.0968 2244 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:28:15.0984 2244 Ip6Fw - ok
10:28:16.0000 2244 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:28:16.0000 2244 IpFilterDriver - ok
10:28:16.0015 2244 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:28:16.0015 2244 IpInIp - ok
10:28:16.0031 2244 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:28:16.0046 2244 IpNat - ok
10:28:16.0062 2244 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:28:16.0062 2244 IPSec - ok
10:28:16.0078 2244 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:28:16.0078 2244 IRENUM - ok
10:28:16.0109 2244 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:28:16.0109 2244 isapnp - ok
10:28:16.0171 2244 [ A1509BA3A5FDC5366146E92B3D130EB5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
10:28:16.0187 2244 JavaQuickStarterService - ok
10:28:16.0203 2244 [ FE372FDE0AFC9F724ED9393A33AC9AA7 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
10:28:16.0203 2244 JRAID - ok
10:28:16.0218 2244 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:28:16.0218 2244 Kbdclass - ok
10:28:16.0234 2244 [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:28:16.0234 2244 kbdhid - ok
10:28:16.0265 2244 [ 2CF7C3DD0102A32A680EF97F3B1C861A ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
10:28:16.0265 2244 KLIF - ok
10:28:16.0312 2244 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:28:16.0312 2244 kmixer - ok
10:28:16.0328 2244 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:28:16.0328 2244 KSecDD - ok
10:28:16.0343 2244 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:28:16.0343 2244 lanmanserver - ok
10:28:16.0375 2244 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:28:16.0375 2244 lanmanworkstation - ok
10:28:16.0375 2244 lbrtfdc - ok
10:28:16.0406 2244 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:28:16.0406 2244 LmHosts - ok
10:28:16.0421 2244 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:28:16.0421 2244 Messenger - ok
10:28:16.0421 2244 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:28:16.0437 2244 mnmdd - ok
10:28:16.0453 2244 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:28:16.0453 2244 mnmsrvc - ok
10:28:16.0468 2244 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:28:16.0468 2244 Modem - ok
10:28:16.0500 2244 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
10:28:16.0531 2244 Monfilt - ok
10:28:16.0531 2244 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:28:16.0546 2244 Mouclass - ok
10:28:16.0562 2244 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:28:16.0578 2244 mouhid - ok
10:28:16.0578 2244 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:28:16.0578 2244 MountMgr - ok
10:28:16.0593 2244 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
10:28:16.0609 2244 MPE - ok
10:28:16.0609 2244 mraid35x - ok
10:28:16.0625 2244 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:28:16.0625 2244 MRxDAV - ok
10:28:16.0656 2244 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:28:16.0656 2244 MRxSmb - ok
10:28:16.0687 2244 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:28:16.0687 2244 MSDTC - ok
10:28:16.0703 2244 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:28:16.0703 2244 Msfs - ok
10:28:16.0703 2244 MSIServer - ok
10:28:16.0718 2244 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:28:16.0718 2244 MSKSSRV - ok
10:28:16.0781 2244 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:28:16.0781 2244 MSPCLOCK - ok
10:28:16.0796 2244 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:28:16.0796 2244 MSPQM - ok
10:28:16.0812 2244 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:28:16.0812 2244 mssmbios - ok
10:28:16.0828 2244 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:28:16.0843 2244 MSTEE - ok
10:28:16.0843 2244 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:28:16.0843 2244 Mup - ok
10:28:16.0859 2244 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:28:16.0859 2244 NABTSFEC - ok
10:28:16.0875 2244 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:28:16.0875 2244 NDIS - ok
10:28:16.0890 2244 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:28:16.0906 2244 NdisIP - ok
10:28:16.0906 2244 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:28:16.0906 2244 NdisTapi - ok
10:28:16.0953 2244 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:28:16.0953 2244 Ndisuio - ok
10:28:16.0953 2244 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:28:16.0968 2244 NdisWan - ok
10:28:16.0968 2244 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:28:16.0984 2244 NDProxy - ok
10:28:16.0984 2244 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:28:16.0984 2244 NetBIOS - ok
10:28:16.0984 2244 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:28:17.0000 2244 NetBT - ok
10:28:17.0015 2244 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:28:17.0031 2244 NetDDE - ok
10:28:17.0031 2244 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:28:17.0031 2244 NetDDEdsdm - ok
10:28:17.0062 2244 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:28:17.0062 2244 Netlogon - ok
10:28:17.0093 2244 [ 1E5218FBE323C375B488318950E10FB4 ] Netman C:\WINDOWS\System32\netman.dll
10:28:17.0093 2244 Netman - ok
10:28:17.0125 2244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:28:17.0140 2244 NetTcpPortSharing - ok
10:28:17.0156 2244 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:28:17.0156 2244 NIC1394 - ok
10:28:17.0187 2244 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll
10:28:17.0187 2244 Nla - ok
10:28:17.0187 2244 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:28:17.0203 2244 Npfs - ok
10:28:17.0234 2244 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:28:17.0250 2244 Ntfs - ok
10:28:17.0250 2244 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:28:17.0250 2244 NtLmSsp - ok
10:28:17.0265 2244 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:28:17.0281 2244 NtmsSvc - ok
10:28:17.0296 2244 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:28:17.0296 2244 Null - ok
10:28:17.0296 2244 [ CCE7C2B70D68A5314CBFDF91E84B248D ] nusb3hub C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
10:28:17.0312 2244 nusb3hub - ok
10:28:17.0343 2244 [ 5A3EFB79D50726FF98D7B5D8CFF9634B ] nusb3xhc C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
10:28:17.0359 2244 nusb3xhc - ok
10:28:17.0609 2244 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:28:17.0828 2244 nv - ok
10:28:17.0859 2244 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:28:17.0859 2244 NVSvc - ok
10:28:17.0890 2244 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:28:17.0890 2244 NwlnkFlt - ok
10:28:17.0890 2244 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:28:17.0906 2244 NwlnkFwd - ok
10:28:17.0906 2244 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:28:17.0906 2244 ohci1394 - ok
10:28:17.0906 2244 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:28:17.0921 2244 Parport - ok
10:28:17.0921 2244 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:28:17.0921 2244 PartMgr - ok
10:28:17.0953 2244 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:28:17.0953 2244 ParVdm - ok
10:28:17.0968 2244 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:28:17.0968 2244 PCI - ok
10:28:17.0968 2244 PCIDump - ok
10:28:17.0984 2244 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:28:17.0984 2244 PCIIde - ok
10:28:17.0984 2244 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:28:18.0000 2244 Pcmcia - ok
10:28:18.0000 2244 PDCOMP - ok
10:28:18.0000 2244 PDFRAME - ok
10:28:18.0000 2244 PDRELI - ok
10:28:18.0015 2244 PDRFRAME - ok
10:28:18.0015 2244 perc2 - ok
10:28:18.0015 2244 perc2hib - ok
10:28:18.0046 2244 [ 65F6B774819BD727358157CEDEA67B8E ] PlugPlay C:\WINDOWS\system32\services.exe
10:28:18.0046 2244 PlugPlay - ok
10:28:18.0046 2244 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:28:18.0046 2244 PolicyAgent - ok
10:28:18.0046 2244 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:28:18.0062 2244 PptpMiniport - ok
10:28:18.0093 2244 [ 3D7F196E77F986C106E9320B81A5EBBF ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:28:18.0093 2244 Processor - ok
10:28:18.0109 2244 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:28:18.0109 2244 ProtectedStorage - ok
10:28:18.0109 2244 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:28:18.0109 2244 PSched - ok
10:28:18.0125 2244 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:28:18.0125 2244 Ptilink - ok
10:28:18.0125 2244 ql1080 - ok
10:28:18.0125 2244 Ql10wnt - ok
10:28:18.0140 2244 ql12160 - ok
10:28:18.0140 2244 ql1240 - ok
10:28:18.0140 2244 ql1280 - ok
10:28:18.0140 2244 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:28:18.0140 2244 RasAcd - ok
10:28:18.0171 2244 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:28:18.0171 2244 RasAuto - ok
10:28:18.0171 2244 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:28:18.0171 2244 Rasl2tp - ok
10:28:18.0203 2244 [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:28:18.0218 2244 RasMan - ok
10:28:18.0218 2244 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:28:18.0218 2244 RasPppoe - ok
10:28:18.0218 2244 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:28:18.0234 2244 Raspti - ok
10:28:18.0250 2244 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:28:18.0250 2244 Rdbss - ok
10:28:18.0250 2244 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:28:18.0250 2244 RDPCDD - ok
10:28:18.0281 2244 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:28:18.0312 2244 RDPWD - ok
10:28:18.0328 2244 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:28:18.0343 2244 RDSessMgr - ok
10:28:18.0375 2244 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:28:18.0375 2244 redbook - ok
10:28:18.0390 2244 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:28:18.0406 2244 RemoteAccess - ok
10:28:18.0421 2244 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
10:28:18.0421 2244 RpcLocator - ok
10:28:18.0453 2244 [ D45BBCDDC74A1B0259A0C4B00C190D20 ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:28:18.0453 2244 RpcSs - ok
10:28:18.0468 2244 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:28:18.0468 2244 RSVP - ok
10:28:18.0500 2244 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:28:18.0515 2244 RTLE8023xp - ok
10:28:18.0515 2244 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
10:28:18.0515 2244 SamSs - ok
10:28:18.0562 2244 [ 8767091E7B57C686B3F97754C30949BE ] SbieDrv C:\Programme\Sandboxie\SbieDrv.sys
10:28:18.0562 2244 SbieDrv - ok
10:28:18.0578 2244 [ B5354D391912E3ABC13E3B9E31D79367 ] SbieSvc C:\Programme\Sandboxie\SbieSvc.exe
10:28:18.0578 2244 SbieSvc - ok
10:28:18.0593 2244 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:28:18.0609 2244 SCardSvr - ok
10:28:18.0625 2244 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:28:18.0625 2244 Schedule - ok
10:28:18.0656 2244 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:28:18.0671 2244 Secdrv - ok
10:28:18.0703 2244 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
10:28:18.0703 2244 seclogon - ok
10:28:18.0703 2244 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
10:28:18.0703 2244 SENS - ok
10:28:18.0703 2244 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:28:18.0718 2244 serenum - ok
10:28:18.0718 2244 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:28:18.0734 2244 Serial - ok
10:28:18.0750 2244 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:28:18.0765 2244 Sfloppy - ok
10:28:18.0781 2244 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:28:18.0796 2244 SharedAccess - ok
10:28:18.0812 2244 [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:28:18.0812 2244 ShellHWDetection - ok
10:28:18.0812 2244 Simbad - ok
10:28:18.0843 2244 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:28:18.0859 2244 SLIP - ok
10:28:18.0859 2244 Sparrow - ok
10:28:18.0875 2244 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:28:18.0890 2244 splitter - ok
10:28:18.0890 2244 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:28:18.0890 2244 Spooler - ok
10:28:18.0921 2244 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:28:18.0921 2244 sr - ok
10:28:18.0984 2244 [ BDA0ECC7CBA1D3B9FD7FF2881BF9B463 ] srescan C:\WINDOWS\system32\ZoneLabs\srescan.sys
10:28:19.0015 2244 srescan - ok
10:28:19.0015 2244 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
10:28:19.0015 2244 srservice - ok
10:28:19.0046 2244 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:28:19.0046 2244 Srv - ok
10:28:19.0062 2244 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:28:19.0062 2244 SSDPSRV - ok
10:28:19.0109 2244 [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:28:19.0109 2244 stisvc - ok
10:28:19.0125 2244 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:28:19.0125 2244 streamip - ok
10:28:19.0125 2244 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:28:19.0140 2244 swenum - ok
10:28:19.0156 2244 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:28:19.0156 2244 swmidi - ok
10:28:19.0171 2244 SwPrv - ok
10:28:19.0171 2244 symc810 - ok
10:28:19.0171 2244 symc8xx - ok
10:28:19.0171 2244 sym_hi - ok
10:28:19.0171 2244 sym_u3 - ok
10:28:19.0203 2244 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:28:19.0203 2244 sysaudio - ok
10:28:19.0218 2244 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:28:19.0234 2244 SysmonLog - ok
10:28:19.0281 2244 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:28:19.0281 2244 TapiSrv - ok
10:28:19.0312 2244 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:28:19.0328 2244 Tcpip - ok
10:28:19.0343 2244 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:28:19.0359 2244 TDPIPE - ok
10:28:19.0359 2244 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:28:19.0375 2244 TDTCP - ok
10:28:19.0375 2244 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:28:19.0390 2244 TermDD - ok
10:28:19.0406 2244 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
10:28:19.0421 2244 TermService - ok
10:28:19.0421 2244 [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes C:\WINDOWS\System32\shsvcs.dll
10:28:19.0421 2244 Themes - ok
10:28:19.0421 2244 TosIde - ok
10:28:19.0421 2244 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:28:19.0421 2244 TrkWks - ok
10:28:19.0468 2244 [ AA241431B3AF27B0CAAC25B313AB5121 ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
10:28:19.0484 2244 TuneUp.Defrag - ok
10:28:19.0500 2244 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:28:19.0515 2244 Udfs - ok
10:28:19.0531 2244 ultra - ok
10:28:19.0546 2244 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
10:28:19.0562 2244 UnlockerDriver5 - ok
10:28:19.0578 2244 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:28:19.0578 2244 Update - ok
10:28:19.0609 2244 [ 855790C1BACED245A6B210AF430ED17B ] upnphost C:\WINDOWS\System32\upnphost.dll
10:28:19.0625 2244 upnphost - ok
10:28:19.0625 2244 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
10:28:19.0640 2244 UPS - ok
10:28:19.0656 2244 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:28:19.0687 2244 usbccgp - ok
10:28:19.0687 2244 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:28:19.0703 2244 usbehci - ok
10:28:19.0703 2244 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:28:19.0703 2244 usbhub - ok
10:28:19.0718 2244 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:28:19.0718 2244 usbohci - ok
10:28:19.0718 2244 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:28:19.0734 2244 usbprint - ok
10:28:19.0734 2244 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:28:19.0750 2244 usbscan - ok
10:28:19.0750 2244 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:28:19.0765 2244 USBSTOR - ok
10:28:19.0781 2244 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
10:28:19.0781 2244 UxTuneUp - ok
10:28:19.0781 2244 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:28:19.0796 2244 VgaSave - ok
10:28:19.0796 2244 ViaIde - ok
10:28:19.0812 2244 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:28:19.0812 2244 VolSnap - ok
10:28:19.0828 2244 [ 279761AD6562C0D4309CB1BBB260233F ] vsdatant C:\WINDOWS\system32\vsdatant.sys
10:28:19.0843 2244 vsdatant - ok
10:28:19.0843 2244 vsmon - ok
10:28:19.0859 2244 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
10:28:19.0875 2244 VSS - ok
10:28:19.0906 2244 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
10:28:19.0906 2244 W32Time - ok
10:28:19.0921 2244 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:28:19.0921 2244 Wanarp - ok
10:28:19.0968 2244 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
10:28:19.0984 2244 Wdf01000 - ok
10:28:19.0984 2244 WDICA - ok
10:28:19.0984 2244 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:28:20.0000 2244 wdmaud - ok
10:28:20.0031 2244 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:28:20.0031 2244 WebClient - ok
10:28:20.0093 2244 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:28:20.0093 2244 winmgmt - ok
10:28:20.0125 2244 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:28:20.0125 2244 WmdmPmSN - ok
10:28:20.0156 2244 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:28:20.0156 2244 WmiAcpi - ok
10:28:20.0187 2244 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:28:20.0187 2244 WmiApSrv - ok
10:28:20.0265 2244 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:28:20.0296 2244 WPFFontCache_v0400 - ok
10:28:20.0328 2244 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:28:20.0343 2244 wscsvc - ok
10:28:20.0343 2244 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:28:20.0359 2244 WSTCODEC - ok
10:28:20.0375 2244 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:28:20.0375 2244 wuauserv - ok
10:28:20.0390 2244 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:28:20.0406 2244 WudfPf - ok
10:28:20.0421 2244 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:28:20.0437 2244 WudfRd - ok
10:28:20.0437 2244 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:28:20.0468 2244 WudfSvc - ok
10:28:20.0500 2244 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:28:20.0500 2244 WZCSVC - ok
10:28:20.0515 2244 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:28:20.0562 2244 xmlprov - ok
10:28:20.0578 2244 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
10:28:20.0593 2244 xusb21 - ok
10:28:20.0593 2244 ================ Scan global ===============================
10:28:20.0625 2244 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
10:28:20.0656 2244 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
10:28:20.0656 2244 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
10:28:20.0687 2244 [ 65F6B774819BD727358157CEDEA67B8E ] C:\WINDOWS\system32\services.exe
10:28:20.0687 2244 [Global] - ok
10:28:20.0687 2244 ================ Scan MBR ==================================
10:28:20.0703 2244 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:28:20.0859 2244 \Device\Harddisk0\DR0 - ok
10:28:20.0859 2244 ================ Scan VBR ==================================
10:28:20.0859 2244 [ 3A84A1AD86A1C79B689C37BEA58A4232 ] \Device\Harddisk0\DR0\Partition1
10:28:20.0859 2244 \Device\Harddisk0\DR0\Partition1 - ok
10:28:20.0890 2244 [ 47FCE067D1FA37AD219923E262D47216 ] \Device\Harddisk0\DR0\Partition2
10:28:20.0890 2244 \Device\Harddisk0\DR0\Partition2 - ok
10:28:20.0890 2244 ============================================================
10:28:20.0890 2244 Scan finished
10:28:20.0890 2244 ============================================================
10:28:20.0906 2632 Detected object count: 0
10:28:20.0906 2632 Actual detected object count: 0
10:28:35.0640 3312 Deinitialize success
Code:
ATTFilter # AdwCleaner v2.005 - Datei am 15/10/2012 um 10:29:37 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Kuma - HOMENET
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Kuma\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [610 octets] - [15/10/2012 10:29:37]
########## EOF - C:\AdwCleaner[R1].txt - [669 octets] ##########
|
|
15.10.2012, 09:42
| #4 |
| /// Malwareteam | Sicherheitswarnung von Adobe Flash Player Schritt 1: Fix mit OTL
Code:
ATTFilter :OTL
O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
@Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:44807EFA
@Alternate Data Stream - 180 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:408F95E5
:COMMANDS
[emptytemp]
[emptyjava]
[emptyflash]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 10:13
| #5 |
| | Sicherheitswarnung von Adobe Flash Player Neues OTL und MBAM Code:
ATTFilter All processes killed
========== OTL ==========
121.128.133.26 gwgt1.joymax.com removed from HOSTS file successfully
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:44807EFA deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:408F95E5 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Kuma
->Temp folder emptied: 1026287 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4046295 bytes
->Flash cache emptied: 551 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 466944 bytes
%systemroot%\System32 .tmp files removed: 2833287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16896 bytes
RecycleBin emptied: 82849 bytes
Total Files Cleaned = 8,00 mb
[EMPTYJAVA]
User: All Users
User: Default User
User: Kuma
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Java Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Kuma
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10152012_110816
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT00a96.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT00a99.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.15.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer v8.0.6001.18702 Kuma :: HOMENET [Administrator] 15.10.2012 11:15:46 mbam-log-2012-10-15 (11-15-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 179124 Laufzeit: 2 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
15.10.2012, 10:20
| #6 |
| /// Malwareteam | Sicherheitswarnung von Adobe Flash Player Macht der Rechner noch Probleme?
__________________ --> Sicherheitswarnung von Adobe Flash Player |
|
15.10.2012, 10:30
| #7 | |
| | Sicherheitswarnung von Adobe Flash PlayerZitat:
Und der Live-Messenger stürzt weiterhin ab, wenn er den Internet Explorer startet. |
|
15.10.2012, 10:57
| #8 |
| /// Malwareteam | Sicherheitswarnung von Adobe Flash Player Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 14:20
| #9 |
| | Sicherheitswarnung von Adobe Flash Player MBAM fullscan Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.15.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Kuma :: HOMENET [Administrator] 15.10.2012 12:14:43 mbam-log-2012-10-15 (12-14-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 307536 Laufzeit: 52 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Dokumente und Einstellungen\Kuma\Anwendungsdaten\Mozilla\Firefox\Profiles\afla9uxo.default\prefs.js - JS/SecurityDisabler.A.Gen application
C:\Dokumente und Einstellungen\Kuma\Eigene Dateien\Eigene Downloads\videomach-5.8.4-setup.exe - Win32/Adware.ADON application
C:\Sandbox\Kuma\MSN\user\current\Anwendungsdaten\Mozilla\Firefox\Profiles\afla9uxo.default\prefs.js - JS/SecurityDisabler.A.Gen application
|
|
15.10.2012, 14:42
| #10 | |
| /// Malwareteam | Sicherheitswarnung von Adobe Flash Player Schritt 1: Software deinstallieren
Schritt 2: Fix mit OTL
Code:
ATTFilter :OTL
C:\Dokumente und Einstellungen\Kuma\Anwendungsdaten\Mozilla\Firefox\Profiles\afla9uxo.default\prefs.js
C:\Dokumente und Einstellungen\Kuma\Eigene Dateien\Eigene Downloads\videomach-5.8.4-setup.exe
[emptytemp]
Schritt 3: Adobe Flash Player
Schritt 4: Mozilla Firefox update Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
Besteht dein Problem mit Flash nun immer noch?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 18:56
| #11 |
| | Sicherheitswarnung von Adobe Flash Player Neues OTL (sieht irgendwie seltsam aus, hab deshalb vorerst den Flashplayer nicht neuinstalliert, was nun?) Code:
ATTFilter All processes killed
========== OTL ==========
File ptytemp] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 10152012_200133
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von Kimochi (15.10.2012 um 19:09 Uhr) |
|
15.10.2012, 19:08
| #12 |
| /// Malwareteam | Sicherheitswarnung von Adobe Flash Player Du hast nicht den kompletten Fix kopiert! Achte darauf und beginne ab OTL-Fix erneut!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 19:20
| #13 |
| | Sicherheitswarnung von Adobe Flash Player Hab es nochmal Neu gemacht (und genau drauf geachtet), Ergebniss ist aber immernoch das selbe, kann es sein, dass der Fix unvollständig ist ? oO Code:
ATTFilter All processes killed
========== OTL ==========
File ptytemp] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 10152012_202736
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
16.10.2012, 07:04
| #14 | |
| /// Malwareteam | Sicherheitswarnung von Adobe Flash Player Das ist richtig - mein Fehler an dieser Stelle!  Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.10.2012, 07:48
| #15 |
| | Sicherheitswarnung von Adobe Flash Player Wieder neues OTL, die beiden dateien sind aber immernoch da  Code:
ATTFilter All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kuma
->Temp folder emptied: 115136 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2189144 bytes
->Flash cache emptied: 492 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_084649
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT0175f.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT07ba5.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Sicherheitswarnung von Adobe Flash Player |
| antivirus, audacity, bho, downloader, error, fehler, firefox, flash player, fontcache, format, g-data, google, help, home, internet, internet explorer, kaspersky, logfile, ntdll.dll, plug-in, problem, realtek, registry, rundll, schädling, security, software, usb, usb 3.0, warnung, win32k.sys |
Textbox.
Linear-Darstellung
