|
Log-Analyse und Auswertung: Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.PWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.05.2013, 21:00 | #1 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Hallo Trojanerboard-Team, ich habe mir heute die Quarantäne meines Norton Anti Virus angeschaut und festgestellt, dass Norton während der letzten Routinescans folgende Trojaner gefunden hat: Der Virenscanner hat folgenden Trojaner gefunden: Trojan.Ransomlock.P Der E-Mail-Scanner hat folgende Trojaner gefunden: Trojan.Ransomlock.P Trojan.FakeAV WS.SecRiskOther.1 Ich habe mich an die Anleitung zur Erstellung von Threads gehalten und das sind meine Dateien: OTL.txt Code:
ATTFilter OTL logfile created on: 12.05.2013 18:43:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Turtle\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 72,08% Memory free 4,97 Gb Paging File | 4,17 Gb Available in Paging File | 83,96% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 95,53 Gb Free Space | 74,64% Space Free | Partition Type: NTFS Drive D: | 104,89 Gb Total Space | 45,91 Gb Free Space | 43,77% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 758,96 Gb Free Space | 81,50% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 1722,08 Gb Free Space | 92,44% Space Free | Partition Type: NTFS Computer Name: TURTLETANK | User Name: Turtle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.12 18:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe PRC - [2012.12.24 13:40:01 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.07.02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe PRC - [2010.03.24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.03.18 20:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe PRC - [2010.03.02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.06.10 11:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe ========== Modules (No Company Name) ========== MOD - [2013.04.11 22:24:48 | 000,115,137 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2013.02.25 11:14:54 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\0b4349ec9a08f8b0c1b7efe7e9713816\Kies.UI.ni.dll MOD - [2013.01.26 14:15:59 | 014,336,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\fd7042bb1879ebeaf704c938d7cbb808\Kies.Theme.ni.dll MOD - [2013.01.26 14:15:59 | 000,033,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d9a2d325fafc4a781c16ad90acd2c6a7\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.01.26 14:15:53 | 000,194,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\30cf279ac30cf9eb752a1f30af173288\ASF_cSharpAPI.ni.dll MOD - [2013.01.26 14:15:50 | 000,562,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e7e488278db7ff357934c20d9fda02d0\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.01.26 14:15:47 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\84c01e81da471d0a185edc52c52e132f\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.01.26 13:48:09 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2d0895996454caa76b595ffc245e3a41\Kies.MVVM.ni.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.08.23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012.07.02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll MOD - [2012.03.01 01:58:00 | 000,357,184 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nview\nvShell.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDScannerService) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.04.14 19:39:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.13 23:29:58 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.24 13:40:01 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.01.08 14:30:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\COMMONFX.DLL -- (COMMONFX.DLL) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.04.13 01:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.02.16 11:01:01 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130511.005\NAVEX15.SYS -- (NAVEX15) DRV - [2013.02.16 11:01:01 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.02.16 11:01:01 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130511.005\NAVENG.SYS -- (NAVENG) DRV - [2013.01.31 05:18:18 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symtdi.sys -- (SYMTDI) DRV - [2013.01.31 05:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symefa.sys -- (SymEFA) DRV - [2013.01.29 03:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtsp.sys -- (SRTSP) DRV - [2013.01.29 03:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtspx.sys -- (SRTSPX) DRV - [2013.01.22 04:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symds.sys -- (SymDS) DRV - [2012.11.25 01:56:37 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV79.sys -- (SSHDRV79) DRV - [2012.11.16 04:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ironx86.sys -- (SymIRON) DRV - [2012.11.16 04:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.09.30 14:03:54 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2012.09.30 14:03:54 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2012.09.30 11:56:49 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.09.28 12:32:14 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130510.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.08.09 19:54:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.03.10 13:40:56 | 000,044,227 | ---- | M] (ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@nero.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NeroCd2k.sys -- (NeroCd2k) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.03.18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2010.03.18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2010.03.18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2010.03.18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2010.03.18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2010.03.18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2010.03.18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2010.03.18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010.03.18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) DRV - [2010.03.18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2010.03.18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS) DRV - [2010.03.18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX) DRV - [2010.03.18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS) DRV - [2010.03.18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX) DRV - [2010.03.18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS) DRV - [2010.03.18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX) DRV - [2010.03.18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS) DRV - [2010.03.18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX) DRV - [2008.04.13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.12.06 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007.04.12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL) DRV - [2007.04.12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV - [2007.04.12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV - [2007.04.12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV - [2007.04.12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV - [2007.04.12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV - [2007.04.12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV - [2006.07.01 11:47:08 | 000,041,216 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2006.06.16 09:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2006.02.07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO) DRV - [2005.12.22 04:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.04.27 17:26:48 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.3.19 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: d:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.05.12 18:37:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.09.30 12:03:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013.04.14 19:39:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.04.14 19:39:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.04.13 09:52:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.03.31 17:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Extensions [2012.03.31 17:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2013.03.10 13:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\extensions [2013.03.10 13:16:35 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\extensions\2020Player_IKEA@2020Technologies.com [2012.01.02 13:47:53 | 000,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\searchplugins\safesearch.xml [2013.05.12 18:37:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\COFFPLGN [2012.09.30 12:03:04 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPLGN O1 HOSTS File: ([2011.12.26 23:37:22 | 000,439,952 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15126 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} https://email.sanofi-aventis.com/exchweb/controls/DAX.cab (DAX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4FEE05C-CA0A-432E-997C-F58E47710FC9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.26 16:08:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.02.27 01:57:36 | 000,000,120 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010.07.10 03:03:33 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.12 18:42:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe [2013.05.06 08:48:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Turtle\Desktop\Einladung Uschi [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.12 18:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe [2013.05.12 18:42:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\defogger_reenable [2013.05.12 18:40:43 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\Defogger.exe [2013.05.12 18:35:14 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.12 18:35:14 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.05.12 18:35:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.12 15:33:28 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:32:48 | 004,934,855 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000002-00001102-00000004-20021102}.CDF [2013.05.12 15:32:48 | 004,934,855 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000002-00001102-00000004-20021102}.BAK [2013.05.12 15:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.05 12:25:02 | 000,002,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer Deluxe 2013.lnk [2013.04.20 13:38:06 | 000,638,117 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1403010.016\Cat.DB [2013.04.20 13:37:48 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1403010.016\VT20130115.021 [2013.04.14 12:43:47 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.13 09:54:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.12 18:42:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\defogger_reenable [2013.05.12 18:40:43 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\Defogger.exe [2013.04.08 09:53:02 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013.03.29 21:32:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2013.01.26 12:37:10 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.11.25 01:56:37 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV79.sys [2012.09.30 14:03:54 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2012.09.30 14:03:54 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2012.07.25 22:44:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012.07.14 18:35:51 | 000,657,575 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1202660629-1801674531-682003330-1004-0.dat [2012.07.14 18:35:49 | 000,160,970 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.02.16 21:43:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.02 20:29:47 | 000,121,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.02 16:08:56 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011.12.27 11:52:01 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.12.27 00:11:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.12.27 00:11:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.12.27 00:11:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.12.27 00:11:19 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.12.26 20:03:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.26 16:50:10 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2011.12.26 16:50:10 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2011.12.26 16:50:09 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2011.12.26 16:50:09 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2011.12.26 16:36:56 | 000,029,358 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2011.12.26 16:36:34 | 000,029,320 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.12.26 16:36:31 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011.12.26 16:36:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.12.26 16:09:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.12.26 16:06:13 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.12.26 15:51:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.26 15:50:41 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2011.11.01 22:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.17 05:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [2012.01.02 15:15:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canon IJ Network Tool [2012.01.02 14:54:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.01.02 15:17:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP [2012.01.02 16:15:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2012.01.02 15:17:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2 [2012.01.02 15:01:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup [2012.02.23 09:02:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2012.01.02 14:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2012.02.13 00:36:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DSS [2012.02.13 00:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2012.02.13 00:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2012.02.26 16:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2013.01.26 13:33:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.08.17 19:01:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoGenie [2013.03.29 21:32:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games [2012.07.14 10:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2013.01.26 13:33:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SQL Anywhere 11 [2013.05.12 13:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2012.06.30 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.03.10 17:52:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Amazon [2012.02.23 09:02:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Canon [2012.10.07 15:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Canon Easy-WebPrint EX [2012.03.31 17:02:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Haufe Mediengruppe [2013.01.26 13:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Lexware [2013.03.13 21:54:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\MyPhoneExplorer [2012.07.14 11:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Samsung [2012.02.11 18:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Thunderbird ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 5632 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\Turtle\Cookies:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Vorlagen:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Dokumente und Einstellungen\Turtle\Eigene Dateien\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Vorlagen:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\desktop.ini:gs5sys < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 12.05.2013 18:43:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Turtle\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 72,08% Memory free 4,97 Gb Paging File | 4,17 Gb Available in Paging File | 83,96% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 95,53 Gb Free Space | 74,64% Space Free | Partition Type: NTFS Drive D: | 104,89 Gb Total Space | 45,91 Gb Free Space | 43,77% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 758,96 Gb Free Space | 81,50% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 1722,08 Gb Free Space | 92,44% Space Free | Partition Type: NTFS Computer Name: TURTLETANK | User Name: Turtle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "d:\Programme\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [dm-Fotowelt] -- "d:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "d:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OnlineFotoservice] -- "d:\Programme\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.) "D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "D:\Programme\Steam\Steam.exe" = D:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "D:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = D:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- () "C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe" = C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe:*:Enabled:Lexware Datenbank Server -- (iAnywhere Solutions, Inc.) "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X "{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}" = ASUS DH Remote "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1" = Torchlight II "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6 "{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service "{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A733DC44-DC71-447D-AD6C-33B9AB537828}" = QuickSteuer Deluxe 2013 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{BE672587-331F-42F7-BC38-D59759311C75}" = Lexware reisekosten plus 2012 "{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2012 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AudioCS" = Creative-Audiokonsole "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Creative Software AutoUpdate" = Creative Software AutoUpdate "Diablo III" = Diablo III "dm-Fotowelt" = dm-Fotowelt "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "fotokasten comfort_is1" = fotokasten comfort 4.4 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MPE" = MyPhoneExplorer "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MWAREDATT" = Messageware AttachView Add-in for Saving Files x64 "Nero - Burning Rom!UninstallKey" = Nero 6 Demo "NIS" = Norton Internet Security "OnlineFotoservice" = OnlineFotoservice "Sacred_is1" = Sacred "Steam App 550" = Left 4 Dead 2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "xp-AntiSpy" = xp-AntiSpy 3.98-1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.02.2013 04:26:19 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 24.02.2013 15:46:22 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 24.03.2013 12:35:02 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 25.03.2013 03:15:50 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 25.03.2013 07:46:11 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 26.03.2013 15:54:32 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 27.03.2013 02:26:22 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 27.03.2013 04:51:20 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 29.03.2013 03:44:54 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 29.03.2013 14:00:06 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 10.05.2013 02:31:42 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.05.2013 05:06:36 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 11.05.2013 05:06:36 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.05.2013 12:17:51 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 11.05.2013 12:17:51 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.05.2013 05:44:04 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 12.05.2013 05:44:04 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.05.2013 06:04:50 | Computer Name = TURTLETANK | Source = Print | ID = 6161 Description = Das Dokument Mappe1, im Besitz von Turtle, konnte nicht auf dem Drucker Canon MG5200 series Printer (Kopie 1) gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 655360. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\TURTLETANK. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 3 (0x3). Error - 12.05.2013 12:35:41 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 12.05.2013 12:35:41 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Ich würde mich freuen, wenn mir jemand bei der Bereinigung meines Systems hlfen kann. Eine Aktivität der Trojaner ist mir übrigens nicht aufgefallen, d.h., der Rechner verhält sich wie immer. Viele Grüße Ariadne |
12.05.2013, 21:02 | #2 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Wie oben erklärt, anbei die Gmer.txt:
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-12 21:41:41 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 HDT722525DLA380 rev.V44OA9BA 232,89GB Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Turtle\LOKALE~1\Temp\pwldyaow.sys ---- System - GMER 2.1 ---- SSDT 8AA018D0 ZwAlertResumeThread SSDT 8A9B1128 ZwAlertThread SSDT 8A96B290 ZwAllocateVirtualMemory SSDT 8A997C50 ZwAssignProcessToJobObject SSDT 8A962220 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xB4505ED0] SSDT 8A9465A8 ZwCreateMutant SSDT 89DF5B50 ZwCreateSymbolicLinkObject SSDT 8A269680 ZwCreateThread SSDT 8A97C0D0 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xB4506150] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xB4506810] SSDT 8A9730E8 ZwDuplicateObject SSDT 8AAA1698 ZwFreeVirtualMemory SSDT 8A9B0948 ZwImpersonateAnonymousToken SSDT 8AA2FBF8 ZwImpersonateThread SSDT 89DF00B8 ZwLoadDriver SSDT 8A2700B0 ZwMapViewOfSection SSDT 8A9B0910 ZwOpenEvent SSDT 89E26A58 ZwOpenProcess SSDT 8A95BEE8 ZwOpenProcessToken SSDT 8A9ACB88 ZwOpenSection SSDT 8A985838 ZwOpenThread SSDT 89D1CBB0 ZwProtectVirtualMemory SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xB4506D80] SSDT 89E4FE48 ZwResumeThread SSDT 8AA37998 ZwSetContextThread SSDT 89D5B270 ZwSetInformationProcess SSDT 8A9810C8 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xB4506AA0] SSDT 8A9AE4C0 ZwSuspendProcess SSDT 8A9FDB10 ZwSuspendThread SSDT 8A95A0C8 ZwTerminateProcess SSDT 8AA1F5F8 ZwTerminateThread SSDT 8AA33FD0 ZwUnmapViewOfSection SSDT 8AAA11F8 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwYieldExecution + 186 804E49E0 4 Bytes CALL 9FD8E115 ? SYMDS.SYS Das System kann die angegebene Datei nicht finden. ! ? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6E993C0, 0x95B7EA, 0xE8000020] .text C:\WINDOWS\system32\drivers\SSHDRV79.sys section is writeable [0xB4651000, 0x2247E, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\SSHDRV79.sys entry point in ".pklstb" section [0xB4682000] .relo2 C:\WINDOWS\system32\drivers\SSHDRV79.sys unknown last section [0xB4697000, 0x8A, 0x42000040] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2B12300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7797300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 003A0048 .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0038004C .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003A0A0E .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 003A020E .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 003A012A .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 003A0682 .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 003A059E .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003A03D6 .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003A02F2 .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [59, 88, EB, F9] {POP ECX; MOV BL, CH; STC } .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003A04BA .text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[136] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 003A0766 .text D:\Programme\iTunes\iTunesHelper.exe[164] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text D:\Programme\iTunes\iTunesHelper.exe[164] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text D:\Programme\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text D:\Programme\iTunes\iTunesHelper.exe[164] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 003A0048 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0038004C .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 003A020E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 003A012A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 003A0682 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 003A059E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003A03D6 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003A02F2 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [59, 88, EB, F9] {POP ECX; MOV BL, CH; STC } .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003A04BA .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 003A0766 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[176] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003A0A0E .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00760048 .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0064004C .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0076020E .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0076012A .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00760682 .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0076059E .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 007603D6 .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 007602F2 .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [95, 88, EB, F9] {XCHG EBP, EAX; MOV BL, CH; STC } .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 007604BA .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00760766 .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[232] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 00760A0E .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\Creative\Shared Files\CTAudSvc.exe[344] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[480] ntdll.dll!DbgUiRemoteBreakin 7C9620EC 1 Byte [C3] .text C:\Programme\Skype\Phone\Skype.exe[492] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\Skype\Phone\Skype.exe[492] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\Skype\Phone\Skype.exe[492] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\Skype\Phone\Skype.exe[492] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 003B0048 .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0039004C .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 003B020E .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 003B012A .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 003B0682 .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 003B059E .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003B03D6 .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003B02F2 .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [5A, 88, EB, F9] {POP EDX; MOV BL, CH; STC } .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003B04BA .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 003B0766 .text C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe[552] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003B084A .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00760048 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0064004C .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0076020E .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0076012A .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00760682 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0076059E .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 007603D6 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 007602F2 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [95, 88, EB, F9] {XCHG EBP, EAX; MOV BL, CH; STC } .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 007604BA .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00760766 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe[584] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 00760A0E .text C:\Programme\Bonjour\mDNSResponder.exe[900] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\Bonjour\mDNSResponder.exe[900] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\Bonjour\mDNSResponder.exe[900] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\Bonjour\mDNSResponder.exe[900] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[904] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[964] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1152] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00380048 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0036004C .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0038084A .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0038020E .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0038012A .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00380682 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0038059E .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003803D6 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003802F2 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [57, 88, EB, F9] {PUSH EDI; MOV BL, CH; STC } .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003804BA .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[1316] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00380766 .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00300048 .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 002A004C .text C:\WINDOWS\system32\CTHELPER.EXE[1452] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0030084A .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0030020E .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0030012A .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00300682 .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0030059E .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003003D6 .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003002F2 .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [4F, 88, EB, F9] {DEC EDI; MOV BL, CH; STC } .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003004BA .text C:\WINDOWS\system32\CTHELPER.EXE[1452] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00300766 .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\Java\jre7\bin\jqs.exe[1764] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\Java\jre7\bin\jqs.exe[1764] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\WINDOWS\system32\nvsvc32.exe[2432] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\WINDOWS\system32\nvsvc32.exe[2432] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\WINDOWS\system32\nvsvc32.exe[2432] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\WINDOWS\system32\nvsvc32.exe[2432] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe[2568] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00630048 .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0051004C .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0063020E .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0063012A .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00630682 .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0063059E .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 006303D6 .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 006302F2 .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [82, 88, EB, F9] .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 006304BA .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00630766 .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[2640] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 00630A0E .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00630048 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0051004C .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0063020E .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0063012A .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00630682 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0063059E .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 006303D6 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 006302F2 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [82, 88, EB, F9] .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 006304BA .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00630766 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[3168] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 00630A0E .text C:\Programme\iPod\bin\iPodService.exe[4024] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 00390048 .text C:\Programme\iPod\bin\iPodService.exe[4024] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0037004C .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 0039020E .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 0039012A .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 00390682 .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 0039059E .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003903D6 .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003902F2 .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [58, 88, EB, F9] {POP EAX; MOV BL, CH; STC } .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003904BA .text C:\Programme\iPod\bin\iPodService.exe[4024] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 00390766 .text C:\Programme\iPod\bin\iPodService.exe[4024] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 003A0048 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ntdll.dll!NtTerminateThread 7C91DE7E 5 Bytes JMP 0038004C .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!OpenSCManagerW + A3 77DB6FF8 7 Bytes JMP 003A020E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!LogonUserExW + 461 77DC4A04 7 Bytes JMP 003A012A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!SystemFunction025 + 8D 77DC4C61 7 Bytes JMP 003A0682 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E06E64 7 Bytes JMP 003A059E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!ChangeServiceConfigA + 193 77E06FFC 7 Bytes JMP 003A03D6 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E0720C 2 Bytes JMP 003A02F2 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E0720F 4 Bytes [59, 88, EB, F9] {POP ECX; MOV BL, CH; STC } .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!CreateServiceA + 193 77E073A4 7 Bytes JMP 003A04BA .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] ADVAPI32.dll!CreateServiceW + 103 77E074AC 7 Bytes JMP 003A0766 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[4076] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003A0A0E ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ---- Ariadne |
14.05.2013, 10:47 | #3 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.PZitat:
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
14.05.2013, 12:39 | #4 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Anbei zwei Log-Dateien von Norton: Quarantäne: Code:
ATTFilter Kategorie: Quarantäne Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 27.10.2012 17:59:57,Hoch,Trojan.Ransomlock.P erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\dokumente und einstellungen\turtle\anwendungsdaten\thunderbird\profiles\8a51e8fu.default\mail\mx.versatel-1.de\inbox 03.10.2012 13:55:33,Hoch,Trojan.Ransomlock.P erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,mahnbescheid auftragsnummer 8300220.zip 26.09.2012 08:18:00,Hoch,Trojan.Ransomlock.P erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,weitere mahnung-17.09.2012.zip 26.05.2012 22:44:11,Hoch,Trojan.FakeAV erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,mahnung.zip 05.05.2012 09:08:02,Hoch,WS.SecRiskOther.1 erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,schreiben.zip Behobene Sicherheitsrisiken: Code:
ATTFilter Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 02.04.2013 21:04:39,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 10.02.2013 14:01:13,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 10.01.2013 20:41:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 02.01.2013 19:52:40,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 08.12.2012 12:32:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 29.11.2012 22:06:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 28.10.2012 14:03:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 27.10.2012 17:59:57,Hoch,Trojan.Ransomlock.P erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\dokumente und einstellungen\turtle\anwendungsdaten\thunderbird\profiles\8a51e8fu.default\mail\mx.versatel-1.de\inbox 27.10.2012 17:47:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 22.10.2012 08:07:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 03.10.2012 13:55:33,Hoch,Trojan.Ransomlock.P erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,mahnbescheid auftragsnummer 8300220.zip 26.09.2012 08:18:00,Hoch,Trojan.Ransomlock.P erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,weitere mahnung-17.09.2012.zip 09.09.2012 14:38:30,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 02.09.2012 20:37:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 03.08.2012 07:47:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 23.07.2012 21:21:14,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 11.07.2012 11:01:55,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 06.06.2012 16:43:41,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 30.05.2012 21:22:39,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 26.05.2012 22:44:11,Hoch,Trojan.FakeAV erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,mahnung.zip 06.05.2012 13:21:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 05.05.2012 09:08:02,Hoch,WS.SecRiskOther.1 erkannt von E-Mail-Scanner,Isoliert,Behoben - Keine Aktion erforderlich,schreiben.zip 02.05.2012 20:51:34,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 22.04.2012 13:16:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 15.04.2012 09:59:43,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 08.04.2012 09:51:10,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 31.03.2012 12:58:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 18.03.2012 12:16:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 10.03.2012 13:42:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 03.03.2012 16:31:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 05.02.2012 20:39:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 05.02.2012 13:49:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 29.01.2012 21:21:16,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 15.01.2012 12:50:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 08.01.2012 12:25:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 27.12.2011 09:42:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, Gruß Ariadne |
14.05.2013, 13:45 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Hm, Cookies und Funde in deiner Mailbox, aber ein paar andere Einträge in deinem OTL-Log gefallen mir nicht. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
14.05.2013, 20:51 | #6 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Hallo Cosinus, anbei die Combofix.txt: Code:
ATTFilter ComboFix 13-05-14.01 - Turtle 14.05.2013 21:21:34.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3199.2370 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Turtle\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokume~1\Turtle\LOKALE~1\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll c:\dokumente und einstellungen\Turtle\Lokale Einstellungen\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll c:\programme\xp-AntiSpy c:\programme\xp-AntiSpy\Uninstall.exe c:\programme\xp-AntiSpy\xp-AntiSpy.chm c:\programme\xp-AntiSpy\xp-AntiSpy.exe c:\programme\xp-AntiSpy\xp-AntiSpy.url F:\Autorun.inf G:\autorun.inf . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-14 bis 2013-05-14 )))))))))))))))))))))))))))))) . . 2013-05-12 22:01 . 2013-05-12 22:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-12 20:23 . 2013-05-13 19:08 -------- d-----w- c:\windows\system32\XPSViewer 2013-05-12 20:23 . 2013-05-12 20:23 -------- d-----w- c:\programme\MSBuild 2013-05-12 20:23 . 2013-05-12 20:23 -------- d-----w- c:\programme\Reference Assemblies 2013-05-12 20:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2013-05-12 20:22 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-05-12 20:22 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-05-12 20:22 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-05-12 20:22 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2013-05-12 20:22 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-05-12 20:22 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-05-12 20:10 . 2013-05-12 20:10 -------- d-----w- c:\programme\Microsoft 2013-04-19 06:01 . 2013-04-20 11:37 -------- d-----w- c:\windows\system32\drivers\NIS\1403010.016 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-12 22:00 . 2012-12-24 11:40 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-12 22:00 . 2012-01-22 16:36 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-12 22:00 . 2012-01-22 16:36 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-16 22:16 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:16 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-04-16 22:16 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:28 . 2011-12-26 17:53 385024 ------w- c:\windows\system32\html.iec 2013-04-12 14:00 . 2001-08-23 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys 2013-03-13 21:29 . 2012-09-16 11:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 21:29 . 2011-12-26 22:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 21:29 . 2013-03-13 21:29 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-03-08 08:36 . 2001-08-23 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2001-08-18 04:28 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-07 15:56 . 2001-08-23 12:00 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-27 07:56 . 2011-12-26 14:05 2067456 ----a-w- c:\windows\system32\mstscax.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesPreload"="c:\programme\Samsung\Kies\Kies.exe" [2012-07-02 975288] "KiesPDLR"="c:\programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21432] "Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-06-29 352256] "CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968] "CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296] "CanonSolutionMenuEx"="c:\programme\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640] "ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "CTHelper"="CTHELPER.EXE" [2010-03-18 19456] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352] "nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112] "APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2012-06-07 421776] "KiesTrayAgent"="c:\programme\Samsung\Kies\KiesTrayAgent.exe" [2012-07-02 3524536] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] "SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help] 2006-07-19 08:52 3167744 ----a-w- c:\program files\ASUS\ASUS DH Remote\AsRc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "d:\\Programme\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "d:\\Programme\\Steam\\Steam.exe"= "d:\\Programme\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"= "c:\\Programme\\Sybase\\SQL Anywhere 9\\win32\\dbsrv9.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1403010.016\symds.sys [19.04.2013 08:01 367704] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1403010.016\symefa.sys [19.04.2013 08:01 934488] R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx86.sys [09.05.2013 11:53 1000024] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1403010.016\ccsetx86.sys [19.04.2013 08:01 134304] R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [25.11.2012 01:56 75264] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1403010.016\ironx86.sys [19.04.2013 08:01 175264] R2 Lexware_Datenbank_Plus;Lexware Datenbank Plus;c:\programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -hvLexware_Datenbank_Plus --> c:\programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -hvLexware_Datenbank_Plus [?] R2 NIS;Norton Internet Security;c:\programme\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [19.04.2013 08:01 144520] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [08.04.2013 08:18 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [08.04.2013 08:18 1369624] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.03.2010 21:39 99416] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.03.2010 21:39 555096] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.03.2010 21:39 566360] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09.08.2012 19:54 106656] R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130511.001\IDSXpx86.sys [14.05.2013 20:14 373728] R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [10.03.2012 13:41 44227] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [26.12.2011 16:48 176128] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [08.04.2013 08:18 168384] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.07.2012 10:46 30312] S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [26.12.2011 16:36 5824] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.03.2010 21:39 99416] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [08.01.2012 14:30 79360] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.03.2010 21:39 555096] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.03.2010 21:39 100952] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.03.2010 21:39 100952] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.03.2010 21:39 566360] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.07.2012 10:46 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.07.2012 10:46 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.07.2012 10:46 136808] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 21:29] . 2013-05-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2013-04-08 12:08] . 2013-04-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2013-04-08 12:07] . 2013-04-08 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2013-04-08 12:07] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://email.sanofi-aventis.com/exchweb/controls/DAX.cab FF - ProfilePath - c:\dokumente und einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\ FF - prefs.js: browser.startup.homepage - www.google.de FF - ExtSQL: 2013-05-13 20:54; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-KiesAirMessage - c:\programme\Samsung\Kies\KiesAirMessage.exe Notify-SDWinLogon - SDWinLogon.dll AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-05-14 21:34 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? CTHelper = CTHELPER.EXE? . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS] "ImagePath"="\"c:\programme\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programme\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(580) c:\windows\system32\ctagent.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Creative\Shared Files\CTAudSvc.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\Java\jre7\bin\jqs.exe c:\programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\CTHELPER.EXE c:\windows\system32\RUNDLL32.EXE c:\programme\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-05-14 21:43:31 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-05-14 19:43 . Vor Suchlauf: 8 Verzeichnis(se), 97.954.160.640 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 98.279.284.736 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 0D3E4EEC8CB0DA40284DFE2250841C5D Ariadne |
15.05.2013, 10:36 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
15.05.2013, 21:59 | #8 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Anbei die geforderten Logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.15.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Turtle :: TURTLETANK [administrator] 15.05.2013 19:42:52 mbar-log-2013-05-15 (19-42-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26716 Time elapsed: 59 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-15 19:50:48 ----------------------------- 19:50:48.859 OS Version: Windows 5.1.2600 Service Pack 3 19:50:48.859 Number of processors: 2 586 0xF06 19:50:48.859 ComputerName: TURTLETANK UserName: Turtle 19:50:52.125 Initialize success 19:54:04.359 AVAST engine defs: 13051500 19:54:40.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 19:54:40.968 Disk 0 Vendor: HDT722525DLA380 V44OA9BA Size: 238475MB BusType: 3 19:54:41.062 Disk 0 MBR read successfully 19:54:41.062 Disk 0 MBR scan 19:54:41.125 Disk 0 Windows XP default MBR code 19:54:41.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63 19:54:41.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 107411 MB offset 268414020 19:54:41.156 Disk 0 scanning sectors +488392065 19:54:41.234 Disk 0 scanning C:\WINDOWS\system32\drivers 19:55:08.000 Service scanning 19:55:50.109 Modules scanning 19:56:08.796 Disk 0 trace - called modules: 19:56:08.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 19:56:09.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5aab8] 19:56:09.312 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ac45d98] 19:56:10.796 AVAST engine scan C:\WINDOWS 19:56:24.125 AVAST engine scan C:\WINDOWS\system32 20:06:07.156 AVAST engine scan C:\WINDOWS\system32\drivers 20:07:08.828 AVAST engine scan C:\Dokumente und Einstellungen\Turtle 20:19:51.500 AVAST engine scan C:\Dokumente und Einstellungen\All Users 20:39:47.500 Scan finished successfully 22:44:57.343 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Turtle\Desktop\MBR.dat" 22:44:57.343 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Turtle\Desktop\aswMBR.txt" Code:
ATTFilter 22:49:15.0234 0820 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:49:16.0421 0820 ============================================================ 22:49:16.0421 0820 Current date / time: 2013/05/15 22:49:16.0421 22:49:16.0421 0820 SystemInfo: 22:49:16.0421 0820 22:49:16.0421 0820 OS Version: 5.1.2600 ServicePack: 3.0 22:49:16.0421 0820 Product type: Workstation 22:49:16.0421 0820 ComputerName: TURTLETANK 22:49:16.0421 0820 UserName: Turtle 22:49:16.0421 0820 Windows directory: C:\WINDOWS 22:49:16.0421 0820 System windows directory: C:\WINDOWS 22:49:16.0421 0820 Processor architecture: Intel x86 22:49:16.0421 0820 Number of processors: 2 22:49:16.0421 0820 Page size: 0x1000 22:49:16.0421 0820 Boot type: Normal boot 22:49:16.0421 0820 ============================================================ 22:49:18.0171 0820 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:49:18.0171 0820 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:49:24.0281 0820 Drive \Device\Harddisk2\DR4 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:49:31.0343 0820 ============================================================ 22:49:31.0343 0820 \Device\Harddisk0\DR0: 22:49:31.0359 0820 MBR partitions: 22:49:31.0359 0820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05 22:49:31.0359 0820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0xD1C993D 22:49:31.0359 0820 \Device\Harddisk1\DR3: 22:49:31.0359 0820 MBR partitions: 22:49:31.0359 0820 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982 22:49:31.0359 0820 \Device\Harddisk2\DR4: 22:49:31.0359 0820 MBR partitions: 22:49:31.0359 0820 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000 22:49:31.0359 0820 ============================================================ 22:49:31.0390 0820 C: <-> \Device\Harddisk0\DR0\Partition1 22:49:31.0421 0820 D: <-> \Device\Harddisk0\DR0\Partition2 22:49:31.0421 0820 F: <-> \Device\Harddisk1\DR3\Partition1 22:49:31.0453 0820 G: <-> \Device\Harddisk2\DR4\Partition1 22:49:31.0453 0820 ============================================================ 22:49:31.0453 0820 Initialize success 22:49:31.0453 0820 ============================================================ 22:50:03.0218 0504 ============================================================ 22:50:03.0218 0504 Scan started 22:50:03.0218 0504 Mode: Manual; SigCheck; TDLFS; 22:50:03.0218 0504 ============================================================ 22:50:03.0531 0504 ================ Scan system memory ======================== 22:50:03.0531 0504 System memory - ok 22:50:03.0531 0504 ================ Scan services ============================= 22:50:03.0765 0504 Abiosdsk - ok 22:50:03.0781 0504 abp480n5 - ok 22:50:03.0843 0504 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:50:08.0015 0504 ACPI - ok 22:50:08.0031 0504 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 22:50:08.0156 0504 ACPIEC - ok 22:50:08.0265 0504 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:50:08.0328 0504 AdobeFlashPlayerUpdateSvc - ok 22:50:08.0328 0504 adpu160m - ok 22:50:08.0406 0504 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 22:50:08.0515 0504 aec - ok 22:50:08.0546 0504 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys 22:50:08.0562 0504 AegisP ( UnsignedFile.Multi.Generic ) - warning 22:50:08.0562 0504 AegisP - detected UnsignedFile.Multi.Generic (1) 22:50:08.0625 0504 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 22:50:08.0718 0504 AFD - ok 22:50:08.0718 0504 Aha154x - ok 22:50:08.0718 0504 aic78u2 - ok 22:50:08.0718 0504 aic78xx - ok 22:50:08.0750 0504 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 22:50:08.0843 0504 Alerter - ok 22:50:08.0875 0504 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 22:50:09.0093 0504 ALG - ok 22:50:09.0109 0504 AliIde - ok 22:50:09.0109 0504 amsint - ok 22:50:09.0140 0504 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys 22:50:09.0312 0504 androidusb - ok 22:50:09.0390 0504 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:50:09.0421 0504 Apple Mobile Device - ok 22:50:09.0421 0504 AppMgmt - ok 22:50:09.0468 0504 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:50:09.0578 0504 Arp1394 - ok 22:50:09.0578 0504 asc - ok 22:50:09.0578 0504 asc3350p - ok 22:50:09.0578 0504 asc3550 - ok 22:50:09.0593 0504 [ 19A1DAC5BC607C212E8A94C05886ED52 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys 22:50:09.0609 0504 AsIO ( UnsignedFile.Multi.Generic ) - warning 22:50:09.0609 0504 AsIO - detected UnsignedFile.Multi.Generic (1) 22:50:09.0718 0504 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 22:50:09.0734 0504 aspnet_state - ok 22:50:09.0750 0504 [ DE91D0D73C3E61E6826D98FAC2FAC729 ] Asushwio C:\WINDOWS\System32\drivers\Asushwio.sys 22:50:09.0781 0504 Asushwio ( UnsignedFile.Multi.Generic ) - warning 22:50:09.0781 0504 Asushwio - detected UnsignedFile.Multi.Generic (1) 22:50:09.0796 0504 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:50:09.0890 0504 AsyncMac - ok 22:50:10.0031 0504 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 22:50:10.0140 0504 atapi - ok 22:50:10.0140 0504 Atdisk - ok 22:50:10.0234 0504 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys 22:50:10.0375 0504 atksgt - ok 22:50:10.0406 0504 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:50:10.0500 0504 Atmarpc - ok 22:50:10.0531 0504 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 22:50:10.0625 0504 AudioSrv - ok 22:50:10.0640 0504 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 22:50:10.0781 0504 audstub - ok 22:50:10.0812 0504 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 22:50:11.0015 0504 Beep - ok 22:50:11.0421 0504 [ 89BF5550E4FC31E3FE728E68C558BF10 ] BHDrvx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx86.sys 22:50:12.0046 0504 BHDrvx86 - ok 22:50:12.0187 0504 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 22:50:12.0453 0504 BITS - ok 22:50:12.0578 0504 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 22:50:12.0765 0504 Bonjour Service - ok 22:50:12.0812 0504 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 22:50:13.0015 0504 Browser - ok 22:50:13.0046 0504 catchme - ok 22:50:13.0078 0504 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 22:50:13.0187 0504 cbidf2k - ok 22:50:13.0265 0504 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1403010.016\ccSetx86.sys 22:50:13.0312 0504 ccSet_NIS - ok 22:50:13.0312 0504 cd20xrnt - ok 22:50:13.0343 0504 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 22:50:13.0437 0504 Cdaudio - ok 22:50:13.0468 0504 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 22:50:13.0578 0504 Cdfs - ok 22:50:13.0625 0504 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:50:13.0734 0504 Cdrom - ok 22:50:13.0734 0504 Changer - ok 22:50:13.0765 0504 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc C:\WINDOWS\system32\cisvc.exe 22:50:14.0015 0504 cisvc - ok 22:50:14.0062 0504 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 22:50:14.0171 0504 ClipSrv - ok 22:50:14.0250 0504 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:50:14.0281 0504 clr_optimization_v2.0.50727_32 - ok 22:50:14.0343 0504 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:50:14.0421 0504 clr_optimization_v4.0.30319_32 - ok 22:50:14.0421 0504 CmdIde - ok 22:50:14.0468 0504 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX C:\WINDOWS\system32\drivers\COMMONFX.SYS 22:50:14.0531 0504 COMMONFX - ok 22:50:14.0531 0504 COMMONFX.DLL - ok 22:50:14.0562 0504 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX.SYS C:\WINDOWS\System32\drivers\COMMONFX.SYS 22:50:14.0578 0504 COMMONFX.SYS - ok 22:50:14.0578 0504 COMSysApp - ok 22:50:14.0593 0504 Cpqarray - ok 22:50:14.0640 0504 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe 22:50:14.0703 0504 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 22:50:14.0703 0504 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 22:50:14.0781 0504 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 22:50:15.0046 0504 CryptSvc - ok 22:50:15.0109 0504 [ 6191A973461852A09D643609E1D5F7C6 ] CT20XUT.DLL C:\WINDOWS\system32\CT20XUT.DLL 22:50:15.0218 0504 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - warning 22:50:15.0218 0504 CT20XUT.DLL - detected UnsignedFile.Multi.Generic (1) 22:50:15.0375 0504 [ 357C534B38019B597F51C8BF7186C118 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys 22:50:15.0609 0504 ctac32k - ok 22:50:15.0796 0504 [ 691F8259A1F9C983356D8DB2CDE8043C ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys 22:50:16.0125 0504 ctaud2k - ok 22:50:16.0296 0504 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX C:\WINDOWS\system32\drivers\CTAUDFX.SYS 22:50:16.0531 0504 CTAUDFX - ok 22:50:16.0531 0504 CTAUDFX.DLL - ok 22:50:16.0671 0504 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX.SYS C:\WINDOWS\System32\drivers\CTAUDFX.SYS 22:50:16.0765 0504 CTAUDFX.SYS - ok 22:50:16.0875 0504 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Programme\Creative\Shared Files\CTAudSvc.exe 22:50:16.0984 0504 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 22:50:16.0984 0504 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 22:50:17.0109 0504 [ 8545D70B0335A05498F34E7E3F8CA9A2 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys 22:50:17.0296 0504 ctdvda2k - ok 22:50:17.0359 0504 [ 6A57F82009563AEE8826F117E1D3C72C ] CTEAPSFX.DLL C:\WINDOWS\system32\CTEAPSFX.DLL 22:50:17.0421 0504 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - warning 22:50:17.0421 0504 CTEAPSFX.DLL - detected UnsignedFile.Multi.Generic (1) 22:50:17.0515 0504 [ C8AC1FFAEADD655193D7B1811A572D8D ] CTEDSPFX.DLL C:\WINDOWS\system32\CTEDSPFX.DLL 22:50:17.0609 0504 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - warning 22:50:17.0609 0504 CTEDSPFX.DLL - detected UnsignedFile.Multi.Generic (1) 22:50:17.0656 0504 [ 44495D9DAF675257D00B25B041EE6667 ] CTEDSPIO.DLL C:\WINDOWS\system32\CTEDSPIO.DLL 22:50:17.0703 0504 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - warning 22:50:17.0703 0504 CTEDSPIO.DLL - detected UnsignedFile.Multi.Generic (1) 22:50:17.0796 0504 [ 8E90B1762CB42E2FC76DAC9210C83C66 ] CTEDSPSY.DLL C:\WINDOWS\system32\CTEDSPSY.DLL 22:50:17.0890 0504 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - warning 22:50:17.0890 0504 CTEDSPSY.DLL - detected UnsignedFile.Multi.Generic (1) 22:50:17.0937 0504 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX C:\WINDOWS\system32\drivers\CTERFXFX.SYS 22:50:17.0984 0504 CTERFXFX - ok 22:50:18.0000 0504 CTERFXFX.DLL - ok 22:50:18.0015 0504 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX.SYS C:\WINDOWS\System32\drivers\CTERFXFX.SYS 22:50:18.0031 0504 CTERFXFX.SYS - ok 22:50:18.0390 0504 [ 2C48E9D8CA703964463F27AE341115B7 ] CTEXFIFX.DLL C:\WINDOWS\system32\CTEXFIFX.DLL 22:50:19.0046 0504 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - warning 22:50:19.0046 0504 CTEXFIFX.DLL - detected UnsignedFile.Multi.Generic (1) 22:50:19.0078 0504 [ F7657C598E7C29C6683C1E4A8DD68884 ] CTHWIUT.DLL C:\WINDOWS\system32\CTHWIUT.DLL 22:50:19.0109 0504 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - warning 22:50:19.0109 0504 CTHWIUT.DLL - detected UnsignedFile.Multi.Generic (1) 22:50:19.0140 0504 [ 4D71541283AEA28FB839007BE90B5FC7 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys 22:50:19.0156 0504 ctprxy2k - ok 22:50:19.0312 0504 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX C:\WINDOWS\system32\drivers\CTSBLFX.SYS 22:50:19.0546 0504 CTSBLFX - ok 22:50:19.0546 0504 CTSBLFX.DLL - ok 22:50:19.0703 0504 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX.SYS C:\WINDOWS\System32\drivers\CTSBLFX.SYS 22:50:19.0781 0504 CTSBLFX.SYS - ok 22:50:19.0843 0504 [ 632194572EBDE8D461728CF382A7E964 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys 22:50:19.0890 0504 ctsfm2k - ok 22:50:19.0906 0504 dac2w2k - ok 22:50:19.0906 0504 dac960nt - ok 22:50:20.0062 0504 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 22:50:20.0281 0504 DcomLaunch - ok 22:50:20.0343 0504 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 22:50:20.0468 0504 Dhcp - ok 22:50:20.0500 0504 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 22:50:20.0593 0504 Disk - ok 22:50:20.0609 0504 dmadmin - ok 22:50:20.0875 0504 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 22:50:21.0718 0504 dmboot - ok 22:50:21.0765 0504 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 22:50:21.0890 0504 dmio - ok 22:50:21.0906 0504 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 22:50:22.0000 0504 dmload - ok 22:50:22.0015 0504 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 22:50:22.0109 0504 dmserver - ok 22:50:22.0140 0504 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 22:50:22.0250 0504 DMusic - ok 22:50:22.0296 0504 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 22:50:22.0343 0504 Dnscache - ok 22:50:22.0406 0504 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 22:50:22.0484 0504 Dot3svc - ok 22:50:22.0484 0504 dpti2o - ok 22:50:22.0484 0504 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 22:50:22.0562 0504 drmkaud - ok 22:50:22.0578 0504 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 22:50:22.0656 0504 EapHost - ok 22:50:22.0796 0504 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys 22:50:22.0984 0504 eeCtrl - ok 22:50:23.0031 0504 [ BACD9CC06D7A787E529E7EBF56B671AA ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys 22:50:23.0062 0504 emupia - ok 22:50:23.0125 0504 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 22:50:23.0156 0504 EraserUtilRebootDrv - ok 22:50:23.0203 0504 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 22:50:23.0296 0504 ERSvc - ok 22:50:23.0359 0504 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 22:50:23.0406 0504 Eventlog - ok 22:50:23.0484 0504 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll 22:50:23.0593 0504 EventSystem - ok 22:50:23.0656 0504 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 22:50:23.0796 0504 Fastfat - ok 22:50:23.0859 0504 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 22:50:23.0984 0504 FastUserSwitchingCompatibility - ok 22:50:24.0015 0504 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 22:50:24.0093 0504 Fdc - ok 22:50:24.0109 0504 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 22:50:24.0203 0504 Fips - ok 22:50:24.0203 0504 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 22:50:24.0328 0504 Flpydisk - ok 22:50:24.0375 0504 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 22:50:24.0484 0504 FltMgr - ok 22:50:24.0546 0504 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:50:24.0578 0504 FontCache3.0.0.0 - ok 22:50:24.0593 0504 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:50:24.0671 0504 Fs_Rec - ok 22:50:24.0718 0504 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:50:24.0843 0504 Ftdisk - ok 22:50:24.0859 0504 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys 22:50:24.0953 0504 gameenum - ok 22:50:24.0984 0504 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:50:25.0000 0504 GEARAspiWDM - ok 22:50:25.0031 0504 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:50:25.0125 0504 Gpc - ok 22:50:25.0343 0504 [ 70606233F3ED0E53CB3EA17F846D6A4F ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys 22:50:25.0703 0504 ha10kx2k - ok 22:50:25.0765 0504 [ A0C69AD2A61E576B0207ACDD9626E167 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys 22:50:25.0812 0504 hap16v2k - ok 22:50:25.0890 0504 [ 2EE89452C574D259ADA4FC9FC1C07243 ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys 22:50:25.0984 0504 hap17v2k - ok 22:50:26.0046 0504 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:50:26.0171 0504 HDAudBus - ok 22:50:26.0234 0504 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:50:26.0328 0504 helpsvc - ok 22:50:26.0359 0504 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 22:50:26.0453 0504 HidServ - ok 22:50:26.0484 0504 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:50:26.0562 0504 hidusb - ok 22:50:26.0609 0504 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 22:50:26.0671 0504 hkmsvc - ok 22:50:26.0671 0504 hpn - ok 22:50:26.0687 0504 hpt3xx - ok 22:50:26.0781 0504 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 22:50:26.0890 0504 HTTP - ok 22:50:26.0906 0504 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 22:50:27.0015 0504 HTTPFilter - ok 22:50:27.0015 0504 i2omgmt - ok 22:50:27.0015 0504 i2omp - ok 22:50:27.0046 0504 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:50:27.0140 0504 i8042prt - ok 22:50:27.0218 0504 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe 22:50:27.0250 0504 IDriverT ( UnsignedFile.Multi.Generic ) - warning 22:50:27.0250 0504 IDriverT - detected UnsignedFile.Multi.Generic (1) 22:50:27.0515 0504 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:50:27.0984 0504 idsvc - ok 22:50:28.0156 0504 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130514.001\IDSxpx86.sys 22:50:28.0343 0504 IDSxpx86 - ok 22:50:28.0375 0504 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 22:50:28.0484 0504 Imapi - ok 22:50:28.0546 0504 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 22:50:28.0671 0504 ImapiService - ok 22:50:28.0671 0504 ini910u - ok 22:50:28.0671 0504 IntelIde - ok 22:50:28.0703 0504 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:50:28.0796 0504 intelppm - ok 22:50:28.0828 0504 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys 22:50:28.0906 0504 ip6fw - ok 22:50:28.0937 0504 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:50:29.0078 0504 IpFilterDriver - ok 22:50:29.0093 0504 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:50:29.0171 0504 IpInIp - ok 22:50:29.0218 0504 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:50:29.0328 0504 IpNat - ok 22:50:29.0578 0504 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Programme\iPod\bin\iPodService.exe 22:50:29.0953 0504 iPod Service - ok 22:50:30.0000 0504 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:50:30.0109 0504 IPSec - ok 22:50:30.0140 0504 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 22:50:30.0218 0504 IRENUM - ok 22:50:30.0250 0504 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:50:30.0343 0504 isapnp - ok 22:50:30.0453 0504 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 22:50:30.0500 0504 JavaQuickStarterService - ok 22:50:30.0515 0504 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys 22:50:30.0515 0504 JGOGO ( UnsignedFile.Multi.Generic ) - warning 22:50:30.0531 0504 JGOGO - detected UnsignedFile.Multi.Generic (1) 22:50:30.0531 0504 [ B90BC78C29108F7EDF86AEF4642A0382 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys 22:50:30.0562 0504 JRAID ( UnsignedFile.Multi.Generic ) - warning 22:50:30.0562 0504 JRAID - detected UnsignedFile.Multi.Generic (1) 22:50:30.0578 0504 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:50:30.0671 0504 Kbdclass - ok 22:50:30.0718 0504 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 22:50:30.0890 0504 kmixer - ok 22:50:30.0953 0504 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 22:50:31.0031 0504 KSecDD - ok 22:50:31.0093 0504 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 22:50:31.0156 0504 lanmanserver - ok 22:50:31.0218 0504 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 22:50:31.0281 0504 lanmanworkstation - ok 22:50:31.0281 0504 lbrtfdc - ok 22:50:31.0328 0504 Lexware_Datenbank_Plus - ok 22:50:31.0343 0504 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys 22:50:31.0359 0504 lirsgt - ok 22:50:31.0390 0504 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 22:50:31.0484 0504 LmHosts - ok 22:50:31.0515 0504 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys 22:50:31.0562 0504 mbamchameleon - ok 22:50:31.0578 0504 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 22:50:31.0687 0504 Messenger - ok 22:50:31.0718 0504 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 22:50:31.0796 0504 mnmdd - ok 22:50:31.0828 0504 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe 22:50:31.0921 0504 mnmsrvc - ok 22:50:32.0109 0504 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 22:50:32.0203 0504 Modem - ok 22:50:32.0218 0504 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:50:32.0312 0504 Mouclass - ok 22:50:32.0328 0504 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:50:32.0406 0504 mouhid - ok 22:50:32.0437 0504 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 22:50:32.0531 0504 MountMgr - ok 22:50:32.0609 0504 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 22:50:32.0656 0504 MozillaMaintenance - ok 22:50:32.0656 0504 mraid35x - ok 22:50:32.0718 0504 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:50:32.0843 0504 MRxDAV - ok 22:50:33.0125 0504 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:50:33.0343 0504 MRxSmb - ok 22:50:33.0375 0504 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe 22:50:33.0453 0504 MSDTC - ok 22:50:33.0453 0504 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 22:50:33.0546 0504 Msfs - ok 22:50:33.0546 0504 MSIServer - ok 22:50:33.0578 0504 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:50:33.0656 0504 MSKSSRV - ok 22:50:33.0671 0504 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:50:33.0765 0504 MSPCLOCK - ok 22:50:33.0765 0504 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 22:50:33.0843 0504 MSPQM - ok 22:50:33.0890 0504 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:50:34.0062 0504 mssmbios - ok 22:50:34.0109 0504 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys 22:50:34.0140 0504 MTsensor - ok 22:50:34.0203 0504 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 22:50:34.0281 0504 Mup - ok 22:50:34.0390 0504 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 22:50:34.0562 0504 napagent - ok 22:50:34.0640 0504 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130515.003\NAVENG.SYS 22:50:34.0687 0504 NAVENG - ok 22:50:35.0265 0504 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130515.003\NAVEX15.SYS 22:50:36.0234 0504 NAVEX15 - ok 22:50:36.0296 0504 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 22:50:36.0421 0504 NDIS - ok 22:50:36.0453 0504 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:50:36.0484 0504 NdisTapi - ok 22:50:36.0546 0504 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:50:36.0625 0504 Ndisuio - ok 22:50:36.0656 0504 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:50:36.0750 0504 NdisWan - ok 22:50:36.0796 0504 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 22:50:36.0859 0504 NDProxy - ok 22:50:36.0890 0504 [ 58B29812B8D23501D15D85DD72EACB34 ] NeroCd2k C:\WINDOWS\system32\drivers\NeroCd2k.sys 22:50:36.0890 0504 NeroCd2k ( UnsignedFile.Multi.Generic ) - warning 22:50:36.0890 0504 NeroCd2k - detected UnsignedFile.Multi.Generic (1) 22:50:36.0921 0504 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 22:50:37.0093 0504 NetBIOS - ok 22:50:37.0156 0504 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 22:50:37.0281 0504 NetBT - ok 22:50:37.0343 0504 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 22:50:37.0453 0504 NetDDE - ok 22:50:37.0484 0504 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 22:50:37.0578 0504 NetDDEdsdm - ok 22:50:37.0609 0504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 22:50:37.0687 0504 Netlogon - ok 22:50:37.0750 0504 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 22:50:37.0890 0504 Netman - ok 22:50:37.0968 0504 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:50:38.0109 0504 NetTcpPortSharing - ok 22:50:38.0156 0504 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:50:38.0250 0504 NIC1394 - ok 22:50:38.0359 0504 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Programme\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe 22:50:38.0359 0504 NIS - ok 22:50:38.0437 0504 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 22:50:38.0531 0504 Nla - ok 22:50:38.0562 0504 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 22:50:38.0640 0504 Npfs - ok 22:50:38.0796 0504 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 22:50:39.0203 0504 Ntfs - ok 22:50:39.0218 0504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 22:50:39.0296 0504 NtLmSsp - ok 22:50:39.0421 0504 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 22:50:39.0593 0504 NtmsSvc - ok 22:50:39.0609 0504 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 22:50:40.0046 0504 Null - ok 22:50:44.0265 0504 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:50:51.0375 0504 nv - ok 22:50:51.0437 0504 [ B2F5AC506C9B1103827B62BA18A2C514 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 22:50:51.0515 0504 NVSvc - ok 22:50:51.0562 0504 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:50:51.0656 0504 NwlnkFlt - ok 22:50:51.0656 0504 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:50:51.0750 0504 NwlnkFwd - ok 22:50:51.0921 0504 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 22:50:52.0125 0504 odserv - ok 22:50:52.0156 0504 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:50:52.0265 0504 ohci1394 - ok 22:50:52.0312 0504 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 22:50:52.0375 0504 ose - ok 22:50:52.0421 0504 [ AE896073E1BBF98FEFC2EC52F62C0FBA ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys 22:50:52.0468 0504 ossrv - ok 22:50:52.0500 0504 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 22:50:52.0609 0504 Parport - ok 22:50:52.0625 0504 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 22:50:52.0703 0504 PartMgr - ok 22:50:52.0718 0504 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 22:50:52.0796 0504 ParVdm - ok 22:50:52.0843 0504 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 22:50:52.0937 0504 PCI - ok 22:50:52.0953 0504 PCIDump - ok 22:50:52.0968 0504 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 22:50:53.0046 0504 PCIIde - ok 22:50:53.0109 0504 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 22:50:53.0171 0504 Pcmcia - ok 22:50:53.0171 0504 PDCOMP - ok 22:50:53.0187 0504 PDFRAME - ok 22:50:53.0187 0504 PDRELI - ok 22:50:53.0187 0504 PDRFRAME - ok 22:50:53.0187 0504 perc2 - ok 22:50:53.0187 0504 perc2hib - ok 22:50:53.0234 0504 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 22:50:53.0250 0504 PlugPlay - ok 22:50:53.0265 0504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 22:50:53.0328 0504 PolicyAgent - ok 22:50:53.0375 0504 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:50:53.0468 0504 PptpMiniport - ok 22:50:53.0500 0504 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 22:50:53.0593 0504 Processor - ok 22:50:53.0593 0504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 22:50:53.0671 0504 ProtectedStorage - ok 22:50:53.0687 0504 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 22:50:53.0781 0504 PSched - ok 22:50:53.0812 0504 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:50:53.0921 0504 Ptilink - ok 22:50:53.0953 0504 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:50:53.0968 0504 PxHelp20 - ok 22:50:53.0968 0504 ql1080 - ok 22:50:53.0968 0504 Ql10wnt - ok 22:50:53.0968 0504 ql12160 - ok 22:50:53.0968 0504 ql1240 - ok 22:50:53.0984 0504 ql1280 - ok 22:50:54.0000 0504 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:50:54.0109 0504 RasAcd - ok 22:50:54.0156 0504 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 22:50:54.0234 0504 RasAuto - ok 22:50:54.0250 0504 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:50:54.0359 0504 Rasl2tp - ok 22:50:54.0437 0504 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 22:50:54.0562 0504 RasMan - ok 22:50:54.0578 0504 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:50:54.0656 0504 RasPppoe - ok 22:50:54.0671 0504 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 22:50:54.0765 0504 Raspti - ok 22:50:54.0828 0504 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:50:54.0968 0504 Rdbss - ok 22:50:54.0984 0504 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:50:55.0062 0504 RDPCDD - ok 22:50:55.0140 0504 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 22:50:55.0187 0504 RDPWD - ok 22:50:55.0250 0504 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 22:50:55.0375 0504 RDSessMgr - ok 22:50:55.0390 0504 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 22:50:55.0500 0504 redbook - ok 22:50:55.0531 0504 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 22:50:55.0625 0504 RemoteAccess - ok 22:50:55.0656 0504 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe 22:50:55.0750 0504 RpcLocator - ok 22:50:55.0859 0504 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll 22:50:55.0984 0504 RpcSs - ok 22:50:56.0031 0504 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe 22:50:56.0140 0504 RSVP - ok 22:50:56.0203 0504 [ 05552E37B5C0B53B7E4B95A850447E85 ] RTLWUSB C:\WINDOWS\system32\DRIVERS\RTL8187.sys 22:50:56.0296 0504 RTLWUSB - ok 22:50:56.0328 0504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 22:50:56.0406 0504 SamSs - ok 22:50:56.0453 0504 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 22:50:56.0562 0504 SCardSvr - ok 22:50:56.0640 0504 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 22:50:56.0781 0504 Schedule - ok 22:50:57.0125 0504 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe 22:50:57.0656 0504 SDScannerService - ok 22:50:58.0046 0504 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe 22:50:58.0718 0504 SDUpdateService - ok 22:50:58.0796 0504 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe 22:50:58.0859 0504 SDWSCService - ok 22:50:58.0890 0504 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:50:58.0968 0504 Secdrv - ok 22:50:58.0984 0504 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 22:50:59.0078 0504 seclogon - ok 22:50:59.0109 0504 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 22:50:59.0203 0504 SENS - ok 22:50:59.0218 0504 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 22:50:59.0296 0504 serenum - ok 22:50:59.0328 0504 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 22:50:59.0421 0504 Serial - ok 22:50:59.0437 0504 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 22:50:59.0515 0504 Sfloppy - ok 22:50:59.0625 0504 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 22:50:59.0875 0504 SharedAccess - ok 22:50:59.0921 0504 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 22:50:59.0937 0504 ShellHWDetection - ok 22:50:59.0937 0504 Simbad - ok 22:51:00.0000 0504 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 22:51:00.0109 0504 SkypeUpdate - ok 22:51:00.0109 0504 Sparrow - ok 22:51:00.0140 0504 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 22:51:00.0234 0504 splitter - ok 22:51:00.0265 0504 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 22:51:00.0328 0504 Spooler - ok 22:51:00.0359 0504 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 22:51:00.0468 0504 sr - ok 22:51:00.0531 0504 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 22:51:00.0656 0504 srservice - ok 22:51:00.0843 0504 [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1403010.016\SRTSP.SYS 22:51:01.0156 0504 SRTSP - ok 22:51:01.0171 0504 [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1403010.016\SRTSPX.SYS 22:51:01.0187 0504 SRTSPX - ok 22:51:01.0312 0504 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 22:51:01.0546 0504 Srv - ok 22:51:01.0593 0504 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys 22:51:01.0656 0504 ssadbus - ok 22:51:01.0687 0504 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 22:51:01.0734 0504 ssadmdfl - ok 22:51:01.0781 0504 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 22:51:01.0843 0504 ssadmdm - ok 22:51:01.0890 0504 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 22:51:01.0984 0504 SSDPSRV - ok 22:51:02.0031 0504 [ B4710B65D78849DD7743B8998162C2FC ] SSHDRV79 C:\WINDOWS\system32\drivers\SSHDRV79.sys 22:51:02.0062 0504 SSHDRV79 ( UnsignedFile.Multi.Generic ) - warning 22:51:02.0062 0504 SSHDRV79 - detected UnsignedFile.Multi.Generic (1) 22:51:02.0078 0504 Steam Client Service - ok 22:51:02.0171 0504 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 22:51:02.0421 0504 stisvc - ok 22:51:02.0453 0504 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 22:51:02.0531 0504 swenum - ok 22:51:02.0562 0504 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 22:51:02.0671 0504 swmidi - ok 22:51:02.0671 0504 SwPrv - ok 22:51:02.0671 0504 symc810 - ok 22:51:02.0671 0504 symc8xx - ok 22:51:02.0796 0504 [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS C:\WINDOWS\system32\drivers\NIS\1403010.016\SYMDS.SYS 22:51:02.0968 0504 SymDS - ok 22:51:03.0281 0504 [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA C:\WINDOWS\system32\drivers\NIS\1403010.016\SYMEFA.SYS 22:51:03.0765 0504 SymEFA - ok 22:51:03.0828 0504 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 22:51:03.0875 0504 SymEvent - ok 22:51:03.0937 0504 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1403010.016\Ironx86.SYS 22:51:04.0000 0504 SymIRON - ok 22:51:04.0171 0504 [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1403010.016\SYMTDI.SYS 22:51:04.0359 0504 SYMTDI - ok 22:51:04.0359 0504 sym_hi - ok 22:51:04.0359 0504 sym_u3 - ok 22:51:04.0390 0504 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 22:51:04.0484 0504 sysaudio - ok 22:51:04.0546 0504 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 22:51:04.0640 0504 SysmonLog - ok 22:51:04.0734 0504 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 22:51:04.0890 0504 TapiSrv - ok 22:51:05.0000 0504 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:51:05.0203 0504 Tcpip - ok 22:51:05.0234 0504 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 22:51:05.0312 0504 TDPIPE - ok 22:51:05.0343 0504 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 22:51:05.0406 0504 TDTCP - ok 22:51:05.0437 0504 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 22:51:05.0531 0504 TermDD - ok 22:51:05.0625 0504 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 22:51:05.0796 0504 TermService - ok 22:51:05.0843 0504 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 22:51:05.0859 0504 Themes - ok 22:51:05.0859 0504 TosIde - ok 22:51:05.0890 0504 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 22:51:05.0984 0504 TrkWks - ok 22:51:06.0031 0504 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 22:51:06.0125 0504 Udfs - ok 22:51:06.0125 0504 ultra - ok 22:51:06.0250 0504 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 22:51:06.0546 0504 Update - ok 22:51:06.0609 0504 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 22:51:06.0734 0504 upnphost - ok 22:51:06.0765 0504 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 22:51:06.0843 0504 UPS - ok 22:51:06.0890 0504 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 22:51:06.0937 0504 USBAAPL - ok 22:51:06.0984 0504 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 22:51:07.0109 0504 usbaudio - ok 22:51:07.0156 0504 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:51:07.0234 0504 usbccgp - ok 22:51:07.0265 0504 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:51:07.0343 0504 usbehci - ok 22:51:07.0375 0504 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:51:07.0484 0504 usbhub - ok 22:51:07.0515 0504 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:51:07.0593 0504 usbscan - ok 22:51:07.0625 0504 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:51:07.0718 0504 USBSTOR - ok 22:51:07.0734 0504 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:51:07.0812 0504 usbuhci - ok 22:51:07.0859 0504 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 22:51:07.0937 0504 VgaSave - ok 22:51:07.0937 0504 ViaIde - ok 22:51:07.0968 0504 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 22:51:08.0109 0504 VolSnap - ok 22:51:08.0218 0504 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 22:51:08.0375 0504 VSS - ok 22:51:08.0421 0504 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 22:51:08.0546 0504 W32Time - ok 22:51:08.0562 0504 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:51:08.0656 0504 Wanarp - ok 22:51:08.0812 0504 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 22:51:09.0015 0504 Wdf01000 - ok 22:51:09.0031 0504 WDICA - ok 22:51:09.0062 0504 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 22:51:09.0187 0504 wdmaud - ok 22:51:09.0218 0504 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 22:51:09.0328 0504 WebClient - ok 22:51:09.0421 0504 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 22:51:09.0546 0504 winmgmt - ok 22:51:09.0578 0504 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 22:51:09.0625 0504 WmdmPmSN - ok 22:51:09.0671 0504 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 22:51:09.0796 0504 WmiApSrv - ok 22:51:10.0062 0504 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 22:51:10.0578 0504 WMPNetworkSvc - ok 22:51:10.0593 0504 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 22:51:10.0625 0504 WpdUsb - ok 22:51:10.0890 0504 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:51:11.0265 0504 WPFFontCache_v0400 - ok 22:51:11.0296 0504 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 22:51:11.0375 0504 WS2IFSL - ok 22:51:11.0421 0504 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 22:51:11.0531 0504 wscsvc - ok 22:51:11.0546 0504 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 22:51:11.0625 0504 wuauserv - ok 22:51:11.0671 0504 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:51:11.0734 0504 WudfPf - ok 22:51:11.0781 0504 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:51:11.0812 0504 WudfRd - ok 22:51:11.0843 0504 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 22:51:11.0890 0504 WudfSvc - ok 22:51:12.0046 0504 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 22:51:12.0359 0504 WZCSVC - ok 22:51:12.0421 0504 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 22:51:12.0515 0504 xmlprov - ok 22:51:12.0609 0504 [ 4322C32CED8C4772E039616DCBF01D3F ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys 22:51:12.0750 0504 yukonwxp - ok 22:51:12.0765 0504 ================ Scan global =============================== 22:51:12.0812 0504 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 22:51:12.0921 0504 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 22:51:13.0078 0504 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 22:51:13.0125 0504 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 22:51:13.0125 0504 [Global] - ok 22:51:13.0125 0504 ================ Scan MBR ================================== 22:51:13.0156 0504 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 22:51:13.0468 0504 \Device\Harddisk0\DR0 - ok 22:51:13.0484 0504 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3 22:51:13.0640 0504 \Device\Harddisk1\DR3 - ok 22:51:13.0640 0504 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4 22:51:14.0265 0504 \Device\Harddisk2\DR4 - ok 22:51:14.0265 0504 ================ Scan VBR ================================== 22:51:14.0265 0504 [ 471C3E8F9388D62AB14AFE6527DEFB7F ] \Device\Harddisk0\DR0\Partition1 22:51:14.0265 0504 \Device\Harddisk0\DR0\Partition1 - ok 22:51:14.0296 0504 [ C1DA37487B55B54BDBCAB5BE8AC920FD ] \Device\Harddisk0\DR0\Partition2 22:51:14.0296 0504 \Device\Harddisk0\DR0\Partition2 - ok 22:51:14.0296 0504 [ 5AA81649C52DA06C7DEB5454FACB0383 ] \Device\Harddisk1\DR3\Partition1 22:51:14.0296 0504 \Device\Harddisk1\DR3\Partition1 - ok 22:51:14.0296 0504 [ 11B2D23E3D9E991D022D5FDBCC1C17C5 ] \Device\Harddisk2\DR4\Partition1 22:51:14.0296 0504 \Device\Harddisk2\DR4\Partition1 - ok 22:51:14.0296 0504 ============================================================ 22:51:14.0296 0504 Scan finished 22:51:14.0296 0504 ============================================================ 22:51:14.0453 2644 Detected object count: 17 22:51:14.0453 2644 Actual detected object count: 17 22:53:35.0015 2644 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0015 2644 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0015 2644 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0015 2644 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0015 2644 Asushwio ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0015 2644 Asushwio ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0015 2644 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0015 2644 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 JGOGO ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 JGOGO ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 JRAID ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 JRAID ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 NeroCd2k ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 NeroCd2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:35.0031 2644 SSHDRV79 ( UnsignedFile.Multi.Generic ) - skipped by user 22:53:35.0031 2644 SSHDRV79 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:53:37.0593 3160 Deinitialize success Ariadne |
15.05.2013, 22:05 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
16.05.2013, 18:43 | #10 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Hallo Cosinus, anbei die gewünschten Dateien: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Microsoft Windows XP x86 Ran by Turtle on 16.05.2013 at 19:01:54,48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.05.2013 at 19:03:52,25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.300 - Datei am 16/05/2013 um 19:07:10 erstellt # Aktualisiert am 28/04/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Turtle - TURTLETANK # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Turtle\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\searchplugins\safesearch.xml ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v20.0.1 (de) Datei : C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1693 octets] - [16/05/2013 19:07:10] ########## EOF - C:\AdwCleaner[S1].txt - [1753 octets] ########## OTL.txt: Code:
ATTFilter OTL logfile created on: 16.05.2013 19:25:20 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Turtle\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 75,86% Memory free 4,97 Gb Paging File | 4,22 Gb Available in Paging File | 84,86% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 90,98 Gb Free Space | 71,08% Space Free | Partition Type: NTFS Drive D: | 104,89 Gb Total Space | 45,85 Gb Free Space | 43,71% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 760,34 Gb Free Space | 81,64% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 1722,07 Gb Free Space | 92,43% Space Free | Partition Type: NTFS Computer Name: TURTLETANK | User Name: Turtle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) ========== Modules (No Company Name) ========== MOD - C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\4216177767c733f8ce168a7e15bf84aa\Kies.Common.MediaDB.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0c0f4035ed840f79954bda89cc843b9f\Kies.Common.AllShare.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\a474c95688a2fafa128a8d56af13d151\AdminCmdAgent.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\514bb2edf2d1b8f181234ca7b3e1f6c7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3ba2a69c7706f265493785d3fc48c21b\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1ec51e9addb2c95c46ded53808f307ca\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2e88ba701634b71bfe66531d145a2248\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\db9f280e13c9a4b42e0d9041c9ffbf68\Kies.Common.DeviceService.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\7997dd659aef7cc70429dd3d67864f95\Kies.Common.Multimedia.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\6598816fd582be794b1e3ba25d3782c2\Kies.Common.MainUI.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2b5cb5fdfa23b703f8d2a699e3420313\Kies.Common.DBManager.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\aa561638a6105512f0f1cd692d26cd10\Kies.Common.Util.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\64cab500be752b34259673b55433a1e9\Kies.UI.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\2c0f02e66c6b749b122cefe6fc2535a2\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\df339be850e5d96817bb9920598bddbf\Kies.Interface.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\d35f3ad78e1ce868974f6cb2507819d6\Kies.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d9a2d325fafc4a781c16ad90acd2c6a7\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ec062cbfcf4fdf668cc426451846545c\Kies.Theme.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\2ce28dc89a395166d53fa34d30f06d8f\Kies.Common.StoreManager.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\dad95f954661a4e2119801d9631678a2\ASF_cSharpAPI.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1742ff554d024147c3da7ebf32e7f066\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4abd40b9e9740e081c7052bf398d9989\Interop.DevFileServiceLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\9142806be605fcd99de2b933928fa7c4\Interop.DeviceServiceModelDBLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d910a682cedafb6e40c4e460ef2d1927\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\6b7547725ebf7c031c08a3abb254865a\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\b8d3852e5a6e3b88855b66c70584da3f\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f64400a817d3942ff03470493d079229\Interop.DeviceSearchLib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\2faa82c73edc5c604648a59dea5f7e74\Kies.Locale.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\b0b301d1fd6e723cdc3fa968fd8910e2\Kies.MVVM.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\582fbae333fd4c7363db35d070ad4089\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll () MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Programme\Spybot File not found SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NIS) -- C:\Programme\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Lexware_Datenbank_Plus) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (CTSBLFX.DLL) -- system32\CTSBLFX.DLL File not found DRV - (CTERFXFX.DLL) -- system32\CTERFXFX.DLL File not found DRV - (CTAUDFX.DLL) -- system32\CTAUDFX.DLL File not found DRV - (COMMONFX.DLL) -- system32\COMMONFX.DLL File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130515.023\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130515.023\NAVENG.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symtdi.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symefa.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtspx.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symds.sys (Symantec Corporation) DRV - (SSHDRV79) -- C:\WINDOWS\system32\drivers\SSHDRV79.sys () DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ironx86.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ccsetx86.sys (Symantec Corporation) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130515.001\IDSXpx86.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NeroCd2k) -- C:\WINDOWS\system32\drivers\NeroCd2k.sys (ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@nero.com) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTERFXFX.SYS) -- C:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV - (CTERFXFX) -- C:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV - (CTSBLFX.SYS) -- C:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV - (CTSBLFX) -- C:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV - (CTAUDFX.SYS) -- C:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV - (CTAUDFX) -- C:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV - (COMMONFX.SYS) -- C:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd) DRV - (COMMONFX) -- C:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.) DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.) DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.) DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd) DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd) DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd) DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron ) DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (Asushwio) -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: d:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.05.16 19:14:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.09.30 12:03:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013.04.14 19:39:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.05.15 15:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.04.13 09:52:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.03.31 17:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Extensions [2012.03.31 17:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2013.03.10 13:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\extensions [2013.03.10 13:16:35 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\extensions\2020Player_IKEA@2020Technologies.com [2013.05.16 19:14:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\COFFPLGN [2012.09.30 12:03:04 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPLGN O1 HOSTS File: ([2013.05.14 21:34:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1202660629-1801674531-682003330-1004\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1368389093671 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} https://email.sanofi-aventis.com/exchweb/controls/DAX.cab (DAX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4FEE05C-CA0A-432E-997C-F58E47710FC9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.26 16:08:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.07.10 03:03:33 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.16 19:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.05.16 19:01:09 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.16 19:00:09 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Turtle\Desktop\JRT.exe [2013.05.15 22:47:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Turtle\Desktop\tdsskiller.exe [2013.05.15 19:47:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Turtle\Desktop\aswMBR.exe [2013.05.15 18:42:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.05.14 21:17:48 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.05.14 21:15:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.05.14 21:15:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.05.14 21:15:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.05.14 21:15:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.05.14 21:15:36 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.14 21:15:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.14 21:14:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.05.14 21:10:55 | 005,066,131 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Turtle\Desktop\ComboFix.exe [2013.05.13 00:01:48 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.05.13 00:01:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.05.13 00:01:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.05.13 00:01:35 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.05.12 22:23:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2013.05.12 22:23:35 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2013.05.12 22:23:12 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2013.05.12 22:22:33 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2013.05.12 22:22:33 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2013.05.12 22:22:33 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2013.05.12 22:22:33 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2013.05.12 22:22:33 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2013.05.12 22:22:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2013.05.12 22:10:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2013.05.12 22:10:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2013.05.12 18:42:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe [2013.05.06 08:48:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Turtle\Desktop\Einladung Uschi [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.16 19:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.16 19:11:59 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.05.16 19:11:45 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.16 19:11:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.16 19:08:18 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.16 19:08:18 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.16 19:08:18 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.16 19:08:18 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.16 19:08:18 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.16 19:05:37 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\adwcleaner.exe [2013.05.16 19:00:10 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Turtle\Desktop\JRT.exe [2013.05.16 09:00:17 | 004,934,855 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000002-00001102-00000004-20021102}.CDF [2013.05.16 09:00:17 | 004,934,855 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000002-00001102-00000004-20021102}.BAK [2013.05.16 08:54:20 | 000,002,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer 2012.lnk [2013.05.15 22:47:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Turtle\Desktop\tdsskiller.exe [2013.05.15 22:44:57 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\MBR.dat [2013.05.15 20:30:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.15 20:30:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.15 20:29:43 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013.05.15 19:49:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Turtle\Desktop\aswMBR.exe [2013.05.15 15:21:26 | 012,917,756 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\mbar-1.05.0.1001.zip [2013.05.14 21:34:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.05.14 21:17:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.05.14 21:11:34 | 005,066,131 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Turtle\Desktop\ComboFix.exe [2013.05.14 21:00:48 | 000,159,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.14 20:40:39 | 000,642,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1403010.016\Cat.DB [2013.05.14 20:40:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.14 20:33:36 | 000,516,472 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.14 20:33:36 | 000,493,162 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.14 20:33:36 | 000,100,730 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.14 20:33:36 | 000,083,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.13 00:01:04 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.05.13 00:00:57 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.05.13 00:00:57 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.05.13 00:00:56 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.05.13 00:00:56 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.05.13 00:00:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.05.13 00:00:56 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.05.12 18:51:03 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe [2013.05.12 18:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe [2013.05.12 18:42:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\defogger_reenable [2013.05.12 18:40:43 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\Defogger.exe [2013.05.07 06:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.05.05 12:25:02 | 000,002,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer Deluxe 2013.lnk [2013.04.20 13:37:48 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1403010.016\VT20130115.021 [2013.04.17 00:16:49 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2013.04.17 00:16:49 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2013.04.17 00:16:49 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2013.04.17 00:16:49 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2013.04.17 00:16:49 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2013.04.17 00:16:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2013.04.17 00:16:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2013.04.17 00:16:49 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2013.04.17 00:16:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2013.04.17 00:16:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2013.04.17 00:16:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2013.04.17 00:16:49 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2013.04.17 00:16:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2013.04.17 00:16:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2013.04.17 00:16:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll [2013.04.17 00:16:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll [2013.04.17 00:16:49 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2013.04.17 00:16:49 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2013.04.17 00:16:48 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2013.04.17 00:16:48 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2013.04.17 00:16:48 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2013.04.17 00:16:48 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2013.04.17 00:16:48 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2013.04.17 00:16:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2013.04.17 00:16:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2013.04.17 00:16:48 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2013.04.17 00:16:48 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.16 19:05:36 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\adwcleaner.exe [2013.05.16 08:54:20 | 000,002,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer 2012.lnk [2013.05.15 22:44:57 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\MBR.dat [2013.05.15 15:20:59 | 012,917,756 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\mbar-1.05.0.1001.zip [2013.05.14 21:17:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.05.14 21:17:53 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.05.14 21:15:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.05.14 21:15:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.05.14 21:15:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.05.14 21:15:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.05.14 21:15:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.05.12 22:15:15 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb [2013.05.12 18:51:03 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\gmer_2.1.19163.exe [2013.05.12 18:42:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\defogger_reenable [2013.05.12 18:40:43 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\Defogger.exe [2013.04.08 09:53:02 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013.03.29 21:32:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2013.01.26 12:37:10 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.11.25 01:56:37 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV79.sys [2012.09.30 14:03:54 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2012.09.30 14:03:54 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2012.07.25 22:44:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012.07.14 18:35:51 | 001,139,658 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1202660629-1801674531-682003330-1004-0.dat [2012.07.14 18:35:49 | 000,160,970 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.02.16 21:43:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.02 20:29:47 | 000,121,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.02 16:08:56 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011.12.27 11:52:01 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.12.27 00:11:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.12.27 00:11:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.12.27 00:11:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.12.27 00:11:19 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.12.26 20:03:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.26 16:50:10 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2011.12.26 16:50:10 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2011.12.26 16:50:09 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2011.12.26 16:50:09 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2011.12.26 16:36:56 | 000,029,358 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2011.12.26 16:36:34 | 000,029,320 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.12.26 16:36:31 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011.12.26 16:36:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.12.26 16:09:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.12.26 16:06:13 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.12.26 15:51:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.26 15:50:41 | 000,159,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll ========== ZeroAccess Check ========== [2013.05.12 22:21:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 22:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 5632 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\Turtle\Cookies:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Vorlagen:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Dokumente und Einstellungen\Turtle\Eigene Dateien\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Vorlagen:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\desktop.ini:gs5sys < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.05.2013 19:25:20 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Turtle\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 75,86% Memory free 4,97 Gb Paging File | 4,22 Gb Available in Paging File | 84,86% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 90,98 Gb Free Space | 71,08% Space Free | Partition Type: NTFS Drive D: | 104,89 Gb Total Space | 45,85 Gb Free Space | 43,71% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 760,34 Gb Free Space | 81,64% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 1722,07 Gb Free Space | 92,43% Space Free | Partition Type: NTFS Computer Name: TURTLETANK | User Name: Turtle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1202660629-1801674531-682003330-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "d:\Programme\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [dm-Fotowelt] -- "d:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "d:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OnlineFotoservice] -- "d:\Programme\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.) "D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "D:\Programme\Steam\Steam.exe" = D:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "D:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = D:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- () "C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe" = C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe:*:Enabled:Lexware Datenbank Server -- (iAnywhere Solutions, Inc.) "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X "{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}" = ASUS DH Remote "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012 "{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1" = Torchlight II "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6 "{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service "{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A733DC44-DC71-447D-AD6C-33B9AB537828}" = QuickSteuer Deluxe 2013 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{BE672587-331F-42F7-BC38-D59759311C75}" = Lexware reisekosten plus 2012 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2012 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AudioCS" = Creative-Audiokonsole "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Creative Software AutoUpdate" = Creative Software AutoUpdate "Diablo III" = Diablo III "dm-Fotowelt" = dm-Fotowelt "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "fotokasten comfort_is1" = fotokasten comfort 4.4 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MPE" = MyPhoneExplorer "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MWAREDATT" = Messageware AttachView Add-in for Saving Files x64 "Nero - Burning Rom!UninstallKey" = Nero 6 Demo "NIS" = Norton Internet Security "OnlineFotoservice" = OnlineFotoservice "Sacred_is1" = Sacred "Steam App 550" = Left 4 Dead 2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1202660629-1801674531-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.03.2013 04:51:20 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 29.03.2013 03:44:54 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 29.03.2013 14:00:06 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 13.05.2013 15:56:17 | Computer Name = TURTLETANK | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 14.05.2013 07:19:17 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 14.05.2013 13:46:32 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 14.05.2013 15:01:59 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 14.05.2013 15:02:56 | Computer Name = TURTLETANK | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 14.05.2013 15:32:32 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 15.05.2013 09:12:50 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 15.05.2013 11:09:15 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 15.05.2013 11:09:15 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.05.2013 12:32:52 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 15.05.2013 12:32:52 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 16.05.2013 02:34:35 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 16.05.2013 02:34:35 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 16.05.2013 12:51:29 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 16.05.2013 12:51:29 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 16.05.2013 13:12:30 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 16.05.2013 13:12:30 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Gruß |
16.05.2013, 21:12 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.PFixen mit OTL
Code:
ATTFilter :OTL @Alternate Data Stream - 5632 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\Turtle\Cookies:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Vorlagen:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Dokumente und Einstellungen\Turtle\Eigene Dateien\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Vorlagen:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\desktop.ini:gs5sys :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
17.05.2013, 07:07 | #12 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P OTL: Code:
ATTFilter All processes killed ========== OTL ========== ADS C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\Turtle\Cookies:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Vorlagen:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\Turtle\Eigene Dateien\desktop.ini:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\Turtle\Vorlagen:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\Turtle\Desktop\desktop.ini:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\Turtle\Desktop:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\Turtle\desktop.ini:gs5sys deleted successfully. ADS C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\desktop.ini:gs5sys deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. C:\Dokumente und Einstellungen\Turtle\Desktop\cmd.bat deleted successfully. C:\Dokumente und Einstellungen\Turtle\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Turtle ->Temp folder emptied: 146877972 bytes ->Temporary Internet Files folder emptied: 87803736 bytes ->Java cache emptied: 18050616 bytes ->FireFox cache emptied: 434563250 bytes ->Flash cache emptied: 817 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138908 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16036005 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 672,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 05172013_074803 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6e0.dat not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Ariadne |
17.05.2013, 10:42 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
18.05.2013, 19:51 | #14 |
| Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.17.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Turtle :: TURTLETANK [Administrator] 17.05.2013 20:46:56 mbam-log-2013-05-17 (20-46-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 519855 Laufzeit: 6 Stunde(n), 27 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=d71148cbaf3c5c4da6dfc28fce3077cf # engine=13857 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-18 04:28:26 # local_time=2013-05-18 06:28:26 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3591 16777213 100 93 419777 131491091 0 0 # scanned=315825 # found=0 # cleaned=0 # scan_time=16267 Ariadne |
19.05.2013, 02:39 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P |
7-zip, adobe, adobe reader xi, audiograbber, autorun, bho, bonjour, canon, converter, einstellungen, excel, explorer, firefox, flash player, format, google, intranet, mozilla, plug-in, realtek, registry, rojaner gefunden, rundll, security, software, symantec, trojan.fakeav, trojan.ransomlock.p, trojaner, virus, windows internet, ws.secriskother.1 |