|
Mülltonne: 2x Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.PWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
14.05.2013, 07:27 | #1 |
| 2x Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Hallo Trojanerboard-Team, ich habe mir die Quarantäne meines Norton Anti Virus angeschaut und festgestellt, dass Norton während der letzten Routinescans folgende Trojaner gefunden hat: Der Virenscanner hat folgenden Trojaner gefunden: Trojan.Ransomlock.P Der E-Mail-Scanner hat folgende Trojaner gefunden: Trojan.Ransomlock.P Trojan.FakeAV WS.SecRiskOther.1 Ich habe mich an die Anleitung zur Erstellung von Threads gehalten und das sind meine Dateien: OTL.txt Code:
ATTFilter OTL logfile created on: 12.05.2013 18:43:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Turtle\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 72,08% Memory free 4,97 Gb Paging File | 4,17 Gb Available in Paging File | 83,96% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 95,53 Gb Free Space | 74,64% Space Free | Partition Type: NTFS Drive D: | 104,89 Gb Total Space | 45,91 Gb Free Space | 43,77% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 758,96 Gb Free Space | 81,50% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 1722,08 Gb Free Space | 92,44% Space Free | Partition Type: NTFS Computer Name: TURTLETANK | User Name: Turtle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.12 18:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe PRC - [2012.12.24 13:40:01 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.07.02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe PRC - [2010.03.24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.03.18 20:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe PRC - [2010.03.02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.06.10 11:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe ========== Modules (No Company Name) ========== MOD - [2013.04.11 22:24:48 | 000,115,137 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2013.02.25 11:14:54 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\0b4349ec9a08f8b0c1b7efe7e9713816\Kies.UI.ni.dll MOD - [2013.01.26 14:15:59 | 014,336,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\fd7042bb1879ebeaf704c938d7cbb808\Kies.Theme.ni.dll MOD - [2013.01.26 14:15:59 | 000,033,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d9a2d325fafc4a781c16ad90acd2c6a7\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.01.26 14:15:53 | 000,194,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\30cf279ac30cf9eb752a1f30af173288\ASF_cSharpAPI.ni.dll MOD - [2013.01.26 14:15:50 | 000,562,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e7e488278db7ff357934c20d9fda02d0\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.01.26 14:15:47 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\84c01e81da471d0a185edc52c52e132f\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.01.26 13:48:09 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2d0895996454caa76b595ffc245e3a41\Kies.MVVM.ni.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.08.23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012.07.02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll MOD - [2012.03.01 01:58:00 | 000,357,184 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nview\nvShell.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDScannerService) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.04.14 19:39:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.13 23:29:58 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.24 13:40:01 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.01.08 14:30:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\COMMONFX.DLL -- (COMMONFX.DLL) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.04.13 01:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.02.16 11:01:01 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130511.005\NAVEX15.SYS -- (NAVEX15) DRV - [2013.02.16 11:01:01 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.02.16 11:01:01 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130511.005\NAVENG.SYS -- (NAVENG) DRV - [2013.01.31 05:18:18 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symtdi.sys -- (SYMTDI) DRV - [2013.01.31 05:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symefa.sys -- (SymEFA) DRV - [2013.01.29 03:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtsp.sys -- (SRTSP) DRV - [2013.01.29 03:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtspx.sys -- (SRTSPX) DRV - [2013.01.22 04:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symds.sys -- (SymDS) DRV - [2012.11.25 01:56:37 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV79.sys -- (SSHDRV79) DRV - [2012.11.16 04:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ironx86.sys -- (SymIRON) DRV - [2012.11.16 04:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.09.30 14:03:54 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2012.09.30 14:03:54 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2012.09.30 11:56:49 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.09.28 12:32:14 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130510.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.08.09 19:54:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.03.10 13:40:56 | 000,044,227 | ---- | M] (ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@nero.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NeroCd2k.sys -- (NeroCd2k) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.03.18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2010.03.18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2010.03.18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2010.03.18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2010.03.18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2010.03.18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2010.03.18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2010.03.18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010.03.18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) DRV - [2010.03.18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2010.03.18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS) DRV - [2010.03.18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX) DRV - [2010.03.18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS) DRV - [2010.03.18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX) DRV - [2010.03.18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS) DRV - [2010.03.18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX) DRV - [2010.03.18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS) DRV - [2010.03.18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX) DRV - [2008.04.13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.12.06 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007.04.12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL) DRV - [2007.04.12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV - [2007.04.12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV - [2007.04.12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV - [2007.04.12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV - [2007.04.12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV - [2007.04.12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV - [2006.07.01 11:47:08 | 000,041,216 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2006.06.16 09:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2006.02.07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO) DRV - [2005.12.22 04:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.04.27 17:26:48 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.3.19 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: d:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.05.12 18:37:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.09.30 12:03:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013.04.14 19:39:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.04.14 19:39:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.04.13 09:52:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.03.31 17:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Extensions [2012.03.31 17:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2013.03.10 13:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\extensions [2013.03.10 13:16:35 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\extensions\2020Player_IKEA@2020Technologies.com [2012.01.02 13:47:53 | 000,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Mozilla\Firefox\Profiles\b1w9wwx8.default\searchplugins\safesearch.xml [2013.05.12 18:37:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\COFFPLGN [2012.09.30 12:03:04 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPLGN O1 HOSTS File: ([2011.12.26 23:37:22 | 000,439,952 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15126 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} https://email.sanofi-aventis.com/exchweb/controls/DAX.cab (DAX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4FEE05C-CA0A-432E-997C-F58E47710FC9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.26 16:08:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.02.27 01:57:36 | 000,000,120 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010.07.10 03:03:33 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.12 18:42:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe [2013.05.06 08:48:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Turtle\Desktop\Einladung Uschi [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.12 18:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Turtle\Desktop\OTL.exe [2013.05.12 18:42:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\defogger_reenable [2013.05.12 18:40:43 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\Defogger.exe [2013.05.12 18:35:14 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.12 18:35:14 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.05.12 18:35:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.12 15:33:28 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:33:28 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000002-00001102-00000004-20021102}.rfx [2013.05.12 15:32:48 | 004,934,855 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000002-00001102-00000004-20021102}.CDF [2013.05.12 15:32:48 | 004,934,855 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000002-00001102-00000004-20021102}.BAK [2013.05.12 15:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.05 12:25:02 | 000,002,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer Deluxe 2013.lnk [2013.04.20 13:38:06 | 000,638,117 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1403010.016\Cat.DB [2013.04.20 13:37:48 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1403010.016\VT20130115.021 [2013.04.14 12:43:47 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.13 09:54:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.12 18:42:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\defogger_reenable [2013.05.12 18:40:43 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Desktop\Defogger.exe [2013.04.08 09:53:02 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013.03.29 21:32:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2013.01.26 12:37:10 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.11.25 01:56:37 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV79.sys [2012.09.30 14:03:54 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2012.09.30 14:03:54 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2012.07.25 22:44:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012.07.14 18:35:51 | 000,657,575 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1202660629-1801674531-682003330-1004-0.dat [2012.07.14 18:35:49 | 000,160,970 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.02.16 21:43:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.02 20:29:47 | 000,121,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Turtle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.02 16:08:56 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011.12.27 11:52:01 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.12.27 00:11:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.12.27 00:11:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.12.27 00:11:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.12.27 00:11:19 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.12.26 20:03:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.26 16:50:10 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2011.12.26 16:50:10 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2011.12.26 16:50:09 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2011.12.26 16:50:09 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2011.12.26 16:36:56 | 000,029,358 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2011.12.26 16:36:34 | 000,029,320 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.12.26 16:36:31 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011.12.26 16:36:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.12.26 16:09:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.12.26 16:06:13 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.12.26 15:51:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.26 15:50:41 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2011.11.01 22:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.17 05:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [2012.01.02 15:15:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canon IJ Network Tool [2012.01.02 14:54:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.01.02 15:17:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP [2012.01.02 16:15:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2012.01.02 15:17:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2 [2012.01.02 15:01:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup [2012.02.23 09:02:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2012.01.02 14:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2012.02.13 00:36:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DSS [2012.02.13 00:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2012.02.13 00:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2012.02.26 16:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2013.01.26 13:33:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.08.17 19:01:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoGenie [2013.03.29 21:32:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games [2012.07.14 10:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2013.01.26 13:33:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SQL Anywhere 11 [2013.05.12 13:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2012.06.30 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.03.10 17:52:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Amazon [2012.02.23 09:02:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Canon [2012.10.07 15:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Canon Easy-WebPrint EX [2012.03.31 17:02:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Haufe Mediengruppe [2013.01.26 13:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Lexware [2013.03.13 21:54:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\MyPhoneExplorer [2012.07.14 11:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Samsung [2012.02.11 18:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\Thunderbird ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 5632 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\Turtle\Cookies:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Vorlagen:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Dokumente und Einstellungen\Turtle\Eigene Dateien\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Vorlagen:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Desktop:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Dokumente und Einstellungen\Turtle\Anwendungsdaten\desktop.ini:gs5sys < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 12.05.2013 18:43:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Turtle\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 72,08% Memory free 4,97 Gb Paging File | 4,17 Gb Available in Paging File | 83,96% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 95,53 Gb Free Space | 74,64% Space Free | Partition Type: NTFS Drive D: | 104,89 Gb Total Space | 45,91 Gb Free Space | 43,77% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 758,96 Gb Free Space | 81,50% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 1722,08 Gb Free Space | 92,44% Space Free | Partition Type: NTFS Computer Name: TURTLETANK | User Name: Turtle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "d:\Programme\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [dm-Fotowelt] -- "d:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "d:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OnlineFotoservice] -- "d:\Programme\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.) "D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "D:\Programme\Steam\Steam.exe" = D:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "D:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = D:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- () "C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe" = C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe:*:Enabled:Lexware Datenbank Server -- (iAnywhere Solutions, Inc.) "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X "{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}" = ASUS DH Remote "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1" = Torchlight II "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6 "{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service "{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A733DC44-DC71-447D-AD6C-33B9AB537828}" = QuickSteuer Deluxe 2013 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{BE672587-331F-42F7-BC38-D59759311C75}" = Lexware reisekosten plus 2012 "{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2012 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AudioCS" = Creative-Audiokonsole "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Creative Software AutoUpdate" = Creative Software AutoUpdate "Diablo III" = Diablo III "dm-Fotowelt" = dm-Fotowelt "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "fotokasten comfort_is1" = fotokasten comfort 4.4 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MPE" = MyPhoneExplorer "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MWAREDATT" = Messageware AttachView Add-in for Saving Files x64 "Nero - Burning Rom!UninstallKey" = Nero 6 Demo "NIS" = Norton Internet Security "OnlineFotoservice" = OnlineFotoservice "Sacred_is1" = Sacred "Steam App 550" = Left 4 Dead 2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "xp-AntiSpy" = xp-AntiSpy 3.98-1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.02.2013 04:26:19 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 24.02.2013 15:46:22 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 24.03.2013 12:35:02 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 25.03.2013 03:15:50 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 25.03.2013 07:46:11 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 26.03.2013 15:54:32 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 27.03.2013 02:26:22 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 27.03.2013 04:51:20 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 29.03.2013 03:44:54 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 29.03.2013 14:00:06 | Computer Name = TURTLETANK | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 10.05.2013 02:31:42 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.05.2013 05:06:36 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 11.05.2013 05:06:36 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.05.2013 12:17:51 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 11.05.2013 12:17:51 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.05.2013 05:44:04 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 12.05.2013 05:44:04 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.05.2013 06:04:50 | Computer Name = TURTLETANK | Source = Print | ID = 6161 Description = Das Dokument Mappe1, im Besitz von Turtle, konnte nicht auf dem Drucker Canon MG5200 series Printer (Kopie 1) gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 655360. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\TURTLETANK. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 3 (0x3). Error - 12.05.2013 12:35:41 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 12.05.2013 12:35:41 | Computer Name = TURTLETANK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Die Gmer-Logdatei habe ich angehangen, da ansonsten der Platz in diesem Beitrag nicht ausreicht. Ich würde mich freuen, wenn mir jemand bei der Bereinigung meines Systems hlfen kann. Eine Aktivität der Trojaner ist mir übrigens nicht aufgefallen, d.h., der Rechner verhält sich wie immer. Viele Grüße Ariadne |
14.05.2013, 10:47 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 2x Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P Ein Strang reicht! => http://www.trojaner-board.de/134847-...somlock-p.html
__________________
__________________ |
Themen zu 2x Norton hat drei Trojaner entdeckt - u.a. Trojan.Ransomlock.P |
0x00000001, 7-zip, adobe, adobe reader xi, alternate, audiograbber, autorun, bho, bonjour, canon, converter, einstellungen, error, excel, explorer, firefox, flash player, format, google, home, intranet, logfile, microsoft office word, mozilla, mozilla thunderbird, office 2007, plug-in, realtek, registry, rojaner gefunden, rundll, saving, searchscopes, security, software, symantec, temp, trojaner, version=1.0, virus, windows internet |