Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 20.07.2012, 17:54   #1
fanny211
 
Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt - Standard

Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt



Hallo,

ich habe folgendes Problem: Trojan.Gen.2 wird von Norton Auto Protect in der Datei c:\windows\installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\u\80000032.@ erkannt und entfernt. Doch Sekunden später wiederholt sich das zusammen mit Trojan.Zeroaccess.B., aber ich will mich zuerst um Trojan.Gen.2 kümmern.
Die OTL Extras und GMER Log im Anhang. Hier die OTL-Auswertung:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.07.2012 14:16:48 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = D:\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,81% Memory free
6,00 Gb Paging File | 5,03 Gb Available in Paging File | 83,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 30,05 Gb Free Space | 40,33% Space Free | Partition Type: NTFS
Drive D: | 158,36 Gb Total Space | 83,21 Gb Free Space | 52,55% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPHS-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.20 12:14:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.07.19 10:43:13 | 000,400,352 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.22 02:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2008.01.21 04:24:46 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
PRC - [2007.10.19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 10:43:15 | 001,936,352 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2012.07.19 10:43:15 | 000,162,784 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.07.19 10:43:15 | 000,021,984 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.04.11 08:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009.04.11 08:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 10:17:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.18 10:53:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.06 14:34:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 02:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.08.26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.04.08 14:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.01.21 04:25:56 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.14 20:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120719.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012.05.24 11:56:54 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120719.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.24 11:56:54 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120719.021\NAVENG.SYS -- (NAVENG)
DRV - [2012.05.16 06:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.16 06:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.11.15 01:34:51 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP)
DRV - [2011.11.14 15:24:27 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.11.14 14:59:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.14 14:58:53 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA)
DRV - [2011.11.14 14:58:53 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP)
DRV - [2011.11.14 14:58:53 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.11.14 14:58:53 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011.09.22 02:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI)
DRV - [2011.09.22 02:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symfw.sys -- (SYMFW)
DRV - [2011.09.22 02:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symndisv.sys -- (SYMNDISV)
DRV - [2011.05.13 19:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 19:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.01.20 23:18:24 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.03.27 05:06:20 | 000,221,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008.11.21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.05.08 00:32:14 | 000,046,080 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.14 15:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.01.21 04:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.12.20 02:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.11.15 01:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 10:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.11.14 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012.05.03 17:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\9trg8q0u.default\extensions
[2011.11.24 20:57:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\9trg8q0u.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.20 14:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.19 10:17:02 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.18 14:05:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 14:05:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 14:05:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 14:05:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 14:05:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 14:05:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.15 08:25:33 | 000,001,293 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3CCD675-AC9E-4AF6-A854-F8B199A96B74}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F99D4CA4-B33E-43CA-916F-8262137126C6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 18:15:27 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\NPE
[2012.07.17 20:08:16 | 000,133,120 | ---- | C] (DT Soft Ltd) -- C:\Users\Christoph\AppData\Roaming\rsckwi.dll
[2012.07.17 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\xsecva
[2012.07.17 17:29:24 | 000,000,000 | ---D | C] -- d:\Documents\My Digital Editions
[2012.07.17 17:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012.07.12 22:54:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Ibexe
[2012.07.12 22:54:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Feegec
[2012.07.12 22:54:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Deiv
[2012.07.07 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2012.07.07 12:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2012.07.07 12:02:28 | 000,000,000 | ---D | C] -- d:\Desktop\JPEG Digital Camera
[2012.07.05 12:56:01 | 000,000,000 | ---D | C] -- d:\Desktop\kühlschrank
[2012.07.02 22:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012.07.02 22:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 14:14:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 14:14:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 14:14:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 14:14:15 | 3114,577,920 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 12:50:45 | 362,007,898 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.20 12:12:56 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable
[2012.07.20 11:41:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.20 11:24:51 | 002,276,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.20 10:53:03 | 000,000,680 | ---- | M] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2012.07.19 19:04:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.19 17:37:11 | 000,004,128 | ---- | M] () -- d:\Documents\cc_20120719_173632.reg
[2012.07.18 10:44:46 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 10:44:46 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 10:44:46 | 000,144,082 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 10:44:46 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 20:08:16 | 000,133,120 | ---- | M] (DT Soft Ltd) -- C:\Users\Christoph\AppData\Roaming\rsckwi.dll
[2012.07.17 17:51:30 | 028,335,605 | ---- | M] () -- d:\Documents\Zwangsstörungen.xps
[2012.07.17 17:30:22 | 001,352,460 | ---- | M] () -- C:\Users\Christoph\Zwangsstoerungen_verstehen_und_bewaeltigen.pdf
[2012.07.17 17:29:04 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012.07.17 12:36:54 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 15:19:16 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.07 12:38:04 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.07.06 19:19:14 | 000,000,928 | ---- | M] () -- C:\Windows\QANTIM.INI
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.02 22:52:47 | 000,000,600 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\winscp.rnd
[2012.07.02 15:04:44 | 000,032,768 | ---- | M] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.29 13:18:37 | 000,173,406 | ---- | M] () -- d:\Desktop\museumsreisen-header.jpg
[2012.06.28 17:58:24 | 000,857,319 | ---- | M] () -- d:\Desktop\museumsreisen-header.psd
[2012.06.28 17:47:23 | 000,221,003 | ---- | M] () -- d:\Desktop\museumsreisen.jpg
[2012.06.26 17:33:16 | 000,485,117 | ---- | M] () -- d:\Desktop\26.06.12 10-00-43.pdf
 
========== Files Created - No Company Name ==========
 
[2012.07.20 14:14:15 | 3114,577,920 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.20 12:50:45 | 362,007,898 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.20 12:12:56 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable
[2012.07.20 11:43:15 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\U\80000000.@
[2012.07.19 17:43:16 | 002,276,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.19 17:36:38 | 000,004,128 | ---- | C] () -- d:\Documents\cc_20120719_173632.reg
[2012.07.18 10:51:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\L\00000004.@
[2012.07.17 17:49:15 | 028,335,605 | ---- | C] () -- d:\Documents\Zwangsstörungen.xps
[2012.07.17 17:35:08 | 001,352,460 | ---- | C] () -- C:\Users\Christoph\Zwangsstoerungen_verstehen_und_bewaeltigen.pdf
[2012.07.17 17:29:04 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012.07.17 17:29:04 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012.07.17 12:36:54 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.07 12:38:04 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD
[2012.07.07 12:38:04 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.07.02 22:18:27 | 000,000,600 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\winscp.rnd
[2012.06.28 17:51:25 | 000,173,406 | ---- | C] () -- d:\Desktop\museumsreisen-header.jpg
[2012.06.28 17:51:09 | 000,857,319 | ---- | C] () -- d:\Desktop\museumsreisen-header.psd
[2012.06.28 17:47:20 | 000,221,003 | ---- | C] () -- d:\Desktop\museumsreisen.jpg
[2012.06.26 17:33:16 | 000,485,117 | ---- | C] () -- d:\Desktop\26.06.12 10-00-43.pdf
[2012.06.13 15:39:10 | 000,000,928 | ---- | C] () -- C:\Windows\QANTIM.INI
[2012.06.12 14:40:22 | 029,375,139 | ---- | C] () -- C:\Users\Christoph\Einladung Sommerfest7-7-12.psd
[2012.06.08 14:51:04 | 000,188,551 | ---- | C] () -- C:\Users\Christoph\636x460design_01.jpg
[2012.06.03 18:48:05 | 000,000,600 | ---- | C] () -- C:\Users\Christoph\AppData\Local\PUTTY.RND
[2012.03.25 21:21:29 | 001,435,157 | ---- | C] () -- C:\Users\Christoph\24.03.jpg
[2012.03.23 13:13:49 | 003,940,352 | ---- | C] () -- C:\Users\Christoph\neues layout.indd
[2012.03.16 13:17:43 | 000,125,448 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.02.19 13:39:44 | 001,421,997 | ---- | C] () -- C:\Users\Christoph\DSCF0396.JPG
[2012.02.19 13:39:44 | 001,406,314 | ---- | C] () -- C:\Users\Christoph\DSCF0394.JPG
[2012.02.19 13:39:44 | 001,396,588 | ---- | C] () -- C:\Users\Christoph\DSCF0393.JPG
[2012.02.19 13:39:44 | 001,389,626 | ---- | C] () -- C:\Users\Christoph\DSCF0395.JPG
[2012.01.29 23:03:24 | 002,849,840 | ---- | C] () -- C:\Users\Christoph\chrischi.pdf
[2012.01.28 14:10:06 | 000,907,445 | ---- | C] () -- C:\Users\Christoph\gerd.jpg
[2012.01.28 12:42:14 | 025,227,501 | ---- | C] () -- C:\Users\Christoph\gerd.psd
[2012.01.26 16:28:48 | 000,668,351 | ---- | C] () -- C:\Users\Christoph\Unbenannt-2.jpg
[2012.01.26 16:28:27 | 000,089,896 | ---- | C] () -- C:\Users\Christoph\zahn_1.jpg
[2012.01.22 01:05:31 | 000,273,297 | ---- | C] () -- C:\Users\Christoph\DSC04141klein.jpg
[2012.01.18 16:23:46 | 000,089,896 | ---- | C] () -- C:\Users\Christoph\zahn.jpg
[2012.01.18 16:13:43 | 044,978,308 | ---- | C] () -- C:\Users\Christoph\MVI_0075.mpeg
[2012.01.12 13:41:48 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\@
[2012.01.12 13:41:48 | 000,002,048 | -HS- | C] () -- C:\Users\Christoph\AppData\Local\{3275153b-358c-b00c-9979-e21d1f9a3644}\@
[2012.01.05 23:00:12 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.01.05 19:27:42 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.01.04 23:21:01 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.01.04 23:21:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.01.04 23:20:59 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.01.04 23:20:59 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.01.04 23:20:59 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012.01.04 23:20:58 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.09 01:44:23 | 007,711,956 | ---- | C] () -- C:\Users\Christoph\Unbenannt-1.psd
[2011.11.16 23:26:19 | 000,032,768 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.15 13:13:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.15 13:13:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.11.15 13:12:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.11.15 13:12:36 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.11.15 01:40:13 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.11.14 09:26:31 | 000,670,946 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.11.14 09:26:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.11.14 09:26:31 | 000,144,082 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.11.14 09:26:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.11.14 00:48:04 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.11.14 00:48:04 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.11.14 00:48:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2011.11.14 00:48:04 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2011.11.14 00:47:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.11.14 00:40:24 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2011.11.14 00:33:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
 
========== LOP Check ==========
 
[2012.06.20 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2012.07.12 22:55:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Deiv
[2012.07.20 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Dropbox
[2012.01.04 18:37:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoft
[2011.11.24 20:57:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.13 01:38:15 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Feegec
[2012.07.12 15:35:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\FileZilla
[2011.11.14 00:54:43 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Hewlett Packard
[2012.07.12 22:54:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Ibexe
[2012.01.04 13:37:38 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\No Company Name
[2012.03.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Nvu
[2012.01.18 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\NWBVerlag
[2011.11.14 21:24:47 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\R-TT
[2012.06.03 19:16:37 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Seas0nPass
[2011.11.16 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Sync App Settings
[2011.11.14 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Thunderbird
[2012.01.02 16:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\tigo-IT
[2011.11.18 22:42:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\WindSolutions
[2012.07.20 10:44:44 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\xsecva
[2012.07.20 11:41:03 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Christoph\MVI_0075.mpeg:TOC.WMV

< End of report >
         
--- --- ---


Anhang 38355

ICh würde mich über Hilfe freuen

Geändert von fanny211 (20.07.2012 um 18:00 Uhr)

 

Themen zu Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt
adobe, autorun, bho, bonjour, converter, desktop, explorer, firefox, flash player, format, ftp, helper, logfile, mozilla, mp3, plug-in, problem, programme, registry, scan, searchscopes, security, sekunden, software, symantec, trojan.gen.2, vista




Ähnliche Themen: Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt


  1. Win7 wird immer langsamer und Norton wird ab und an doppelt autogestartet
    Log-Analyse und Auswertung - 17.10.2014 (9)
  2. Download Protect 2.2.5 installiert sich immer wieder selbst in Firefox
    Log-Analyse und Auswertung - 16.08.2014 (9)
  3. Download Protect installiert sich immer wieder
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (19)
  4. Linksklick wird nicht immer erkannt
    Alles rund um Windows - 14.07.2013 (10)
  5. iaStorV.sys wird von Norton Power Eraser als bösartig erkannt
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (3)
  6. WS.Malware.2 Norton Internet Security Auto-Protect verarbeitest Sicherheitsrisiko
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (28)
  7. Auto Protect Scan
    Mülltonne - 06.07.2008 (0)
  8. TR/Crypt.XPACK.gen wird von AV erkannt, taucht aber immer wieder auf. Hier der Log...
    Log-Analyse und Auswertung - 09.06.2008 (5)
  9. Norton Problem ---> Auto-protect ... Fehler
    Plagegeister aller Art und deren Bekämpfung - 23.08.2007 (4)
  10. download.trojan - auto-protect von Norton lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 16.08.2007 (3)
  11. Auto Protect (mal wieder)
    Log-Analyse und Auswertung - 31.07.2007 (9)
  12. Festplatte wird immer nur als Master erkannt
    Netzwerk und Hardware - 04.01.2006 (6)
  13. Hilfe, Spyware wird von Norton nicht erkannt?
    Plagegeister aller Art und deren Bekämpfung - 28.09.2005 (5)
  14. Norton Auto-Protect, E-Mail-Scan & Firewall wird abgeschaltet
    Log-Analyse und Auswertung - 24.05.2005 (1)
  15. Norton Auto-Protect kann nicht aktiviert werden
    Log-Analyse und Auswertung - 15.01.2005 (9)
  16. Auto Protect bei NAV 04 ist deaktiviert
    Log-Analyse und Auswertung - 03.01.2005 (1)
  17. NAV 2004 Auto Protect lässt sich nicht aktivieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 31.10.2004 (1)

Zum Thema Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt - Hallo, ich habe folgendes Problem: Trojan.Gen.2 wird von Norton Auto Protect in der Datei c:\windows\installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\u\80000032.@ erkannt und entfernt. Doch Sekunden später wiederholt sich das zusammen mit Trojan.Zeroaccess.B., aber ich will - Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt...
Archiv
Du betrachtest: Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.