| |
| |||||||
Log-Analyse und Auswertung: Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkanntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.07.2012, 17:54
| #1 |
| |  Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt Hallo, ich habe folgendes Problem: Trojan.Gen.2 wird von Norton Auto Protect in der Datei c:\windows\installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\u\80000032.@ erkannt und entfernt. Doch Sekunden später wiederholt sich das zusammen mit Trojan.Zeroaccess.B., aber ich will mich zuerst um Trojan.Gen.2 kümmern. Die OTL Extras und GMER Log im Anhang. Hier die OTL-Auswertung: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2012 14:16:48 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = D:\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,81% Memory free 6,00 Gb Paging File | 5,03 Gb Available in Paging File | 83,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 30,05 Gb Free Space | 40,33% Space Free | Partition Type: NTFS Drive D: | 158,36 Gb Total Space | 83,21 Gb Free Space | 52,55% Space Free | Partition Type: NTFS Computer Name: CHRISTOPHS-PC | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.20 12:14:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2012.07.19 10:43:13 | 000,400,352 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.22 02:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2008.01.21 04:24:46 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe PRC - [2007.10.19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2012.07.19 10:43:15 | 001,936,352 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll MOD - [2012.07.19 10:43:15 | 000,162,784 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll MOD - [2012.07.19 10:43:15 | 000,021,984 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.04.11 08:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2009.04.11 08:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.19 10:17:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 10:53:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.06 14:34:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.22 02:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.08.26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.04.08 14:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.01.21 04:25:56 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.14 20:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120719.002\IDSvix86.sys -- (IDSVix86) DRV - [2012.05.24 11:56:54 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120719.021\NAVEX15.SYS -- (NAVEX15) DRV - [2012.05.24 11:56:54 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120719.021\NAVENG.SYS -- (NAVENG) DRV - [2012.05.16 06:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.05.16 06:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.11.15 01:34:51 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP) DRV - [2011.11.14 15:24:27 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.11.14 14:59:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.11.14 14:58:53 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA) DRV - [2011.11.14 14:58:53 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP) DRV - [2011.11.14 14:58:53 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011.11.14 14:58:53 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2011.09.22 02:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI) DRV - [2011.09.22 02:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symfw.sys -- (SYMFW) DRV - [2011.09.22 02:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symndisv.sys -- (SYMNDISV) DRV - [2011.05.13 19:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 19:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.01.20 23:18:24 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86) DRV - [2009.03.27 05:06:20 | 000,221,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R) DRV - [2008.11.21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.05.08 00:32:14 | 000,046,080 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.14 15:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.01.21 04:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006.12.20 02:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.11.15 01:46:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:17:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 10:43:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.14 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2012.05.03 17:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\9trg8q0u.default\extensions [2011.11.24 20:57:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\9trg8q0u.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.20 14:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.19 10:17:02 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.18 14:05:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 14:05:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.18 14:05:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 14:05:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 14:05:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 14:05:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.15 08:25:33 | 000,001,293 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3CCD675-AC9E-4AF6-A854-F8B199A96B74}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F99D4CA4-B33E-43CA-916F-8262137126C6}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.19 18:15:27 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\NPE [2012.07.17 20:08:16 | 000,133,120 | ---- | C] (DT Soft Ltd) -- C:\Users\Christoph\AppData\Roaming\rsckwi.dll [2012.07.17 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\xsecva [2012.07.17 17:29:24 | 000,000,000 | ---D | C] -- d:\Documents\My Digital Editions [2012.07.17 17:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.07.12 22:54:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Ibexe [2012.07.12 22:54:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Feegec [2012.07.12 22:54:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Deiv [2012.07.07 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery [2012.07.07 12:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery [2012.07.07 12:02:28 | 000,000,000 | ---D | C] -- d:\Desktop\JPEG Digital Camera [2012.07.05 12:56:01 | 000,000,000 | ---D | C] -- d:\Desktop\kühlschrank [2012.07.02 22:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.07.02 22:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP ========== Files - Modified Within 30 Days ========== [2012.07.20 14:14:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 14:14:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 14:14:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 14:14:15 | 3114,577,920 | -HS- | M] () -- C:\hiberfil.sys [2012.07.20 12:50:45 | 362,007,898 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.20 12:12:56 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable [2012.07.20 11:41:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.20 11:24:51 | 002,276,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.20 10:53:03 | 000,000,680 | ---- | M] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat [2012.07.19 19:04:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.19 17:37:11 | 000,004,128 | ---- | M] () -- d:\Documents\cc_20120719_173632.reg [2012.07.18 10:44:46 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.18 10:44:46 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.18 10:44:46 | 000,144,082 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.18 10:44:46 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.17 20:08:16 | 000,133,120 | ---- | M] (DT Soft Ltd) -- C:\Users\Christoph\AppData\Roaming\rsckwi.dll [2012.07.17 17:51:30 | 028,335,605 | ---- | M] () -- d:\Documents\Zwangsstörungen.xps [2012.07.17 17:30:22 | 001,352,460 | ---- | M] () -- C:\Users\Christoph\Zwangsstoerungen_verstehen_und_bewaeltigen.pdf [2012.07.17 17:29:04 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk [2012.07.17 12:36:54 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 15:19:16 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.07 12:38:04 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.07.06 19:19:14 | 000,000,928 | ---- | M] () -- C:\Windows\QANTIM.INI [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.02 22:52:47 | 000,000,600 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\winscp.rnd [2012.07.02 15:04:44 | 000,032,768 | ---- | M] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.29 13:18:37 | 000,173,406 | ---- | M] () -- d:\Desktop\museumsreisen-header.jpg [2012.06.28 17:58:24 | 000,857,319 | ---- | M] () -- d:\Desktop\museumsreisen-header.psd [2012.06.28 17:47:23 | 000,221,003 | ---- | M] () -- d:\Desktop\museumsreisen.jpg [2012.06.26 17:33:16 | 000,485,117 | ---- | M] () -- d:\Desktop\26.06.12 10-00-43.pdf ========== Files Created - No Company Name ========== [2012.07.20 14:14:15 | 3114,577,920 | -HS- | C] () -- C:\hiberfil.sys [2012.07.20 12:50:45 | 362,007,898 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.20 12:12:56 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable [2012.07.20 11:43:15 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\U\80000000.@ [2012.07.19 17:43:16 | 002,276,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.19 17:36:38 | 000,004,128 | ---- | C] () -- d:\Documents\cc_20120719_173632.reg [2012.07.18 10:51:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\L\00000004.@ [2012.07.17 17:49:15 | 028,335,605 | ---- | C] () -- d:\Documents\Zwangsstörungen.xps [2012.07.17 17:35:08 | 001,352,460 | ---- | C] () -- C:\Users\Christoph\Zwangsstoerungen_verstehen_und_bewaeltigen.pdf [2012.07.17 17:29:04 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk [2012.07.17 17:29:04 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk [2012.07.17 12:36:54 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.07 12:38:04 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD [2012.07.07 12:38:04 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.07.02 22:18:27 | 000,000,600 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\winscp.rnd [2012.06.28 17:51:25 | 000,173,406 | ---- | C] () -- d:\Desktop\museumsreisen-header.jpg [2012.06.28 17:51:09 | 000,857,319 | ---- | C] () -- d:\Desktop\museumsreisen-header.psd [2012.06.28 17:47:20 | 000,221,003 | ---- | C] () -- d:\Desktop\museumsreisen.jpg [2012.06.26 17:33:16 | 000,485,117 | ---- | C] () -- d:\Desktop\26.06.12 10-00-43.pdf [2012.06.13 15:39:10 | 000,000,928 | ---- | C] () -- C:\Windows\QANTIM.INI [2012.06.12 14:40:22 | 029,375,139 | ---- | C] () -- C:\Users\Christoph\Einladung Sommerfest7-7-12.psd [2012.06.08 14:51:04 | 000,188,551 | ---- | C] () -- C:\Users\Christoph\636x460design_01.jpg [2012.06.03 18:48:05 | 000,000,600 | ---- | C] () -- C:\Users\Christoph\AppData\Local\PUTTY.RND [2012.03.25 21:21:29 | 001,435,157 | ---- | C] () -- C:\Users\Christoph\24.03.jpg [2012.03.23 13:13:49 | 003,940,352 | ---- | C] () -- C:\Users\Christoph\neues layout.indd [2012.03.16 13:17:43 | 000,125,448 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.02.19 13:39:44 | 001,421,997 | ---- | C] () -- C:\Users\Christoph\DSCF0396.JPG [2012.02.19 13:39:44 | 001,406,314 | ---- | C] () -- C:\Users\Christoph\DSCF0394.JPG [2012.02.19 13:39:44 | 001,396,588 | ---- | C] () -- C:\Users\Christoph\DSCF0393.JPG [2012.02.19 13:39:44 | 001,389,626 | ---- | C] () -- C:\Users\Christoph\DSCF0395.JPG [2012.01.29 23:03:24 | 002,849,840 | ---- | C] () -- C:\Users\Christoph\chrischi.pdf [2012.01.28 14:10:06 | 000,907,445 | ---- | C] () -- C:\Users\Christoph\gerd.jpg [2012.01.28 12:42:14 | 025,227,501 | ---- | C] () -- C:\Users\Christoph\gerd.psd [2012.01.26 16:28:48 | 000,668,351 | ---- | C] () -- C:\Users\Christoph\Unbenannt-2.jpg [2012.01.26 16:28:27 | 000,089,896 | ---- | C] () -- C:\Users\Christoph\zahn_1.jpg [2012.01.22 01:05:31 | 000,273,297 | ---- | C] () -- C:\Users\Christoph\DSC04141klein.jpg [2012.01.18 16:23:46 | 000,089,896 | ---- | C] () -- C:\Users\Christoph\zahn.jpg [2012.01.18 16:13:43 | 044,978,308 | ---- | C] () -- C:\Users\Christoph\MVI_0075.mpeg [2012.01.12 13:41:48 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3275153b-358c-b00c-9979-e21d1f9a3644}\@ [2012.01.12 13:41:48 | 000,002,048 | -HS- | C] () -- C:\Users\Christoph\AppData\Local\{3275153b-358c-b00c-9979-e21d1f9a3644}\@ [2012.01.05 23:00:12 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012.01.05 19:27:42 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012.01.04 23:21:01 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.01.04 23:21:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.01.04 23:20:59 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.01.04 23:20:59 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.01.04 23:20:59 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2012.01.04 23:20:58 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.12.09 01:44:23 | 007,711,956 | ---- | C] () -- C:\Users\Christoph\Unbenannt-1.psd [2011.11.16 23:26:19 | 000,032,768 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.15 13:13:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.11.15 13:13:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.11.15 13:12:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.11.15 13:12:36 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.11.15 01:40:13 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.11.14 09:26:31 | 000,670,946 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.11.14 09:26:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.11.14 09:26:31 | 000,144,082 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.11.14 09:26:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.11.14 00:48:04 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011.11.14 00:48:04 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011.11.14 00:48:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2011.11.14 00:48:04 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2011.11.14 00:47:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2011.11.14 00:40:24 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat [2011.11.14 00:33:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat ========== LOP Check ========== [2012.06.20 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite [2012.07.12 22:55:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Deiv [2012.07.20 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Dropbox [2012.01.04 18:37:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoft [2011.11.24 20:57:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.13 01:38:15 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Feegec [2012.07.12 15:35:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\FileZilla [2011.11.14 00:54:43 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Hewlett Packard [2012.07.12 22:54:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Ibexe [2012.01.04 13:37:38 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\No Company Name [2012.03.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Nvu [2012.01.18 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\NWBVerlag [2011.11.14 21:24:47 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\R-TT [2012.06.03 19:16:37 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Seas0nPass [2011.11.16 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Sync App Settings [2011.11.14 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Thunderbird [2012.01.02 16:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\tigo-IT [2011.11.18 22:42:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\WindSolutions [2012.07.20 10:44:44 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\xsecva [2012.07.20 11:41:03 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Christoph\MVI_0075.mpeg:TOC.WMV < End of report > Anhang 38355 ICh würde mich über Hilfe freuen Geändert von fanny211 (20.07.2012 um 18:00 Uhr) |
| Themen zu Trojan.Gen.2 wird immer wieder von Norton Auto Protect erkannt |
| adobe, autorun, bho, bonjour, converter, desktop, explorer, firefox, flash player, format, ftp, helper, logfile, mozilla, mp3, plug-in, problem, programme, registry, scan, searchscopes, security, sekunden, software, symantec, trojan.gen.2, vista |
Baum-Darstellung