Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.Gen von Norton 360 beim Scan gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.05.2010, 15:31   #1
monaqo
 
Trojan.Gen von Norton 360 beim Scan gefunden - Standard

Trojan.Gen von Norton 360 beim Scan gefunden



Teil 2 , da im 1. Eintrag kein Platz mehr war:


und diese:


OTL Extras logfile created on: 07.05.2010 11:59:59 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 995,75 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as ***.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office Beta\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office Beta\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{de578cc4-2c4c-4f52-94e4-fce2211196e3}" = Nero 9 Essentials
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALchemy" = Creative ALchemy
"AndrewLabs ATSurround for Winamp" = AndrewLabs ATSurround for Winamp
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Biet-O-Matic v2.12.6" = Biet-O-Matic v2.12.6
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.03.02.00)
"Diagnostics 4_5" = Creative-Diagnose
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.1.0 11.1.0.***unknown variable buildnummer***" = ElsterFormular 11.1.0
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Host OpenAL" = Host OpenAL
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Miranda IM" = Miranda IM 0.8.22
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"N360" = Norton 360 Premier Edition
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pegasus Mail" = Pegasus Mail
"Pegasus Mail, Deutsche Komplettversion_is1" = Pegasus Mail v4.51 R1 (Deutsche Komplettversion)
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1492074147-2874995262-3330651375-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.04.2010 12:57:07 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16535,
Zeitstempel: 0x4b83889f Ausnahmecode: 0xc0000005 Fehleroffset: 0x002447c6 ID des fehlerhaften
Prozesses: 0x1e40 Startzeit der fehlerhaften Anwendung: 0x01cad5a848f11704 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 6e7b28ba-419d-11df-b18b-404e57434401

Error - 12.04.2010 04:09:03 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: IZArcCM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4aa0b172 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0bb4b2c0
ID
des fehlerhaften Prozesses: 0xe04 Startzeit der fehlerhaften Anwendung: 0x01cada106d8c3110
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
IZArcCM.dll Berichtskennung: a7eb4f2c-460a-11df-96ef-404e57434401

Error - 21.04.2010 11:32:26 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1530 Startzeit: 01cae11b5fc8ca58 Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

Error - 21.04.2010 11:42:36 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: IZArcCM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4aa0b172 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0ac9b2c0
ID
des fehlerhaften Prozesses: 0x5b8 Startzeit der fehlerhaften Anwendung: 0x01cae11a163b8e17
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
IZArcCM.dll Berichtskennung: 81ae1d5b-4d5c-11df-a064-404e57434401

Error - 22.04.2010 06:23:56 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17f0 Startzeit: 01cae1e5e5569e7a Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 32bbeb77-4df8-11df-95e6-404e57434401


Error - 23.04.2010 02:38:22 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 16c4 Startzeit: 01cae2ab84e6c904 Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

Error - 26.04.2010 02:28:28 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16535,
Zeitstempel: 0x4b83889f Ausnahmecode: 0xc0000005 Fehleroffset: 0x002447c6 ID des fehlerhaften
Prozesses: 0xffc Startzeit der fehlerhaften Anwendung: 0x01cae508a5085552 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: ec4d6deb-50fc-11df-ad04-404e57434401

Error - 26.04.2010 12:29:18 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: miranda32.exe, Version: 0.8.21.0,
Zeitstempel: 0x4bd0fc3d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c283b ID des fehlerhaften
Prozesses: 0x1324 Startzeit der fehlerhaften Anwendung: 0x01cae507361a93ce Pfad der
fehlerhaften Anwendung: C:\Program Files\Miranda IM\miranda32.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: dbef8337-5150-11df-ad04-404e57434401

Error - 28.04.2010 06:27:56 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1580 Startzeit: 01cae6984d5c7052 Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: af7a216e-52b0-11df-a095-404e57434401


Error - 28.04.2010 14:22:39 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bcb44 Name des fehlerhaften Moduls: T3APO32.dll, Version: 1.0.4.0,
Zeitstempel: 0x4993e8b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001bb75 ID des fehlerhaften
Prozesses: 0x155c Startzeit der fehlerhaften Anwendung: 0x01cae6ffbf01900e Pfad der
fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\T3APO32.dll Berichtskennung: 06b37a9a-52f3-11df-a1ae-404e57434401

[ Media Center Events ]
Error - 07.01.2010 11:50:25 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 16:50:16 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )

Error - 07.01.2010 12:50:47 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 17:50:43 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )

Error - 07.01.2010 13:51:10 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 18:51:06 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )

Error - 11.02.2010 11:56:39 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 16:55:11 - Directory konnte nicht abgerufen werden (Fehler: Invalid
security token.)

[ System Events ]
Error - 08.04.2010 03:22:22 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 08.04.2010 03:23:57 | Computer Name = *** | Source = DCOM | ID = 10010
Description =

Error - 08.04.2010 13:39:38 | Computer Name = *** | Source = DCOM | ID = 10010
Description =

Error - 09.04.2010 02:45:58 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 09.04.2010 02:45:58 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 10.04.2010 04:02:44 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10.04.2010 04:02:44 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11.04.2010 04:21:51 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11.04.2010 04:21:51 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11.04.2010 04:23:44 | Computer Name = *** | Source = DCOM | ID = 10010
Description =


< End of report >


-----------------------------------------------------------


Das ist das Ergebnis von HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:22:42, on 07.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\V0230Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\FRITZ!\IWatch.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\***\Desktop\OTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office Beta\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: An OneNote s&enden - res:///105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - h**p://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - h**p://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - h**p://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - h**ps://googleonline.webex.com/client/T26L/nbr/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 10557 bytes


-------------------------------------------


Schließlich hat Malwarebytes noch diese Logfile (mit neuen Trojaner) gebracht:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4073

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.05.2010 15:04:57
mbam-log-2010-05-07 (15-04-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 816495
Laufzeit: 2 Stunde(n), 45 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Winamp\Plugins\enc_wma.dll (Trojan.FakeAlert) -> No action taken.


---------------------------------------

Alt 07.05.2010, 15:32   #2
monaqo
 
Trojan.Gen von Norton 360 beim Scan gefunden - Standard

Trojan.Gen von Norton 360 beim Scan gefunden



Teil 2. da im 1. Eintrag kein Platz mehr war:



und diese:


OTL Extras logfile created on: 07.05.2010 11:59:59 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 995,75 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as ***.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office Beta\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office Beta\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{de578cc4-2c4c-4f52-94e4-fce2211196e3}" = Nero 9 Essentials
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALchemy" = Creative ALchemy
"AndrewLabs ATSurround for Winamp" = AndrewLabs ATSurround for Winamp
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Biet-O-Matic v2.12.6" = Biet-O-Matic v2.12.6
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.03.02.00)
"Diagnostics 4_5" = Creative-Diagnose
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.1.0 11.1.0.***unknown variable buildnummer***" = ElsterFormular 11.1.0
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Host OpenAL" = Host OpenAL
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Miranda IM" = Miranda IM 0.8.22
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"N360" = Norton 360 Premier Edition
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pegasus Mail" = Pegasus Mail
"Pegasus Mail, Deutsche Komplettversion_is1" = Pegasus Mail v4.51 R1 (Deutsche Komplettversion)
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1492074147-2874995262-3330651375-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.04.2010 12:57:07 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16535,
Zeitstempel: 0x4b83889f Ausnahmecode: 0xc0000005 Fehleroffset: 0x002447c6 ID des fehlerhaften
Prozesses: 0x1e40 Startzeit der fehlerhaften Anwendung: 0x01cad5a848f11704 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 6e7b28ba-419d-11df-b18b-404e57434401

Error - 12.04.2010 04:09:03 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: IZArcCM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4aa0b172 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0bb4b2c0
ID
des fehlerhaften Prozesses: 0xe04 Startzeit der fehlerhaften Anwendung: 0x01cada106d8c3110
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
IZArcCM.dll Berichtskennung: a7eb4f2c-460a-11df-96ef-404e57434401

Error - 21.04.2010 11:32:26 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1530 Startzeit: 01cae11b5fc8ca58 Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

Error - 21.04.2010 11:42:36 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: IZArcCM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4aa0b172 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0ac9b2c0
ID
des fehlerhaften Prozesses: 0x5b8 Startzeit der fehlerhaften Anwendung: 0x01cae11a163b8e17
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
IZArcCM.dll Berichtskennung: 81ae1d5b-4d5c-11df-a064-404e57434401

Error - 22.04.2010 06:23:56 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17f0 Startzeit: 01cae1e5e5569e7a Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 32bbeb77-4df8-11df-95e6-404e57434401


Error - 23.04.2010 02:38:22 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 16c4 Startzeit: 01cae2ab84e6c904 Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

Error - 26.04.2010 02:28:28 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16535,
Zeitstempel: 0x4b83889f Ausnahmecode: 0xc0000005 Fehleroffset: 0x002447c6 ID des fehlerhaften
Prozesses: 0xffc Startzeit der fehlerhaften Anwendung: 0x01cae508a5085552 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: ec4d6deb-50fc-11df-ad04-404e57434401

Error - 26.04.2010 12:29:18 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: miranda32.exe, Version: 0.8.21.0,
Zeitstempel: 0x4bd0fc3d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c283b ID des fehlerhaften
Prozesses: 0x1324 Startzeit der fehlerhaften Anwendung: 0x01cae507361a93ce Pfad der
fehlerhaften Anwendung: C:\Program Files\Miranda IM\miranda32.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: dbef8337-5150-11df-ad04-404e57434401

Error - 28.04.2010 06:27:56 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1580 Startzeit: 01cae6984d5c7052 Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: af7a216e-52b0-11df-a095-404e57434401


Error - 28.04.2010 14:22:39 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bcb44 Name des fehlerhaften Moduls: T3APO32.dll, Version: 1.0.4.0,
Zeitstempel: 0x4993e8b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001bb75 ID des fehlerhaften
Prozesses: 0x155c Startzeit der fehlerhaften Anwendung: 0x01cae6ffbf01900e Pfad der
fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\T3APO32.dll Berichtskennung: 06b37a9a-52f3-11df-a1ae-404e57434401

[ Media Center Events ]
Error - 07.01.2010 11:50:25 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 16:50:16 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )

Error - 07.01.2010 12:50:47 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 17:50:43 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )

Error - 07.01.2010 13:51:10 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 18:51:06 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )

Error - 11.02.2010 11:56:39 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 16:55:11 - Directory konnte nicht abgerufen werden (Fehler: Invalid
security token.)

[ System Events ]
Error - 08.04.2010 03:22:22 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 08.04.2010 03:23:57 | Computer Name = *** | Source = DCOM | ID = 10010
Description =

Error - 08.04.2010 13:39:38 | Computer Name = *** | Source = DCOM | ID = 10010
Description =

Error - 09.04.2010 02:45:58 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 09.04.2010 02:45:58 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 10.04.2010 04:02:44 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10.04.2010 04:02:44 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11.04.2010 04:21:51 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11.04.2010 04:21:51 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11.04.2010 04:23:44 | Computer Name = *** | Source = DCOM | ID = 10010
Description =


< End of report >


-----------------------------------------------------------


Das ist das Ergebnis von HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:22:42, on 07.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\V0230Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\FRITZ!\IWatch.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\***\Desktop\OTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office Beta\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: An OneNote s&enden - res:///105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office Beta\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - h**p://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - h**p://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - h**p://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - h**ps://googleonline.webex.com/client/T26L/nbr/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 10557 bytes


-------------------------------------------


Schließlich hat Malwarebytes noch diese Logfile (mit neuen Trojaner) gebracht:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4073

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.05.2010 15:04:57
mbam-log-2010-05-07 (15-04-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 816495
Laufzeit: 2 Stunde(n), 45 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Winamp\Plugins\enc_wma.dll (Trojan.FakeAlert) -> No action taken.


---------------------------------------
__________________


Alt 09.05.2010, 10:28   #3
monaqo
 
Trojan.Gen von Norton 360 beim Scan gefunden - Standard

Trojan.Gen von Norton 360 beim Scan gefunden



Hallo,

nach einigen Wochen habe ich mal wieder einen kompletten Systemscan von Norton 360 auf Windows 7 32Bit durchführen lassen. Dabei wurden die nachfolgenden 3 Trojaner erkannt und in die Quarantäne isoliert. Da ich nicht weiß, wie lange diese schon auf dem Rechner sind und ob sie schon Schaden angerichtet haben (Passwörter mitgeloggt, etc.?), lässt mich die Situation nicht ruhig schlafen.
Kann man feststellen, was bereits passiert ist und ob jetzt noch Gefahr besteht bzw. wo die Infektionen herkamen?

Windows 7 bei Norton 360 Systemscan:

Trojan.Gen erkannt von Virenscanner Norton 360 / Status isoliert / Behoben-Keine Aktion

[appletx.class] in [c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\24\14903018-24f964b]

[px.class] in [c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\24\14903018-24f964b]

und

Trojan.ByteVerify erkannt von Virenscanner Norton 360 / Status isoliert / Behoben-Keine Aktion

[loaderx.class] in [c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\24\14903018-24f964b]


Alle 3 Trojaner sind jetzt in der Norton Quarantäne und es werden nun keine Infektionen mehr von Norton 360 erkannt.

In den letzten Tage konnte ich öfters keine RECHTE MAUS FUNKTION auf dem Desktop mehr ausführen und machmal konnte Pegasus Mail keine Post mehr vom Server abholen. Kann Zufall sein, das dies vorher auch ab und an passierte, aber ist merkwürdig. Nach Neustart ist immer wieder alles OK.

OTL hat diese Dateien geliefert:

OTL logfile created on: 07.05.2010 11:59:59 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 995,75 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as ***.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.07 11:22:55 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2009.11.10 15:05:21 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.09 11:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.10.01 22:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2009.10.01 22:32:04 | 002,596,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe
PRC - [2009.09.21 21:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.08.19 21:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.21 20:29:16 | 000,096,824 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.01.13 04:07:04 | 000,341,296 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe
PRC - [2008.06.03 12:25:38 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\Ir.exe
PRC - [2006.09.07 02:01:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0230Mon.exe


========== Modules (SafeList) ==========

MOD - [2010.05.07 11:22:55 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2009.07.20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.07.14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.11.10 15:05:21 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009.11.09 17:51:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009.11.09 17:48:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009.11.02 14:50:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.10.29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office Beta\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.10.01 22:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009.09.26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.21 21:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009.09.21 21:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.21 20:29:16 | 000,096,824 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010.02.03 11:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.02.03 11:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVENG.SYS -- (NAVENG)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.10 15:05:51 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.11.10 15:05:23 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009.11.10 15:05:23 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.11.10 15:05:23 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009.11.10 15:05:23 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.11.10 15:05:23 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.11.10 15:05:22 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009.11.10 15:05:22 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009.11.10 15:05:22 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.11.10 15:05:22 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009.11.09 19:36:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.11.09 19:36:56 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009.10.13 03:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009.10.01 23:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.23 03:18:07 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009.09.21 21:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.09.21 21:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009.09.21 21:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:54 | 000,559,104 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.02 18:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.05.06 03:35:16 | 000,413,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\t3.sys -- (t3)
DRV - [2008.01.19 20:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount)
DRV - [2007.08.07 02:03:00 | 000,509,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0230VID.sys -- (V0230VID)
DRV - [2006.03.24 02:00:00 | 000,006,272 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0230Vfx.sys -- (V0230Vfx)
DRV - [2005.09.14 18:01:00 | 000,824,512 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcwPVRP2.sys -- (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
IE - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 19 27 A4 B9 5B CA 01 [binary data]
IE - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.27 08:58:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office Beta\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office Beta\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office Beta\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office Beta\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office Beta\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office Beta\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office Beta\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office Beta\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1492074147-2874995262-3330651375-1001\..Trusted Ranges: Range1 ([h**ps] in Vertrauenswürdige Sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} h**p://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h**p://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} h**p://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} h**p://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} h**p://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} h**p://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} h**ps://googleonline.webex.com/client/T26L/nbr/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office Beta\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.05.07 11:22:48 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.04.28 07:56:54 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.28 07:56:54 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.04.26 14:04:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Google Earth Dateien
[2010.04.26 12:03:33 | 100,024,672 | ---- | C] (Symantec Corporation) -- C:\Users\***\Desktop\N360-PREMIER-ESD-17-5-0-127-GE.exe
[2010.04.26 11:46:40 | 000,000,000 | R--D | C] -- C:\Programme\Norton Support
[2010.04.21 08:17:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.20 21:09:32 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.04.20 21:09:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.20 21:09:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.20 21:09:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.16 09:04:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bildpartner_schnittstelle_v2a
[2010.04.16 08:59:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bildpartner_coppermine
[2010.04.15 09:22:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\gastro
[2010.04.14 08:38:17 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 08:38:17 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 08:38:12 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.12 13:08:08 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\christop20-einsatz
[2010.04.04 10:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.04 10:24:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.04.01 07:58:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.31 08:58:19 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 08:58:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 08:58:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.30 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\VirtueMart_1.1.4-COMPLETE_PACKAGE.j15
[2010.03.25 14:48:40 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\1und1
[2010.03.22 21:59:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\presse-ankündigungen
[2010.03.22 21:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\hallesche
[2010.03.19 14:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.03.19 14:57:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Kaspersky Lab
[2010.03.05 11:31:07 | 009,416,616 | ---- | C] (PortableApps.com) -- C:\Users\***\Desktop\FirefoxPortable_3.6_German.paf.exe
[2010.02.24 09:08:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.02.24 09:08:01 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.02.24 09:08:01 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.02.24 09:08:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.02.24 09:08:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.02.24 09:07:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.15 19:13:52 | 000,000,000 | ---D | C] -- C:\PMAIL
[2010.02.10 08:51:28 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.10 08:51:28 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.10 08:51:28 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.10 08:51:23 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.10 08:51:22 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.10 08:51:22 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.10 08:51:22 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.10 08:51:22 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.10 08:51:22 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.10 08:51:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.10 08:51:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.05.07 12:00:36 | 003,407,872 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.05.07 11:37:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.07 11:22:55 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.07 11:02:04 | 000,015,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.07 11:02:04 | 000,015,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.07 08:58:09 | 000,649,012 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.07 08:58:09 | 000,610,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.07 08:58:09 | 000,127,832 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.07 08:58:09 | 000,104,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.07 08:58:08 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.07 08:52:14 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.07 08:51:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.07 08:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.07 08:51:51 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.06 22:51:08 | 009,377,264 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.01 09:41:25 | 000,000,988 | ---- | M] () -- C:\Users\***\Desktop\Miranda IM.lnk
[2010.04.29 20:39:21 | 000,034,265 | ---- | M] () -- C:\Users\***\Desktop\2009-05-26.pdf
[2010.04.27 16:37:44 | 000,279,201 | ---- | M] () -- C:\Users\***\Desktop\Invoice_32917181557.pdf
[2010.04.26 17:20:18 | 020,155,392 | ---- | M] () -- C:\Users\***\Desktop\FLARM_basic_presentation_de.ppt
[2010.04.26 17:06:06 | 001,265,152 | ---- | M] () -- C:\Users\***\Desktop\flarm_funktionsweise2007_11_27ueli.ppt
[2010.04.26 14:02:15 | 000,001,410 | ---- | M] () -- C:\Users\***\Documents\Eigene Dateien.lnk
[2010.04.26 12:03:33 | 100,024,672 | ---- | M] (Symantec Corporation) -- C:\Users\***\Desktop\N360-PREMIER-ESD-17-5-0-127-GE.exe
[2010.04.16 09:22:40 | 003,291,829 | ---- | M] () -- C:\Users\***\Desktop\localhost.sql-160410.zip
[2010.04.13 13:21:10 | 001,775,153 | ---- | M] () -- C:\Users\***\Desktop\***pics-localhost.sql.zip
[2010.04.13 13:20:32 | 019,236,119 | ---- | M] () -- C:\Users\***\Desktop\***pics-localhost.sql
[2010.04.12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.04.07 09:01:09 | 000,312,955 | ---- | M] () -- C:\Users\***\Desktop\belboon_Publisher_Manual_Voucher-codes.pdf
[2010.04.07 08:59:54 | 000,053,686 | ---- | M] () -- C:\Users\***\Desktop\o2-Ansprechpartner.pdf
[2010.03.31 16:23:40 | 000,067,117 | ---- | M] () -- C:\Users\***\Desktop\xing-datenschutz.pdf
[2010.03.31 16:22:06 | 000,173,793 | ---- | M] () -- C:\Users\***\Desktop\xing-agb.pdf
[2010.03.30 13:26:16 | 001,384,090 | ---- | M] () -- C:\Users\***\Desktop\o2-talkline.pdf
[2010.03.29 19:36:17 | 000,261,224 | ---- | M] () -- C:\Users\***\Desktop\talkplus_mobilfunkantrag.pdf
[2010.03.26 20:52:27 | 000,813,112 | ---- | M] () -- C:\Users\***\Desktop\priceTag.pdf
[2010.03.20 09:07:55 | 000,179,576 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.19 08:33:27 | 000,683,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.03.16 09:05:00 | 000,745,031 | ---- | M] () -- C:\Users\***\Desktop\03_steuern.pdf
[2010.03.12 13:36:15 | 001,027,584 | ---- | M] () -- C:\Users\***\Desktop\VE Pocksparkplatz, Var.10-03-01, DIN A 3.pdf
[2010.03.08 23:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.03.05 11:31:07 | 009,416,616 | ---- | M] (PortableApps.com) -- C:\Users\***\Desktop\FirefoxPortable_3.6_German.paf.exe
[2010.03.04 10:48:50 | 000,000,830 | ---- | M] () -- C:\Windows\win.ini
[2010.02.28 17:17:04 | 000,001,287 | ---- | M] () -- C:\Users\***\Desktop\WSPING32.lnk
[2010.02.27 14:07:48 | 003,954,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.02.27 14:07:48 | 003,899,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.02.24 11:35:19 | 000,000,061 | ---- | M] () -- C:\Windows\URLPROXY.INI
[2010.02.24 11:35:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.02.24 11:35:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.02.23 09:55:45 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.02.23 09:55:43 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.02.23 09:55:20 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.02.20 10:28:50 | 000,024,576 | ---- | M] () -- C:\Users\***\Desktop\Bewohner der oberen Stadt planen ein Altstadtfest.doc
[2010.02.15 19:12:21 | 000,009,326 | ---- | M] () -- C:\Windows\unins000.dat
[2010.02.15 19:10:03 | 000,981,059 | ---- | M] () -- C:\Windows\unins000.exe
[2010.02.11 11:49:27 | 000,010,231 | ---- | M] () -- C:\Users\***\***.pfx
[2010.02.11 09:10:14 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.29 20:39:21 | 000,034,265 | ---- | C] () -- C:\Users\***\Desktop\2009-05-26.pdf
[2010.04.27 16:37:43 | 000,279,201 | ---- | C] () -- C:\Users\***\Desktop\Invoice_32917181557.pdf
[2010.04.26 17:03:37 | 020,155,392 | ---- | C] () -- C:\Users\***\Desktop\FLARM_basic_presentation_de.ppt
[2010.04.26 17:03:37 | 001,265,152 | ---- | C] () -- C:\Users\***\Desktop\flarm_funktionsweise2007_11_27ueli.ppt
[2010.04.16 09:22:35 | 003,291,829 | ---- | C] () -- C:\Users\***\Desktop\localhost.sql-160410.zip
[2010.04.13 13:21:08 | 001,775,153 | ---- | C] () -- C:\Users\***\Desktop\***pics-localhost.sql.zip
[2010.04.13 13:20:32 | 019,236,119 | ---- | C] () -- C:\Users\***\Desktop\***pics-localhost.sql
[2010.04.07 09:01:09 | 000,312,955 | ---- | C] () -- C:\Users\***\Desktop\belboon_Publisher_Manual_Voucher-codes.pdf
[2010.04.07 08:59:54 | 000,053,686 | ---- | C] () -- C:\Users\***\Desktop\o2-Ansprechpartner.pdf
[2010.03.31 16:23:39 | 000,067,117 | ---- | C] () -- C:\Users\***\Desktop\xing-datenschutz.pdf
[2010.03.31 16:22:05 | 000,173,793 | ---- | C] () -- C:\Users\***\Desktop\xing-agb.pdf
[2010.03.30 13:26:16 | 001,384,090 | ---- | C] () -- C:\Users\***\Desktop\o2-talkline.pdf
[2010.03.29 19:36:08 | 000,261,224 | ---- | C] () -- C:\Users\***\Desktop\talkplus_mobilfunkantrag.pdf
[2010.03.26 20:50:00 | 000,813,112 | ---- | C] () -- C:\Users\***\Desktop\priceTag.pdf
[2010.03.16 09:05:00 | 000,745,031 | ---- | C] () -- C:\Users\***\Desktop\03_steuern.pdf
[2010.03.12 13:36:15 | 001,027,584 | ---- | C] () -- C:\Users\***\Desktop\VE Pocksparkplatz, Var.10-03-01, DIN A 3.pdf
[2010.02.28 17:17:04 | 000,001,287 | ---- | C] () -- C:\Users\***\Desktop\WSPING32.lnk
[2010.02.24 11:35:19 | 000,000,061 | ---- | C] () -- C:\Windows\URLPROXY.INI
[2010.02.24 11:35:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.02.24 11:35:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.02.20 10:28:50 | 000,024,576 | ---- | C] () -- C:\Users\***\Desktop\Bewohner der oberen Stadt planen ein Altstadtfest.doc
[2010.02.15 19:12:18 | 000,981,059 | ---- | C] () -- C:\Windows\unins000.exe
[2010.02.15 19:12:18 | 000,009,326 | ---- | C] () -- C:\Windows\unins000.dat
[2010.02.11 11:49:16 | 000,010,231 | ---- | C] () -- C:\Users\***\***.pfx
[2009.12.06 17:23:14 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.11.05 16:00:16 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2009.11.05 15:59:49 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.11.05 15:59:31 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.05 15:59:30 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.11.05 15:59:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.11.05 15:59:12 | 000,002,174 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.11.04 14:41:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.03 22:08:56 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2009.11.02 14:49:58 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.11.02 14:49:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.08.26 06:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2009.08.03 17:14:04 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2009.07.15 09:22:48 | 000,032,914 | ---- | C] () -- C:\Windows\System32\t3.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.01.14 03:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009.01.14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009.01.14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009.01.14 03:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009.01.14 03:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009.01.14 03:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009.01.14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009.01.14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009.01.14 03:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009.01.05 16:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2006.10.11 13:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2002.09.23 15:11:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwXDS.dll

========== LOP Check ==========

[2010.02.07 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2010.04.26 12:02:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2010.01.22 16:59:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2009.11.11 09:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2010.05.06 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.11.12 10:38:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2009.11.05 17:11:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2009.11.03 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.01.08 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2010.02.04 08:58:57 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
__________________

Alt 09.05.2010, 13:32   #4
monaqo
 
Trojan.Gen von Norton 360 beim Scan gefunden - Standard

Trojan.Gen von Norton 360 beim Scan gefunden



Sorry, Eintrag #2 wurde irrtümlich nochmals aufgelistet (ist aber identisch mit Eintrag #1 - ich kann's aber nicht mehr löschen)

Ich habe hier noch das Ergebnis vom ComboFix, vielleicht kann mir jetzt ja jemand helfen, ob ich noch gefährdet bin bzw. was der Trojaner vorher angerichtet haben könnte:




ComboFix 10-05-08.02 - *** 09.05.2010 10:43:55.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3327.2195 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2010-04-09 bis 2010-05-09 ))))))))))))))))))))))))))))))
.

2010-05-09 08:51 . 2010-05-09 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-07 16:37 . 2010-05-07 16:37 -------- d-----w- c:\program files\CCleaner
2010-05-07 10:18 . 2010-05-07 10:18 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-05-07 10:17 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 10:17 . 2010-05-07 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 10:17 . 2010-05-07 10:17 -------- d-----w- c:\programdata\Malwarebytes
2010-05-07 10:17 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 10:09 . 2010-05-07 10:09 388096 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-07 10:09 . 2010-05-07 10:09 -------- d-----w- c:\program files\Trend Micro
2010-04-28 05:56 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 05:56 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 05:56 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-26 09:46 . 2010-04-26 09:46 -------- d-----r- c:\program files\Norton Support
2010-04-21 06:17 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-20 19:09 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 06:38 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:38 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:38 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 06:38 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:38 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:38 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:35 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 06:35 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 08:40 . 2009-11-03 12:16 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-05-09 08:20 . 2009-11-03 12:19 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-05-08 11:34 . 2009-10-30 15:03 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 11:35 . 2009-11-03 09:29 -------- d-----w- c:\users\***\AppData\Roaming\FileZilla
2010-05-07 06:58 . 2009-07-14 08:47 649012 ----a-w- c:\windows\system32\perfh007.dat
2010-05-07 06:58 . 2009-07-14 08:47 127832 ----a-w- c:\windows\system32\perfc007.dat
2010-05-06 10:31 . 2009-11-03 15:46 -------- d-----w- c:\users\***\AppData\Roaming\ZoomBrowser EX
2010-05-06 10:30 . 2009-11-03 15:42 -------- d-----w- c:\programdata\ZoomBrowser
2010-04-26 10:04 . 2009-12-06 15:23 -------- d-----w- c:\program files\Biet-O-Matic
2010-04-26 10:02 . 2009-12-06 15:23 -------- d-----w- c:\users\***\AppData\Roaming\BOM
2010-04-20 19:09 . 2009-11-10 12:05 -------- d-----w- c:\program files\Java
2010-04-16 06:38 . 2009-11-03 16:22 -------- d-----w- c:\program files\Google
2010-04-07 19:46 . 2009-11-05 13:57 -------- d-----w- c:\program files\WinTV
2010-04-04 08:24 . 2010-04-04 08:24 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 07:41 . 2009-11-03 12:16 -------- d-----r- c:\program files\Skype
2010-04-01 05:58 . 2010-04-01 05:58 -------- d-----w- c:\program files\Common Files\Skype
2010-03-26 12:30 . 2009-11-03 09:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-03-20 07:07 . 2009-11-03 15:47 179576 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-19 12:57 . 2010-03-19 12:57 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-23 07:56 . 2010-03-31 06:58 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 15:42 . 2009-11-12 15:46 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpot light\SpotlightResources.dll
2010-02-15 17:12 . 2010-02-15 17:12 9326 ----a-w- c:\windows\unins000.dat
2010-02-15 17:10 . 2010-02-15 17:12 981059 ----a-w- c:\windows\unins000.exe
2010-02-12 16:41 . 2010-04-27 06:58 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\Wi nMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"BCSSync"="c:\program files\Microsoft Office Beta\Office14\BCSSync.exe" [2009-09-26 83312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-3 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-02 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-11-09 79360]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office Beta\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2007-08-07 509760]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcux d.sys [2009-09-23 12800]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYME FA.SYS [2009-11-10 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86 .sys [2009-11-10 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx8 6.sys [2009-11-10 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100505.001\IDSvix 86.sys [2009-10-28 343088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [2009-11-10 117640]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2009-07-13 64000]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-11-09 102448]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys [2009-07-13 559104]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 46192]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV .SYS [2009-11-10 48688]
S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-21 1964528]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 413208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 16:22]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 16:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: An OneNote s&enden - /105
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(6032)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\System32\npmproxy.dll
.
Zeit der Fertigstellung: 2010-05-09 10:53:33
ComboFix-quarantined-files.txt 2010-05-09 08:53

Vor Suchlauf: 12 Verzeichnis(se), 1.077.493.534.720 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 1.077.427.245.056 Bytes frei

- - End Of File - - 4789107C96782E9DFA4F75664909C771

Antwort

Themen zu Trojan.Gen von Norton 360 beim Scan gefunden
audacity, audiodg.exe, browser, defender, desktop, diagnostics, error, explorer, firefox, format, fritz!, gupdate, hotkey, install.exe, intrusion prevention, location, logfile, malwarebytes' anti-malware, maus, media center, microsoft, microsoft office word, mozilla, neustart, ntdll.dll, nvidia, object, office 2007, oldtimer, programme, registry, saver, scan, security, security update, senden, server, shell32.dll, symantec, trojan.gen, trojaner, windows, wmp



Ähnliche Themen: Trojan.Gen von Norton 360 beim Scan gefunden


  1. WIN 7: Trojan.DNSChanger beim Routinecheck gefunden
    Log-Analyse und Auswertung - 22.06.2015 (22)
  2. 5 Viren beim Scan gefunden
    Log-Analyse und Auswertung - 18.02.2015 (7)
  3. Beim Scan diverse Trojaner gefunden Rotbrowse, Rotbrow.A, BProtector, System läuft extrem langsam und Programme bzw IE stürzen regelmäßig ab
    Log-Analyse und Auswertung - 14.10.2014 (5)
  4. Trojan ADH.2 gefunden, Norton 360
    Log-Analyse und Auswertung - 03.06.2014 (9)
  5. Windows 7: Fedpol CH Trojaner, Norton hängt sich auf beim Scanen, langsamer beim Browsen.
    Log-Analyse und Auswertung - 11.01.2014 (7)
  6. Muttis PC: Häufige Meldung ''Server ausgelastet'' - Nach Scan: Trojan.ransom.fgen gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (9)
  7. Windows 7: TR/Dropper.gen beim Avira-Scan gefunden
    Log-Analyse und Auswertung - 31.08.2013 (11)
  8. TR/SPY.TBot Dateien beim vollständigen Scan gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (6)
  9. TR/Bublik.i.5 von Antivir gefunden Malwarebytes scan: Trojan.zbot
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (13)
  10. Avira hat beim letzten scan eine änderung in der registry gefunden
    Log-Analyse und Auswertung - 20.02.2013 (4)
  11. Trojaner und Viren beim Avira Scan gefunden und in Quarantäne gesetzt
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (38)
  12. Avira hat Trojaner gefunden beim Malwarebytes scan..
    Log-Analyse und Auswertung - 22.05.2012 (6)
  13. amty (worm.Autorun) und csrcs.exe(Trojan.Agent) bei einem routine-Scan von MBAM gefunden
    Log-Analyse und Auswertung - 21.04.2012 (16)
  14. Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden
    Log-Analyse und Auswertung - 23.01.2012 (21)
  15. Adware.Webprefix von Norton Sec. Scan gefunden
    Log-Analyse und Auswertung - 07.07.2007 (3)
  16. wintime.exe und mastaks2.exe von a² squared beim scan gefunden. Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 18.04.2006 (7)
  17. Trojan.Win32.StartPage.gv, von Norton nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.11.2004 (2)

Zum Thema Trojan.Gen von Norton 360 beim Scan gefunden - Teil 2 , da im 1. Eintrag kein Platz mehr war: und diese: OTL Extras logfile created on: 07.05.2010 11:59:59 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder - Trojan.Gen von Norton 360 beim Scan gefunden...
Archiv
Du betrachtest: Trojan.Gen von Norton 360 beim Scan gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.