|
Log-Analyse und Auswertung: Norton Antivirus hat den Trojaner Trojan.Gen.2 entdecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.07.2014, 14:52 | #1 |
| Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Hallo, Norton Antivirus hat heute bei einem Komplettscan den Trojaner Trojan.Gen.2 entdeckt. Er befindet sich scheinbar in einer Downlaod-Datei eines Spiels, das ich schon seit Jahren nicht gespielt habe. Mich wundert, dass dieser Trojaner beim letzten Scan vor einem Monat nicht entdeckt wurde. Seit meinem Umzug vor drei Wochen "zuckt" mein Röhren-Monitor hin und wieder an den Rändern. Ich frage mich inzwischen, ob das auch etwas mit einem Virus zu tun haben kann oder ein technisches Problem ist. Vorab vielen Dank für die Hilfe und hier die gewünschten Dateien: Deffoger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:15 on 20/07/2014 (Lupus) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014 Ran by Lupus (administrator) on LPC on 20-07-2014 15:17:58 Running from C:\Users\Lupus\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Disc Soft Ltd) D:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ACD Systems, Ltd.) C:\Users\Lupus\Desktop\ACDSEE32.EXE (ACD Systems, Ltd.) C:\Users\Lupus\Desktop\ACDSEE32.EXE () C:\Users\Lupus\Desktop\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [RoccatIskuFX] => C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe [540672 2013-09-14] (ROCCAT GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-21-1672385247-993459233-2920463174-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation) HKU\S-1-5-21-1672385247-993459233-2920463174-1000\...\Run: [DAEMON Tools Ultra Agent] => D:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3195096 2014-02-12] (Disc Soft Ltd) AppInit_DLLs: => File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x882830E91581CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> D:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 FireFox: ======== FF ProfilePath: C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default FF NewTab: about:blank FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @innoplus.de/ino3DViewer - D:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - D:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Ant Video Downloader - C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\Extensions\anttoolbar@ant.com [2014-05-14] FF Extension: Free Download Manager plugin - C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-14] FF Extension: Flash and Video Download - C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-07-16] FF Extension: ImageHost Grabber - C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2012-03-13] FF Extension: anonymoX - C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\Extensions\client@anonymox.net.xpi [2014-04-08] FF Extension: GMX MailCheck - C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\Extensions\toolbar@gmx.net.xpi [2011-12-21] FF Extension: DownThemAll! - C:\Users\Lupus\AppData\Roaming\Mozilla\Firefox\Profiles\ji0mq7c7.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-11-01] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-18] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn [2014-07-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF [2013-10-09] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3647992 2014-05-14] (devolo AG) R3 Disc Soft Bus Service; D:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [753880 2014-02-12] (Disc Soft Ltd) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-24] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-11-24] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia) R2 TeamViewer8; D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5087584 2013-10-01] (TeamViewer GmbH) ==================== Drivers (Whitelisted) ==================== R3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-10-03] () R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-03-30] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20140718.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-10-03] () R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20140719.001\ENG64.SYS [126040 2014-04-28] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20140719.001\EX64.SYS [2099288 2014-04-28] (Symantec Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-20 15:17 - 2014-07-20 15:18 - 00016862 _____ () C:\Users\Lupus\Desktop\FRST.txt 2014-07-20 15:17 - 2014-07-20 15:17 - 00000000 ____D () C:\FRST 2014-07-20 15:16 - 2014-07-20 15:16 - 02089984 _____ (Farbar) C:\Users\Lupus\Desktop\FRST64.exe 2014-07-20 15:15 - 2014-07-20 15:15 - 00000472 _____ () C:\Users\Lupus\Desktop\defogger_disable.log 2014-07-20 15:15 - 2014-07-20 15:15 - 00000000 _____ () C:\Users\Lupus\defogger_reenable 2014-07-20 15:14 - 2014-07-20 15:14 - 00050477 _____ () C:\Users\Lupus\Desktop\Defogger.exe 2014-07-20 11:46 - 2014-07-20 11:46 - 00000000 ___RD () C:\Users\Lupus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-07-13 18:08 - 2014-07-13 19:26 - 00000000 ____D () C:\Users\Lupus\Desktop\Bilder von S4 2014-07-12 21:12 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-12 21:12 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-12 21:12 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-12 21:12 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-12 21:12 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-12 21:12 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-12 21:12 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-12 21:12 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-12 21:12 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-12 21:12 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-12 21:12 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-12 21:12 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-12 21:12 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-12 21:12 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-12 21:12 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-12 21:12 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-12 21:12 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-12 21:12 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-12 21:12 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-12 21:12 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-12 21:12 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-12 21:12 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-12 21:12 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-12 21:12 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-12 21:12 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-12 21:12 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-12 21:12 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-12 21:12 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-12 21:12 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-12 21:12 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-12 21:12 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-12 21:12 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-12 21:12 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-12 21:12 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-12 21:12 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-12 21:12 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-12 21:12 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-12 21:12 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-12 21:12 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-12 21:12 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-12 21:12 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-12 21:12 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-12 21:12 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-12 21:12 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-12 21:12 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-12 21:12 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-12 21:12 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-12 21:12 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-12 21:12 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-12 21:12 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-12 21:12 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-12 21:12 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-12 21:12 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-12 21:12 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-12 21:12 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-12 21:12 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-12 21:11 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-12 21:11 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-12 21:11 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-12 21:11 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-12 21:11 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-12 21:11 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-12 21:11 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-12 21:11 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-12 21:11 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-12 21:11 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-12 21:11 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-12 21:11 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-12 21:11 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-12 21:11 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-12 21:11 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-12 21:11 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-12 21:11 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-12 21:11 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-12 21:11 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-12 21:11 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-12 21:11 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-12 21:11 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-12 21:11 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-12 21:08 - 2014-07-12 21:08 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-06-27 23:14 - 2014-06-27 23:14 - 00000222 _____ () C:\Users\Lupus\Desktop\Banished.url ==================== One Month Modified Files and Folders ======= 2014-07-20 15:18 - 2014-07-20 15:17 - 00016862 _____ () C:\Users\Lupus\Desktop\FRST.txt 2014-07-20 15:17 - 2014-07-20 15:17 - 00000000 ____D () C:\FRST 2014-07-20 15:16 - 2014-07-20 15:16 - 02089984 _____ (Farbar) C:\Users\Lupus\Desktop\FRST64.exe 2014-07-20 15:15 - 2014-07-20 15:15 - 00000472 _____ () C:\Users\Lupus\Desktop\defogger_disable.log 2014-07-20 15:15 - 2014-07-20 15:15 - 00000000 _____ () C:\Users\Lupus\defogger_reenable 2014-07-20 15:15 - 2011-10-02 15:54 - 00000000 ____D () C:\Users\Lupus 2014-07-20 15:14 - 2014-07-20 15:14 - 00050477 _____ () C:\Users\Lupus\Desktop\Defogger.exe 2014-07-20 14:53 - 2012-07-30 16:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-20 14:07 - 2012-02-25 17:04 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-20 11:54 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-20 11:54 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-20 11:50 - 2013-10-28 18:47 - 01797915 _____ () C:\Windows\WindowsUpdate.log 2014-07-20 11:50 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-07-20 11:50 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-07-20 11:50 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-20 11:46 - 2014-07-20 11:46 - 00000000 ___RD () C:\Users\Lupus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-07-20 11:46 - 2013-10-29 08:01 - 00124406 _____ () C:\Windows\setupact.log 2014-07-20 11:46 - 2011-10-02 17:22 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-20 11:46 - 2011-10-02 16:36 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2014-07-20 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-16 21:21 - 2011-10-27 21:34 - 00000000 ____D () C:\Users\Lupus\AppData\Local\CrashDumps 2014-07-16 20:43 - 2013-09-14 16:40 - 00000000 ____D () C:\Users\Lupus\AppData\Roaming\vlc 2014-07-15 19:26 - 2011-10-05 18:29 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI 2014-07-13 19:26 - 2014-07-13 18:08 - 00000000 ____D () C:\Users\Lupus\Desktop\Bilder von S4 2014-07-13 12:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-13 09:53 - 2012-07-30 16:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-13 09:53 - 2012-04-04 22:46 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-13 09:53 - 2011-10-03 12:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-12 21:28 - 2009-07-14 06:45 - 00374328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-12 21:27 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-12 21:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-12 21:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-12 21:13 - 2013-07-15 18:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-12 21:12 - 2011-10-02 16:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-12 21:08 - 2014-07-12 21:08 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-07-12 21:08 - 2013-09-22 12:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-12 21:08 - 2011-10-02 16:43 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-07-12 21:08 - 2011-10-02 16:43 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-06-27 23:14 - 2014-06-27 23:14 - 00000222 _____ () C:\Users\Lupus\Desktop\Banished.url 2014-06-20 22:14 - 2014-07-12 21:12 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 21:39 - 2014-07-12 21:12 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll Some content of TEMP: ==================== C:\Users\Lupus\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Lupus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Lupus\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Lupus\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Lupus\AppData\Local\Temp\nvStInst.exe C:\Users\Lupus\AppData\Local\Temp\vlc-2.1.1-win64.exe C:\Users\Lupus\AppData\Local\Temp\vlc-2.1.2-win64.exe C:\Users\Lupus\AppData\Local\Temp\vlc-2.1.4-win64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-20 10:06 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014 Ran by Lupus at 2014-07-20 15:18:14 Running from C:\Users\Lupus\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden 3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.220 - INNOVA-engineering GmbH) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ACD Product-Security-Vulnerability Update (HKLM-x32\...\{FA89C3ED-8EC5-457F-A31C-AE208C1CF024}) (Version: 1.0.0 - ACD Systems) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications) Boris Graffiti (HKLM-x32\...\{262BF2CD-601D-4F43-919C-4B00B1D1F338}) (Version: 5.20.200 - Boris FX, Inc.) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MG5200 series Benutzerregistrierung (HKLM-x32\...\Canon MG5200 series Benutzerregistrierung) (Version: - ) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Corel Paint Shop Pro X (HKLM-x32\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.01 - Corel Inc) DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.2.0.0226 - Disc Soft Ltd) devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.2.0 - devolo AG) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts) Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts) Dream Pinball 3D (HKLM-x32\...\Dream Pinball 3D) (Version: 1.10 - TopWare Interactive Inc.) FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser) FMRTE 13.3.3.62 (HKLM\...\{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1) (Version: 13.3.3.62 - Raul Bravo) FolderVisualizer (HKLM-x32\...\FolderVisualizer_is1) (Version: 2013 - Abelssoft) Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version: - Sports Interactive) Free Download Manager 3.9 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Free FLV Converter V 7.3.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.3.0.0 - Koyote Soft) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) HFX Volume 1 (HKLM-x32\...\{468B359F-BAEF-466F-BB82-5EDEA1D8B2FB}) (Version: 11.00.0000 - Pinnacle Systems) HFX Volume 2 (HKLM-x32\...\{37F79692-6F8A-487E-BF5A-A1E3227D9830}) (Version: 11.00.0000 - Pinnacle Systems) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version: - ) ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger) Nero 6 Demo (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - ) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation) NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.) Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios) Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems) Pinnacle Studio 12 Ultimate Plugins (HKLM-x32\...\{D1860E6E-520E-4380-8433-E58E8F88B473}) (Version: 12.0.0.0 - Pinnacle Systems) Pinnacle Video Treiber (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems) proDAD Vitascene 1.0 (HKLM-x32\...\proDAD-Vitascene-1.0) (Version: - ) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.) ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version: - Roccat GmbH) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia) SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Studio Premium Pack 1 (HKLM-x32\...\{9FE67144-F235-4FAB-8E0E-1C04D724B2CE}) (Version: 12.0.0.0 - Pinnacle Systems) Studio Premium Pack 2 (HKLM-x32\...\{CA9B76C4-4E1F-4946-80B1-9E5E8886D7AE}) (Version: 12.0.0.0 - Pinnacle Systems) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer) The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - ) The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED) TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version: - Nadeo) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TrackMania United 0.2.0.8 (HKLM-x32\...\TmUnited_is1) (Version: - Nadeo) Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) X2 The Threat v1.5 (HKLM-x32\...\X2TheThreat_is1) (Version: - EGOSOFT) X3 Reunion v2.5 (HKLM-x32\...\X3Reunion_is1) (Version: - EGOSOFT) XWAU Craft Pack (HKLM-x32\...\XWAU Craft Pack) (Version: v1.0 - X-Wing Alliance Upgrade) YOU DON'T KNOW JACK Vol. 1 XL (HKLM-x32\...\Steam App 252730) (Version: - ) ==================== Restore Points ========================= 27-06-2014 16:47:03 Geplanter Prüfpunkt 12-07-2014 19:12:15 Windows Update 20-07-2014 08:14:07 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-04-03 20:40 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {00EAB909-52ED-4C60-9965-A2F8B874E622} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {21D5217B-DDC5-43F2-A4F1-A66065443818} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation) Task: {2A945609-0157-4944-AB46-33B9FF8919A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {5712C6BA-A4D9-44DD-9EB1-429E15C83A3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated) Task: {D095A732-8462-4C09-8EED-E2DDB4F76FF7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {FB530114-05DA-4250-94DA-A777F78FFF8F} - System32\Tasks\AllmyappsUpdateTask => c:\users\lupus\appdata\roaming\allmyapps\allmyappsupdater.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-05-15 21:20 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-11-24 19:57 - 2013-11-24 19:57 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-11-24 19:57 - 2013-11-24 19:57 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-07-20 15:14 - 2014-07-20 15:14 - 00050477 _____ () C:\Users\Lupus\Desktop\Defogger.exe 2013-11-02 15:17 - 2012-07-08 17:31 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\hiddriver.dll 2014-02-12 19:05 - 2014-02-12 19:05 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll 2011-10-02 16:12 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData:gs5sys AlternateDataStreams: C:\Users\All Users:gs5sys AlternateDataStreams: C:\Users\Lupus:gs5sys AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys AlternateDataStreams: C:\ProgramData\Application Data:gs5sys AlternateDataStreams: C:\ProgramData\Templates:gs5sys AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys AlternateDataStreams: C:\Users\Lupus\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Lupus\Cookies:gs5sys AlternateDataStreams: C:\Users\Lupus\Lokale Einstellungen:gs5sys AlternateDataStreams: C:\Users\Lupus\Vorlagen:gs5sys AlternateDataStreams: C:\Users\Lupus\Desktop\ACDSEE32.EXE:KAVICHS AlternateDataStreams: C:\Users\Lupus\AppData\Local:gs5sys AlternateDataStreams: C:\Users\Lupus\AppData\Roaming:gs5sys AlternateDataStreams: C:\Users\Lupus\AppData\Local\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Lupus\AppData\Local\Verlauf:gs5sys AlternateDataStreams: C:\Users\Lupus\Documents\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCU => "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" MSCONFIG\startupreg: EADM => "K:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: KiesAirMessage => D:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPDLR => D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesPreload => D:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/20/2014 11:48:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 09:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 00:18:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2014 07:01:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2014 07:45:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2014 08:46:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2014 06:59:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2014 09:21:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x580 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (07/16/2014 08:42:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8 Name des fehlerhaften Moduls: NDParser.ax, Version: 2.0.2.5, Zeitstempel: 0x40ab7183 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000220d ID des fehlerhaften Prozesses: 0x1264 Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0 Pfad der fehlerhaften Anwendung: wmplayer.exe1 Pfad des fehlerhaften Moduls: wmplayer.exe2 Berichtskennung: wmplayer.exe3 Error: (07/16/2014 08:21:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/20/2014 11:38:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/20/2014 11:38:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (07/14/2014 07:45:11 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 14.07.2014 um 07:25:01 unerwartet heruntergefahren. Error: (07/13/2014 06:28:34 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 13.07.2014 um 18:22:06 unerwartet heruntergefahren. Error: (07/13/2014 00:31:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 13.07.2014 um 12:28:41 unerwartet heruntergefahren. Error: (07/13/2014 09:01:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/13/2014 09:01:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (07/05/2014 01:51:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/05/2014 01:51:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (06/16/2014 08:55:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "devolo Network Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-04-03 20:40:33.744 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-03 20:40:33.721 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 8168.85 MB Available physical RAM: 5384.07 MB Total Pagefile: 18409.03 MB Available Pagefile: 16233.2 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:19.47 GB) NTFS Drive d: (Volume) (Fixed) (Total:48.83 GB) (Free:12.48 GB) NTFS Drive e: (Volume) (Fixed) (Total:465.71 GB) (Free:85.97 GB) NTFS Drive f: (Volume) (Fixed) (Total:465.71 GB) (Free:34.48 GB) NTFS Drive g: (Volume) (Fixed) (Total:48.83 GB) (Free:23.45 GB) NTFS Drive h: (Volume) (Fixed) (Total:146.48 GB) (Free:29.81 GB) NTFS Drive i: (Volume) (Fixed) (Total:128.47 GB) (Free:73.72 GB) NTFS Drive j: (Disc2) (CDROM) (Total:7.88 GB) (Free:0 GB) UDF Drive k: (Volume) (Fixed) (Total:232.88 GB) (Free:93.95 GB) NTFS Drive l: (Elements) (Fixed) (Total:1863.01 GB) (Free:1001.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 823F7945) Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 5198BAE9) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 161769A1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 373 GB) (Disk ID: 7848C189) Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=146 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=128 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0003990F) Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS) ==================== End Of Log ============================ Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-20 15:30:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-VERT rev.2.11 111,79GB Running: Gmer-19357.exe; Driver: C:\Users\Lupus\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073351a22 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073351ad0 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073351b08 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073351bba 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073351bda 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073351a22 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073351ad0 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073351b08 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073351bba 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073351bda 2 bytes [35, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000752b1465 2 bytes [2B, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000752b14bb 2 bytes [2B, 75] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752b1465 2 bytes [2B, 75] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752b14bb 2 bytes [2B, 75] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752b1465 2 bytes [2B, 75] .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752b14bb 2 bytes [2B, 75] .text ... * 2 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076effcb0 5 bytes JMP 00000001002a091c .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076effe14 5 bytes JMP 00000001002a0048 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076effea8 5 bytes JMP 00000001002a02ee .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f00004 5 bytes JMP 00000001002a04b2 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f00038 5 bytes JMP 00000001002a09fe .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f00068 5 bytes JMP 00000001002a0ae0 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f00084 5 bytes JMP 0000000100020050 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f0079c 5 bytes JMP 00000001002a012a .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f0088c 5 bytes JMP 00000001002a0758 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f008a4 5 bytes JMP 00000001002a0676 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f00df4 5 bytes JMP 00000001002a03d0 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 5 bytes JMP 00000001002a0594 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f01be4 5 bytes JMP 00000001002a083a .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f01d70 5 bytes JMP 00000001002a020c .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007684524f 7 bytes JMP 00000001002a0f52 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000768453d0 7 bytes JMP 00000001002b0210 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076845677 1 byte JMP 00000001002b0048 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076845679 5 bytes {JMP 0xffffffff89a6a9d1} .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007684589a 7 bytes JMP 00000001002a0ca6 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076845a1d 7 bytes JMP 00000001002b03d8 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076845c9b 7 bytes JMP 00000001002b012c .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076845d87 7 bytes JMP 00000001002b02f4 .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076847240 7 bytes JMP 00000001002a0e6e .text C:\Users\Lupus\Desktop\Gmer-19357.exe[7012] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000764e1492 7 bytes JMP 00000001002b04bc ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832e1ff1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832e1ff1 (not active ControlSet) ---- EOF - GMER 2.1 ---- Achim |
20.07.2014, 15:04 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Hi,
__________________Zitat:
Zitat:
__________________ |
20.07.2014, 20:46 | #3 | |
| Norton Antivirus hat den Trojaner Trojan.Gen.2 entdecktZitat:
Hallo Cosinus, danke für die Erklärung. Dass sich die Virenscanner sehr häufig aktualisieren, war mir klar. Was ich mich nur frage ist, ob der Trojaner schon seit Beginn in dieser Datei ist (also seit fünf oder sechs Jahren) und jetzt erst gefunden wurde. Dann hätte ich verdammt lange einen ungebetenen Gast dabei. Und da fällt mir gerade ein, dass ihr mir vor ca. einem oder eineinhalb Jahren geholfen habt, einen Maljava-Trojaner zu entfernen. Da war diese Datei schon auf meinem Rechner. Zumindest wurde der Ordner und seine Dateien in der Zwischenzeit nicht bewusst von mir verändert, geöffnet etc. Hier das genaue Ergebnis von Norton: Code:
ATTFilter Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 20.07.2014 13:32:28,Hoch,chtnitrn.exe (Trojan.Gen.2) erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,f:\spielstände\titan quest\tqstimthronetrn-trn1_20032007\chtnitrn.exe Achim |
20.07.2014, 22:02 | #4 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton Antivirus hat den Trojaner Trojan.Gen.2 entdecktZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.07.2014, 05:54 | #5 |
| Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Ja, das ist die Datei, die Norton als Trojan.Gen.2 erkannt hat. |
21.07.2014, 10:28 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Sieht aus, als wenn manche Scanner die Datei als Cheat/Gamehack erkennen...vgl dazu https://www.virustotal.com/de/file/1...c9c3/analysis/
__________________ --> Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt |
21.07.2014, 15:20 | #7 |
| Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Ah, verstehe. Reicht es also, wenn ich die Datei einfach von meiner Festplatte lösche, um diesen Virusfund nicht mehr angezeigt zu bekommen? Das Spiel werde ich eh nie wieder spielen. Viele Grüße Achim |
23.07.2014, 13:15 | #8 |
| Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Hallo Cosinus, ist in meinem Fall noch eine Aktion notwendig? Gruß Achim |
23.07.2014, 14:15 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Nein, was soll da noch großartig gemacht werden? Das Teil ist ein Cheat, sehr wahrscheinlich ein Fehlalarm und selbst wenn nicht hast du das Teil jahrelang nicht mehr angefasst.
__________________ Logfiles bitte immer in CODE-Tags posten |
23.07.2014, 19:57 | #10 |
| Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Hm, ok. Danke für Deine Zeit. Ich muss allerdings zugeben, dass mich Deine Hilfe nicht wirklich restlos überzeugt hat und ich habe hier auch schon einen angenehmeren Tonfall erlebt. |
23.07.2014, 23:50 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Dann sei auch bitte so freundlich und konkretisiere das
__________________ Logfiles bitte immer in CODE-Tags posten |
27.07.2014, 19:59 | #12 |
| Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt Klar, mache ich. Hast schon recht. Z.B. auf meine Anmerkung, dass ich mich über einen Trojanerfund in einer Jahre alten Datei gewundert habe, hast Du mich gefragt, was denn daran so überraschend sei, da Virenscanner sich mehrmals täglich aktualisieren usw. Ich wäre nach wie vor überrascht, wenn es einen Trojaner gibt, der jahrelang sein Unwesen treibt und jeden Scan übersteht, ohne aufgespürt zu werden. Auch wenn es natürlich rein theoretisch denkbar ist. Auf meine Frage nach dem "zuckenden" Monitor bist Du überhaupt nicht eingegangen. Auf meine Frage am 21.07., wie ich weiter verfahren soll, habe ich keine Antwort erhalten und als ich zwei Tage später noch einmal nachgehakt habe (wie Du Dir vorstellen kannst, war ich etwas beunruhigt wegen des Trojaners), bekomme ich die Antwort "Nein, was soll da noch großartig gemacht werden?" Kommt halt alles ziemlich überheblich, lustlos und genervt rüber. Ich weiß, dass Ihr für die Arbeit nicht bezahlt werdet und gerade deshalb weiß ich die Hilfe echt zu schätzen. Aber sympathischer ist es schon, wenn man das freundlich macht. Die Fähigkeiten, die Du beim Auffinden von Viren und Reinigen von befallenen Computern hast, fehlen Dir vielleicht woanders. Und da möchtest Du (wahrscheinlich) auch freundlich behandelt werden, wenn Dir mal einer hilft. Wie gesagt, ich fand es ehrlich nicht total katastrophal, aber schon ziemlich "oberlehrerhaft" und genervt. Gruß Achim |
28.07.2014, 18:53 | #13 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ | Norton Antivirus hat den Trojaner Trojan.Gen.2 entdecktZitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Norton Antivirus hat den Trojaner Trojan.Gen.2 entdeckt |
abelssoft, antivirus, browser, canon, combofix, converter, downloader, error, excel, flash player, free download, helper, homepage, iexplore.exe, koyote, mozilla, newtab, realtek, registry, rundll, scan, security, software, svchost.exe, symantec, system, trojaner, usb, windows, windows xp |