| |
| |||||||
Log-Analyse und Auswertung: Was stimmt mit meinem OS nicht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.03.2014, 17:16
| #1 |
| |  Was stimmt mit meinem OS nicht? OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.03.2014 16:21:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\InfectedUser\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 66,78% Memory free 7,63 Gb Paging File | 6,33 Gb Available in Paging File | 82,95% Paging File free Paging file location(s): c:\pagefile.sys 3837 59398 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,87 Gb Total Space | 25,74 Gb Free Space | 8,64% Space Free | Partition Type: NTFS Computer Name: InfectedComputer | User Name: InfectedUser | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\InfectedUser\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Nitro PDF Software) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys (Symantec Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation) DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (ASUS) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\ENG64.SYS (Symantec Corporation) DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140309.001\IDSvia64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys (Symantec Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869 IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014.02.04 19:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014.03.11 15:58:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.02.04 19:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Extensions [2014.03.09 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions [2014.02.04 19:31:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014.02.04 19:31:45 | 000,000,000 | ---D | M] (Block site) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014.02.04 19:31:45 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions\youtubeunblocker@unblocker.yt [2013.12.17 13:24:56 | 000,098,595 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\anticontainer@downthemall.net.xpi [2012.09.18 17:04:50 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\elemhidehelper@adblockplus.org.xpi [2014.03.04 23:42:08 | 001,393,079 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\firefox@ghostery.com.xpi [2013.03.27 16:56:22 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\guiconfig@slosd.net.xpi [2014.02.04 19:41:30 | 000,833,621 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013.11.02 10:04:52 | 000,022,188 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{018cb058-fa6c-4c0f-8ebb-7ae9c1640ebc}.xpi [2014.03.09 18:33:39 | 000,102,729 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014.03.06 06:26:49 | 000,537,052 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.26 01:06:58 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013.04.21 23:24:10 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014.02.26 09:31:49 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.24 21:51:12 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.04.04 18:25:50 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014.03.07 20:55:17 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014.02.04 18:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.02.14 08:48:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ASUS TP Center (x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [CCEnhancer] C:\Program Files\CCleaner\CCEnhancer.exe (SingularLabs) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-2893890877-294734729-3406206096-1000..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyToolz.lnk = C:\Programme (Portable)\Easy Toolz\EasyToolz.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EEDA5CE-E80B-4FED-B947-29960F4AAADC}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{23df1b4a-8de8-11e3-bc9f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{23df1b4a-8de8-11e3-bc9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{a57f7ac6-8de1-11e3-9a93-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a57f7ac6-8de1-11e3-9a93-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.03.11 09:20:33 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Nitro PDF [2014.03.11 09:18:05 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Nitro [2014.03.11 09:18:05 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\FileOpen [2014.03.11 09:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen [2014.03.11 09:17:35 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2014.03.11 09:17:35 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro [2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro [2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro [2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro [2014.03.11 09:15:59 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Downloaded Installations [2014.03.11 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\PDF24 [2014.03.11 09:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2014.03.11 09:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24 [2014.03.11 06:01:11 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Flux [2014.03.11 03:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flux sound and picture development [2014.03.11 03:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux [2014.03.11 02:58:18 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\dvdcss [2014.03.11 02:57:33 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\vlc [2014.03.10 11:34:04 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\Zwischenablage [2014.03.10 08:15:42 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2014.03.10 04:46:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0EB7C0FC-5BF4-474E-B5F9-A6E991727B3E} [2014.03.10 04:15:24 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001 [2014.03.10 04:15:24 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000 [2014.03.09 22:09:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} [2014.03.08 05:54:50 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\J's Stuff [2014.03.08 05:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\jBridge [2014.02.26 11:01:42 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\XnView [2014.02.26 09:32:37 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2014.02.26 09:32:37 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2014.02.25 11:54:18 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71d.dll [2014.02.25 11:54:18 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71d.dll [2014.02.25 10:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg [2014.02.24 07:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3 [2014.02.24 07:28:17 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2014.02.22 15:04:05 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Audacity [2014.02.21 20:29:07 | 017,858,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2014.02.19 03:59:15 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\storage [2014.02.19 03:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2014.02.19 03:49:22 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2014.02.19 03:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2014.02.19 01:23:14 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\GHISLER [2014.02.18 11:48:46 | 000,000,000 | ---D | C] -- C:\Windows\W7FBC [2014.02.17 20:33:10 | 000,000,000 | R--D | C] -- C:\Backup [2014.02.15 00:41:40 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\Desktop\*.{ED7BA470-8E54-465E-825C-99712043E01C} [2014.02.13 17:45:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2014.02.12 09:02:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2014.02.12 09:02:04 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2014.02.12 09:02:04 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2014.02.12 09:02:04 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2014.02.12 09:02:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2014.02.12 09:02:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2014.02.12 09:02:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2014.02.12 09:02:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2014.02.12 09:02:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2014.02.12 09:02:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2014.02.12 09:02:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2014.02.12 09:02:04 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2014.02.12 09:02:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2014.02.12 09:02:03 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2014.02.12 09:02:03 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll [2014.02.12 09:02:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll [2014.02.12 08:56:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014.02.12 08:55:47 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014.02.12 08:55:47 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014.02.12 08:55:46 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014.02.12 08:55:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014.02.12 08:55:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014.02.12 08:55:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014.02.12 08:55:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014.02.12 08:55:45 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014.02.12 08:55:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014.02.12 08:55:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014.02.12 08:55:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014.02.12 08:55:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014.02.12 08:55:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014.02.12 08:55:44 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014.02.12 08:55:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014.02.12 08:55:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014.02.12 08:55:43 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014.02.12 08:55:43 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014.02.12 08:55:43 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014.02.12 08:55:43 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014.02.12 08:55:42 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014.02.12 08:55:42 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014.02.12 08:55:39 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014.02.12 08:55:17 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll [2014.02.12 08:55:17 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll [2014.02.12 08:54:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2014.02.12 08:54:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2014.02.12 08:54:29 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2014.02.12 08:54:29 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2014.02.12 08:54:29 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2014.02.12 08:54:28 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2014.02.12 08:54:28 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2014.02.12 08:54:28 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2014.02.12 08:54:28 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll [2014.02.12 08:54:28 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2014.02.12 08:54:28 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2014.02.12 08:54:28 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2014.02.12 08:54:28 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2014.02.12 08:54:28 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2014.02.12 08:54:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2014.02.12 08:54:27 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2014.02.12 08:54:27 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2014.02.12 08:54:27 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2014.02.12 08:54:27 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2014.02.12 08:54:23 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2014.02.12 08:54:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2014.02.09 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2014.02.09 23:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2 [2014.02.09 22:59:39 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\FlowStone [2014.02.09 22:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line [2014.02.09 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\Apps [2014.02.09 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename [2014.02.09 20:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename [2014.02.09 19:32:10 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\dwhelper ========== Files - Modified Within 30 Days ========== [2014.03.11 16:04:19 | 000,036,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.03.11 16:04:19 | 000,036,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.03.11 15:56:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.03.11 15:56:32 | 3129,753,600 | -HS- | M] () -- C:\hiberfil.sys [2014.03.11 15:56:31 | 000,062,524 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2014.03.11 09:58:16 | 000,001,492 | ---- | M] () -- C:\Users\InfectedUser\AppData\Roaming\EasyToolz.ini [2014.03.11 09:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.03.10 20:24:10 | 001,585,324 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.03.10 20:24:10 | 000,685,466 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.03.10 20:24:10 | 000,642,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.03.10 20:24:10 | 000,144,764 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.03.10 20:24:10 | 000,119,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.03.10 04:27:49 | 000,268,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.02.25 12:36:44 | 000,001,698 | ---- | M] () -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyToolz.lnk [2014.02.24 07:28:17 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2014.02.21 20:29:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.02.21 20:29:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.02.21 20:29:07 | 017,858,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2014.02.15 17:02:43 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf [2014.02.12 08:58:09 | 001,568,918 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2014.03.11 09:17:24 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk [2014.03.10 04:15:41 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm [2014.03.10 04:15:41 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm [2014.03.10 04:15:41 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm [2014.03.10 04:10:45 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll [2014.02.25 12:36:44 | 000,001,698 | ---- | C] () -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyToolz.lnk [2014.02.25 12:34:34 | 000,001,492 | ---- | C] () -- C:\Users\InfectedUser\AppData\Roaming\EasyToolz.ini [2014.02.09 21:06:41 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014.02.09 19:07:23 | 000,062,524 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor [2014.02.04 23:42:51 | 001,199,175 | ---- | C] () -- C:\Windows\unins002.exe [2014.02.04 23:42:51 | 000,021,757 | ---- | C] () -- C:\Windows\unins002.dat [2014.02.04 23:42:46 | 000,091,662 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2014.02.04 23:42:45 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2014.02.04 23:42:45 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll [2014.02.04 23:42:44 | 001,198,049 | ---- | C] () -- C:\Windows\unins001.exe [2014.02.04 23:42:44 | 000,010,946 | ---- | C] () -- C:\Windows\unins001.dat [2014.02.04 23:42:22 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe [2014.02.04 23:42:22 | 000,007,970 | ---- | C] () -- C:\Windows\unins000.dat [2014.02.04 23:39:51 | 001,568,918 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014.02.04 22:54:29 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2014.02.04 22:54:29 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2014.02.04 22:54:29 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2014.02.04 22:54:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2014.02.04 22:54:29 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.02.22 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Audacity [2014.03.11 09:15:59 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Downloaded Installations [2014.02.06 22:11:02 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\DriverCure [2014.03.11 09:18:05 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\FileOpen [2014.02.09 22:59:40 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\FlowStone [2014.03.11 06:01:11 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Flux [2014.02.18 11:10:22 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\GHISLER [2014.03.11 09:18:05 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Nitro [2014.03.11 09:45:59 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Nitro PDF [2014.02.06 22:11:02 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\SpeedyPC Software [2014.02.04 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Trillian [2014.02.26 11:01:42 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\XnView ========== Purity Check ========== < End of report > [CODE\] Geändert von -=InfUsr=- (11.03.2014 um 17:29 Uhr) |
|
11.03.2014, 17:57
| #2 |
| /// the machine /// TB-Ausbilder    | Was stimmt mit meinem OS nicht? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.03.2014, 19:13
| #3 |
| | Was stimmt mit meinem OS nicht? FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by InfectedUser (administrator) on InfectedComputer on 11-03-2014 18:03:18
Running from C:\Users\InfectedUser\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MATESO GmbH) C:\Programme (Portable)\PSR\psr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS TP Center (x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [235488 2012-07-13] (AsusTek)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-05-26] (Alcor Micro Corp.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3994960 2011-11-17] (O&O Software GmbH)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5142128 2012-04-19] (VIA)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [CCEnhancer] - C:\Program Files\CCleaner\CCEnhancer.exe [275456 2013-08-26] (SingularLabs)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2893890877-294734729-3406206096-1000\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5973272 2013-12-17] (Piriform Ltd)
HKU\S-1-5-21-2893890877-294734729-3406206096-1000\...\MountPoints2: {23df1b4a-8de8-11e3-bc9f-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2893890877-294734729-3406206096-1000\...\MountPoints2: {a57f7ac6-8de1-11e3-9a93-806e6f6e6963} - D:\InstAll.exe
Startup: C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyToolz.lnk
ShortcutTarget: EasyToolz.lnk -> C:\Programme (Portable)\Easy Toolz\EasyToolz.exe ()
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default
FF Homepage: https://startpage.com/do/mypage.pl?prf=c9dd3c0b4051f1054f86a45ef305d548 | https://duckduckgo.com/?kad=de_DE&kn=1&kj=ct&k7=#4673FF&k8=#66FFFF&ky=g&kt=h&ka=e&k4=-1&k1=-1
FF NetworkProxy: "backup.ftp", "60.253.120.34"
FF NetworkProxy: "backup.ftp_port", 1080
FF NetworkProxy: "backup.socks", "60.253.120.34"
FF NetworkProxy: "backup.socks_port", 1080
FF NetworkProxy: "backup.ssl", "60.253.120.34"
FF NetworkProxy: "backup.ssl_port", 1080
FF NetworkProxy: "ftp", "118.96.137.124 "
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "118.96.137.124 "
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "118.96.137.124 "
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "118.96.137.124 "
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\youtubeunblocker@unblocker.yt [2014-02-04]
FF Extension: DownloadHelper - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-04]
FF Extension: Block site - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-04]
FF Extension: DownThemAll! AntiContainer - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\anticontainer@downthemall.net.xpi [2014-02-04]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-02-04]
FF Extension: Ghostery - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\firefox@ghostery.com.xpi [2014-02-04]
FF Extension: gui:config - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\guiconfig@slosd.net.xpi [2014-02-04]
FF Extension: Lightbeam - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-04]
FF Extension: {018cb058-fa6c-4c0f-8ebb-7ae9c1640ebc} - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{018cb058-fa6c-4c0f-8ebb-7ae9c1640ebc}.xpi [2014-02-04]
FF Extension: Screengrab (fix version) - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-02-04]
FF Extension: NoScript - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-04]
FF Extension: BugMeNot - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-02-04]
FF Extension: CookieCuller - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-02-04]
FF Extension: Adblock Plus - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-04]
FF Extension: BetterPrivacy - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-02-04]
FF Extension: DownThemAll! - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-04]
FF Extension: Web2PDF converter - C:\Users\InfectedUser\AppData\Roaming\Mozilla\Firefox\Profiles\muk922rp.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
==================== Services (Whitelisted) =================
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3273552 2011-11-17] (O&O Software GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-13] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-13] (ASUS)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-13] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140309.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\ENG64.SYS [126040 2014-03-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\EX64.SYS [2099288 2014-03-10] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-04] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 ASUSProcObsrv; \??\D:\I386\AsPrOb64.sys [X]
S3 netr28x; system32\DRIVERS\netr28x.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-11 18:03 - 2014-03-11 18:03 - 00017200 _____ () C:\Users\InfectedUser\Downloads\FRST.txt
2014-03-11 18:03 - 2014-03-11 18:03 - 00000000 ____D () C:\FRST
2014-03-11 18:02 - 2014-03-11 18:02 - 02157056 _____ (Farbar) C:\Users\InfectedUser\Downloads\FRST64.exe
2014-03-11 16:29 - 2014-03-11 17:33 - 00044016 _____ () C:\Users\InfectedUser\Downloads\Extras.Txt
2014-03-11 16:28 - 2014-03-11 16:28 - 00100166 _____ () C:\Users\InfectedUser\Downloads\OTL.Txt
2014-03-11 16:19 - 2014-03-11 16:19 - 00602112 _____ (OldTimer Tools) C:\Users\InfectedUser\Downloads\OTL.exe
2014-03-11 09:20 - 2014-03-11 09:45 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Nitro PDF
2014-03-11 09:18 - 2014-03-11 09:18 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Nitro
2014-03-11 09:18 - 2014-03-11 09:18 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\FileOpen
2014-03-11 09:18 - 2014-03-11 09:18 - 00000000 ____D () C:\ProgramData\FileOpen
2014-03-11 09:17 - 2014-03-11 09:17 - 00000000 ____D () C:\ProgramData\Nitro
2014-03-11 09:17 - 2014-03-11 09:17 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-03-11 09:17 - 2014-03-11 09:17 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-03-11 09:17 - 2013-07-26 06:57 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2014-03-11 09:17 - 2013-07-26 06:57 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2014-03-11 09:15 - 2014-03-11 09:15 - 01678960 _____ (Solid State Networks) C:\Users\InfectedUser\Downloads\nitro_pdf_reader3565_64_dlm.exe
2014-03-11 09:15 - 2014-03-11 09:15 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Downloaded Installations
2014-03-11 09:07 - 2014-03-11 09:07 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\PDF24
2014-03-11 09:07 - 2014-03-11 09:07 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-11 09:06 - 2014-03-11 09:06 - 16204160 _____ (Geek Software GmbH ) C:\Users\InfectedUser\Downloads\pdf24-creator-6.3.2.exe
2014-03-11 06:01 - 2014-03-11 06:01 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Flux
2014-03-11 03:23 - 2014-03-11 03:23 - 00000000 ____D () C:\Program Files (x86)\Flux
2014-03-11 03:22 - 2014-03-11 03:22 - 07906904 _____ (Flux:: sound and picture development) C:\Users\InfectedUser\Downloads\Flux_StereoTool_Windows_Installer_(2.4.8.14315).exe
2014-03-11 02:58 - 2014-03-11 03:48 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\dvdcss
2014-03-11 02:57 - 2014-03-11 09:59 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\vlc
2014-03-11 02:55 - 2014-03-11 02:55 - 25889832 _____ () C:\Users\InfectedUser\Downloads\vlc-2.1.3-win64.exe
2014-03-11 02:42 - 2014-03-11 02:42 - 05186991 _____ () C:\Users\InfectedUser\Downloads\uniextract161_noinst.rar
2014-03-10 11:34 - 2014-03-10 12:20 - 00000000 ____D () C:\Users\InfectedUser\Zwischenablage
2014-03-10 08:15 - 2014-03-10 08:15 - 00000000 __SHD () C:\Windows\ftpcache
2014-03-10 04:46 - 2014-03-10 04:51 - 00000000 __HDC () C:\ProgramData\{0EB7C0FC-5BF4-474E-B5F9-A6E991727B3E}
2014-03-10 04:15 - 1999-11-30 23:40 - 00401462 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-03-10 04:15 - 1999-11-30 23:40 - 00401462 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-03-09 22:09 - 2014-03-09 22:09 - 00000000 __HDC () C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2014-03-09 08:21 - 2014-03-09 08:21 - 01391402 _____ () C:\Users\SynasUSB.sys\Downloads\licensecrawler135.zip
2014-03-08 05:54 - 2014-03-08 05:54 - 00000000 ____D () C:\Users\SynasUSB.sys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\J's Stuff
2014-03-08 05:54 - 2014-03-08 05:54 - 00000000 ____D () C:\Program Files\jBridge
2014-02-26 11:01 - 2014-02-26 11:01 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\XnView
2014-02-26 10:55 - 2014-02-26 10:55 - 20566784 _____ () C:\Users\InfectedUser\Downloads\XnView v2.13.zip
2014-02-26 09:32 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 09:32 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-25 12:34 - 2014-03-11 09:58 - 00001492 _____ () C:\Users\InfectedUser\AppData\Roaming\EasyToolz.ini
2014-02-25 11:54 - 2003-03-18 19:04 - 00765952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71d.dll
2014-02-25 11:54 - 2003-03-18 19:03 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71d.dll
2014-02-25 10:18 - 2014-03-10 04:25 - 00000000 ____D () C:\Program Files (x86)\Steinberg
2014-02-24 07:28 - 2014-02-24 07:28 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-02-22 15:57 - 2014-02-23 13:50 - 02698724 _____ () C:\Users\InfectedUser\Downloads\skinman0999l.zip
2014-02-22 15:04 - 2014-02-22 16:57 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Audacity
2014-02-21 20:29 - 2014-02-21 20:29 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 03:59 - 2014-02-19 03:59 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\storage
2014-02-19 03:58 - 2014-02-19 03:58 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-02-19 03:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-02-19 03:36 - 2014-02-19 03:50 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-02-19 01:23 - 2014-02-19 01:23 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\GHISLER
2014-02-18 11:48 - 2014-02-18 11:51 - 00000000 ____D () C:\Windows\W7FBC
2014-02-17 20:33 - 2014-03-11 17:06 - 00000000 ___RD () C:\Backup
2014-02-15 00:41 - 2014-02-15 00:41 - 00000000 ____D () C:\Users\InfectedUser\Desktop\*.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-02-13 17:45 - 2014-02-13 17:45 - 00000000 ____D () C:\Windows\Sun
2014-02-12 09:02 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-12 09:02 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 09:02 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-12 09:02 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-12 09:02 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-12 09:02 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-12 09:02 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-12 09:02 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-12 09:02 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-12 09:02 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-12 09:02 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-12 09:02 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-12 09:02 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-12 09:02 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-12 09:02 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-12 09:02 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-12 08:56 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 08:56 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 08:55 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 08:55 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 08:55 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 08:55 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 08:55 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 08:55 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 08:55 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 08:55 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 08:55 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 08:55 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 08:55 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 08:55 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 08:55 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 08:55 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 08:55 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 08:55 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 08:55 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 08:55 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 08:55 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 08:55 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 08:55 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 08:55 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 08:55 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 08:55 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 08:55 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 08:55 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 08:55 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 08:55 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 08:55 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 08:55 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 08:55 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 08:55 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 08:55 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 08:55 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 08:55 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 08:55 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 08:55 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 08:55 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 08:55 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 08:55 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-12 08:55 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-12 08:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 08:49 - 2014-03-11 16:09 - 01031028 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 23:01 - 2014-02-09 23:01 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-02-09 23:01 - 2014-02-09 23:01 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-02-09 22:59 - 2014-02-09 22:59 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\FlowStone
2014-02-09 21:02 - 2014-02-09 21:02 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\Apps\2.0
2014-02-09 20:38 - 2014-02-09 20:41 - 00000000 ____D () C:\Program Files (x86)\TagRename
2014-02-09 19:32 - 2014-02-09 19:32 - 00000000 ____D () C:\Users\InfectedUser\dwhelper
2014-02-09 19:07 - 2014-03-11 15:56 - 00062524 _____ () C:\Windows\system32\oodbs.lor
2014-02-09 01:08 - 2014-02-09 02:24 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\Adobe
2014-02-09 01:08 - 2007-05-21 15:34 - 00000000 _____ () C:\Windows\cs3marked32
==================== One Month Modified Files and Folders =======
2014-03-11 18:03 - 2014-03-11 18:03 - 00017200 _____ () C:\Users\InfectedUser\Downloads\FRST.txt
2014-03-11 18:03 - 2014-03-11 18:03 - 00000000 ____D () C:\FRST
2014-03-11 18:02 - 2014-03-11 18:02 - 02157056 _____ (Farbar) C:\Users\InfectedUser\Downloads\FRST64.exe
2014-03-11 17:33 - 2014-03-11 16:29 - 00044016 _____ () C:\Users\InfectedUser\Downloads\Extras.Txt
2014-03-11 17:29 - 2014-02-05 00:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 17:06 - 2014-02-17 20:33 - 00000000 ___RD () C:\Backup
2014-03-11 16:28 - 2014-03-11 16:28 - 00100166 _____ () C:\Users\InfectedUser\Downloads\OTL.Txt
2014-03-11 16:19 - 2014-03-11 16:19 - 00602112 _____ (OldTimer Tools) C:\Users\InfectedUser\Downloads\OTL.exe
2014-03-11 16:09 - 2014-02-12 08:49 - 01031028 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 16:06 - 2014-02-06 17:46 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Skype
2014-03-11 16:04 - 2009-07-14 05:45 - 00036528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 16:04 - 2009-07-14 05:45 - 00036528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 16:03 - 2014-02-05 00:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-11 15:56 - 2014-02-09 19:07 - 00062524 _____ () C:\Windows\system32\oodbs.lor
2014-03-11 15:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 09:59 - 2014-03-11 02:57 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\vlc
2014-03-11 09:58 - 2014-02-25 12:34 - 00001492 _____ () C:\Users\InfectedUser\AppData\Roaming\EasyToolz.ini
2014-03-11 09:56 - 2014-02-05 15:13 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Macromedia
2014-03-11 09:45 - 2014-03-11 09:20 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Nitro PDF
2014-03-11 09:18 - 2014-03-11 09:18 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Nitro
2014-03-11 09:18 - 2014-03-11 09:18 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\FileOpen
2014-03-11 09:18 - 2014-03-11 09:18 - 00000000 ____D () C:\ProgramData\FileOpen
2014-03-11 09:17 - 2014-03-11 09:17 - 00000000 ____D () C:\ProgramData\Nitro
2014-03-11 09:17 - 2014-03-11 09:17 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-03-11 09:17 - 2014-03-11 09:17 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-03-11 09:15 - 2014-03-11 09:15 - 01678960 _____ (Solid State Networks) C:\Users\InfectedUser\Downloads\nitro_pdf_reader3565_64_dlm.exe
2014-03-11 09:15 - 2014-03-11 09:15 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Downloaded Installations
2014-03-11 09:07 - 2014-03-11 09:07 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\PDF24
2014-03-11 09:07 - 2014-03-11 09:07 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-11 09:06 - 2014-03-11 09:06 - 16204160 _____ (Geek Software GmbH ) C:\Users\InfectedUser\Downloads\pdf24-creator-6.3.2.exe
2014-03-11 06:01 - 2014-03-11 06:01 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Flux
2014-03-11 03:48 - 2014-03-11 02:58 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\dvdcss
2014-03-11 03:23 - 2014-03-11 03:23 - 00000000 ____D () C:\Program Files (x86)\Flux
2014-03-11 03:22 - 2014-03-11 03:22 - 07906904 _____ (Flux:: sound and picture development) C:\Users\InfectedUser\Downloads\Flux_StereoTool_Windows_Installer_(2.4.8.14315).exe
2014-03-11 03:18 - 2014-02-05 00:53 - 00000000 ___RD () C:\Programme (Portable)
2014-03-11 02:55 - 2014-03-11 02:55 - 25889832 _____ () C:\Users\InfectedUser\Downloads\vlc-2.1.3-win64.exe
2014-03-11 02:54 - 2012-04-09 03:24 - 00000000 ____D () C:\Users\InfectedUser\Downloads\YouTube Video (Webm)
2014-03-11 02:42 - 2014-03-11 02:42 - 05186991 _____ () C:\Users\InfectedUser\Downloads\uniextract161_noinst.rar
2014-03-10 20:24 - 2011-04-12 08:43 - 00685466 _____ () C:\Windows\system32\perfh007.dat
2014-03-10 20:24 - 2011-04-12 08:43 - 00144764 _____ () C:\Windows\system32\perfc007.dat
2014-03-10 20:24 - 2009-07-14 06:13 - 01585324 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 15:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-10 13:36 - 2011-11-27 00:55 - 00000000 ____D () C:\Users\InfectedUser\Downloads\YouTube Video (FLV)
2014-03-10 11:34 - 2014-02-04 22:41 - 00000000 ____D () C:\Users\InfectedUser
2014-03-10 08:15 - 2014-03-10 08:15 - 00000000 __SHD () C:\Windows\ftpcache
2014-03-10 08:12 - 2014-02-04 22:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-10 04:51 - 2014-03-10 04:46 - 00000000 __HDC () C:\ProgramData\{0EB7C0FC-5BF4-474E-B5F9-A6E991727B3E}
2014-03-10 04:30 - 2014-02-04 23:11 - 00058400 _____ () C:\Users\InfectedUser\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-10 04:27 - 2009-07-14 05:45 - 00268080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-10 04:25 - 2014-02-25 10:18 - 00000000 ____D () C:\Program Files (x86)\Steinberg
2014-03-09 22:09 - 2014-03-09 22:09 - 00000000 __HDC () C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2014-03-09 08:21 - 2014-03-09 08:21 - 01391402 _____ () C:\Users\InfectedUser\Downloads\licensecrawler135.zip
2014-03-08 05:54 - 2014-03-08 05:54 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\J's Stuff
2014-03-08 05:54 - 2014-03-08 05:54 - 00000000 ____D () C:\Program Files\jBridge
2014-03-06 18:58 - 2014-02-04 22:41 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\VirtualStore
2014-03-06 14:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-02 15:01 - 2014-02-08 16:54 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-02-28 20:15 - 2014-02-05 01:03 - 00000000 ____D () C:\Program Files (x86)\Alternative Flash Player Auto-Updater
2014-02-26 11:01 - 2014-02-26 11:01 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\XnView
2014-02-26 10:55 - 2014-02-26 10:55 - 20566784 _____ () C:\Users\InfectedUser\Downloads\XnView v2.13.zip
2014-02-25 12:36 - 2014-02-04 22:41 - 00000000 ___RD () C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 12:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2014-02-24 07:28 - 2014-02-24 07:28 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-02-23 13:50 - 2014-02-22 15:57 - 02698724 _____ () C:\Users\InfectedUser\Downloads\skinman0999l.zip
2014-02-22 16:57 - 2014-02-22 15:04 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Audacity
2014-02-21 20:29 - 2014-02-21 20:29 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 20:29 - 2014-02-05 00:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 20:29 - 2014-02-05 00:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 20:29 - 2014-02-05 00:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-19 03:59 - 2014-02-19 03:59 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\storage
2014-02-19 03:58 - 2014-02-19 03:58 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-02-19 03:50 - 2014-02-19 03:36 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-02-19 01:39 - 2014-02-04 23:02 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-02-19 01:23 - 2014-02-19 01:23 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\GHISLER
2014-02-18 11:51 - 2014-02-18 11:48 - 00000000 ____D () C:\Windows\W7FBC
2014-02-18 11:10 - 2014-02-08 17:14 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\GHISLER
2014-02-15 00:41 - 2014-02-15 00:41 - 00000000 ____D () C:\Users\InfectedUser\Desktop\*.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-02-14 08:48 - 2014-02-04 18:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 17:45 - 2014-02-13 17:45 - 00000000 ____D () C:\Windows\Sun
2014-02-12 09:03 - 2014-02-04 20:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 09:02 - 2014-02-04 20:22 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 08:58 - 2014-02-04 23:39 - 01568918 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-09 23:01 - 2014-02-09 23:01 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-02-09 23:01 - 2014-02-09 23:01 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-02-09 22:59 - 2014-02-09 22:59 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\FlowStone
2014-02-09 21:21 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-09 21:21 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-02-09 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-09 21:02 - 2014-02-09 21:02 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\Apps\2.0
2014-02-09 20:41 - 2014-02-09 20:38 - 00000000 ____D () C:\Program Files (x86)\TagRename
2014-02-09 19:32 - 2014-02-09 19:32 - 00000000 ____D () C:\Users\InfectedUser\dwhelper
2014-02-09 06:10 - 2014-02-08 17:20 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\Downloaded Installations
2014-02-09 02:24 - 2014-02-09 01:08 - 00000000 ____D () C:\Users\InfectedUser\AppData\Local\Adobe
2014-02-09 02:24 - 2014-02-05 15:13 - 00000000 ____D () C:\Users\InfectedUser\AppData\Roaming\Adobe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 15:36
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by InfectedUser at 2014-03-11 18:04:09
Running from C:\Users\InfectedUser\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.42.69356 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.42.69356 - Alcor Micro Corp.) Hidden
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.6 - Sereby Corporation)
Alternative Flash Player Auto-Updater (HKLM-x32\...\{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1) (Version: 1.1.0.5 - pXc-coding.com)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.24 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.1 - ASUS)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
Flux_StereoTool (HKLM-x32\...\{48A404E2-0A25-4CEF-AB87-8626BD1B0F2C}) (Version: 2.4.8.14315 - Flux:: sound and picture development)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM-x32\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
O&O Defrag Professional (HKLM\...\{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}) (Version: 15.0.107 - O&O Software GmbH)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.03.000 - Ubisoft)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows-Treiberpaket - ASUS (ATP) Mouse (07/08/2012 1.0.0.93) (HKLM\...\747C94D329BB5CCC3231C84E4D319B6CEC7BBAB3) (Version: 07/08/2012 1.0.0.93 - ASUS)
==================== Restore Points =========================
10-03-2014 14:43:11 Geplanter Prüfpunkt
10-03-2014 18:23:19 Revo Uninstaller's restore point - Secret Service
10-03-2014 18:23:58 Removed Secret Service
10-03-2014 18:27:03 Revo Uninstaller's restore point - Secret Service
11-03-2014 02:24:29 Installed Flux_StereoTool
11-03-2014 08:16:49 Nitro Reader 3 wird installiert
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1564B124-F383-48ED-A4CF-DF2FA7354DE6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {3DD0F630-5143-47D2-9E9B-5258C676E298} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {42BE2AB2-3D58-4304-9182-7CCA7A4EED4A} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {6D8FFB6D-821F-4AEA-94D5-9C3EFC150E80} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: {7AD7C2B2-57D2-47B1-BA23-F84276CBA106} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B272B125-BE12-4855-85D7-7B756A58F1C6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-05-07] (ASUSTek Computer Inc.)
Task: {BC43D04C-625E-455E-BB36-D6CB41FA7473} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {BFFA6593-C7CB-4EFC-93B8-D8F1997D3750} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E53B9C4A-5C5E-4231-B5C5-F3E303DE12F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {F19890A5-CD96-4670-A593-44F0F465E45B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-04 22:54 - 2012-02-22 08:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-04 23:05 - 2012-04-19 03:24 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-02-04 23:05 - 2012-04-19 03:24 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-04 23:00 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-04 18:57 - 2014-02-14 08:48 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
MSCONFIG\startupreg: ASUS Quick Gesture (x86) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: HL-DT-ST DVDRAM GT70N
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: ASUS USB2.0 Webcam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/11/2014 03:58:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/11/2014 02:53:54 AM) (Source: Application Hang) (User: )
Description: Programm vlc.exe, Version 2.1.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 116c
Startzeit: 01cf3ccca023b066
Endzeit: 25
Anwendungspfad: C:\Program Files\VideoLAN\VLC\vlc.exe
Berichts-ID: f839177c-a8bf-11e3-a099-08606e4b3c47
Error: (03/10/2014 06:32:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2653, Zeitstempel: 0x4f3aac44
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000030eb06
ID des fehlerhaften Prozesses: 0x8a8
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Error: (03/10/2014 06:32:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2653, Zeitstempel: 0x4f3aac44
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000030eb06
ID des fehlerhaften Prozesses: 0x8a8
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Error: (03/10/2014 10:43:05 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2653, Zeitstempel: 0x4f3aac44
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000030eb06
ID des fehlerhaften Prozesses: 0x94c
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
System errors:
=============
Error: (03/11/2014 03:56:53 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/10/2014 02:30:31 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (03/10/2014 04:28:05 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/09/2014 06:26:44 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/09/2014 09:22:38 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (03/09/2014 02:21:58 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/08/2014 05:28:20 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/07/2014 07:07:22 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/07/2014 05:26:42 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (03/07/2014 05:26:41 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Microsoft Office Sessions:
=========================
Error: (03/11/2014 03:58:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/11/2014 02:53:54 AM) (Source: Application Hang)(User: )
Description: vlc.exe2.1.2.0116c01cf3ccca023b06625C:\Program Files\VideoLAN\VLC\vlc.exef839177c-a8bf-11e3-a099-08606e4b3c47
Error: (03/10/2014 06:32:53 PM) (Source: Application Error)(User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26534f3aac44c000041d000000000030eb068a801cf3c86b1b76b38C:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dll02180929-a87a-11e3-a099-08606e4b3c47
Error: (03/10/2014 06:32:50 PM) (Source: Application Error)(User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26534f3aac44c0000005000000000030eb068a801cf3c86b1b76b38C:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dllfff8f964-a879-11e3-a099-08606e4b3c47
Error: (03/10/2014 10:43:05 AM) (Source: Application Error)(User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26534f3aac44c000041d000000000030eb0694c01cf3c44ae5ca59bC:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dll60d2b3ed-a838-11e3-a099-08606e4b3c47
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3979.69 MB
Available physical RAM: 2406.96 MB
Total Pagefile: 7814.87 MB
Available Pagefile: 6283.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:297.87 GB) (Free:25.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 69B53599)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
12.03.2014, 13:34
| #4 |
| /// the machine /// TB-Ausbilder | Was stimmt mit meinem OS nicht? Warum heisst der Benutzer InfectedUser? Was für Probleme hast Du mit der Kiste?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.03.2014, 20:41
| #5 |
| | Was stimmt mit meinem OS nicht? Frage 1 Der Benutzer heißt aus diesem Grund "InfectedUser" im Bezug auf InfUsr weil ich den tatsächlichen Benutzer anonymisieren sollte bevor ich poste. Frage 2 Da kommen mehrere Probleme von Zeit zu Zeit zusammen. Eine Liste habe ich nicht. Verbindungsprobleme Einstellungen ändern sich ungefragt und ungewollt. Programme stürzen ab. Dabei habe ich Windows 7 erst kürzlich installiert. |
|
13.03.2014, 13:13
| #6 | |
| /// the machine /// TB-Ausbilder | Was stimmt mit meinem OS nicht? Müsste ich halt schon genauer wissen, damit ich weiß wonach ich schauen muss, so sind die Logfiles in Ordnung. Zitat:
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Was stimmt mit meinem OS nicht? |
|
13.03.2014, 21:57
| #7 |
| | Was stimmt mit meinem OS nicht? Ich verwende keinen Proxy. Die aufgezeigten Einstellungen beunruhigen mich daher etwas. Die abstürzenden Programme sind überwiegend Systemprogramme von Microsoft wie z.B. COM Surrogate.exe. Einstellungen wie Ansichten und Gruppierungen werden ständig verworfen. Des öfteren hängt sich das System kurz auf. Ich werde nun die aufgeführten Schritte durchführen und melde mich mit den Resultaten. Edit: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
InfectedUser :: InfectedComputer [administrator]
13.03.2014 21:38:58
mbar-log-2014-03-13 (21-38-58).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233954
Time elapsed: 14 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\InfectedUser\Desktop\XCC Utils\XCC Mixer.exe (Trojan.Agent) -> No action taken.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
anderen Anti- Viren, Malware Programmen für unbedenklich klassifiziert wurde. Der Kaspersky-Scanner hat nichts gefunden. Es gibt zwei Logdateien. Soll ich beide posten? Geändert von -=InfUsr=- (13.03.2014 um 22:46 Uhr) |
|
14.03.2014, 19:16
| #8 |
| /// the machine /// TB-Ausbilder | Was stimmt mit meinem OS nicht? Nö, passt. Schon mal ein Inplace Upgrade von WIn gemacht zum reparieren?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.03.2014, 00:09
| #9 | |
| | Was stimmt mit meinem OS nicht? Wenn es das ist was ich denke dann ja. Ist allerdings schon eine Weile her und da dieses System erst kürzlich aufgesetzt wurde habe ich es noch nicht angewendet. Ich versuche es sofern mir die cmd-Befehle einfallen. Zitat:
Scan durchgeführt, keine Integritätsverletzung feststellbar. |
|
15.03.2014, 17:25
| #10 |
| /// the machine /// TB-Ausbilder | Was stimmt mit meinem OS nicht? Nee, ich meinte WIn DVD rein und Reparatur machen. How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Was stimmt mit meinem OS nicht? |
| adobe flash player, asus, bho, browser, explorer, explorer.exe, firefox, flash player, format, hotkey, logfile, microsoft, mozilla, norton internet security, pdf, programme, registry, scan, security, service.exe, software, sound, symantec, windows, winlogon |
Linear-Darstellung
