Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Was stimmt mit meinem OS nicht?

Was stimmt mit meinem OS nicht?


Log-Analyse und Auswertung: Was stimmt mit meinem OS nicht?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.03.2014, 17:16   #1
-=InfUsr=-
 
Was stimmt mit meinem OS nicht? - Standard

Was stimmt mit meinem OS nicht?


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.03.2014 16:21:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\InfectedUser\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 66,78% Memory free
7,63 Gb Paging File | 6,33 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): c:\pagefile.sys 3837 59398 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,87 Gb Total Space | 25,74 Gb Free Space | 8,64% Space Free | Partition Type: NTFS
 
Computer Name: InfectedComputer | User Name: InfectedUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\InfectedUser\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Nitro PDF Software)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (ASUS)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140309.001\IDSvia64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys (Symantec Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
IE - HKU\S-1-5-21-2893890877-294734729-3406206096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014.02.04 19:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014.03.11 15:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014.02.04 19:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Extensions
[2014.03.09 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions
[2014.02.04 19:31:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.02.04 19:31:45 | 000,000,000 | ---D | M] (Block site) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2014.02.04 19:31:45 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\Firefox\Profiles\muk922rp.default\extensions\youtubeunblocker@unblocker.yt
[2013.12.17 13:24:56 | 000,098,595 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\anticontainer@downthemall.net.xpi
[2012.09.18 17:04:50 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\elemhidehelper@adblockplus.org.xpi
[2014.03.04 23:42:08 | 001,393,079 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\firefox@ghostery.com.xpi
[2013.03.27 16:56:22 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\guiconfig@slosd.net.xpi
[2014.02.04 19:41:30 | 000,833,621 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2013.11.02 10:04:52 | 000,022,188 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{018cb058-fa6c-4c0f-8ebb-7ae9c1640ebc}.xpi
[2014.03.09 18:33:39 | 000,102,729 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
[2014.03.06 06:26:49 | 000,537,052 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.09.26 01:06:58 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2013.04.21 23:24:10 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2014.02.26 09:31:49 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.24 21:51:12 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.04.04 18:25:50 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014.03.07 20:55:17 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\InfectedUser\AppData\Roaming\mozilla\firefox\profiles\muk922rp.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2014.02.04 18:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.02.14 08:48:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS TP Center (x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [CCEnhancer] C:\Program Files\CCleaner\CCEnhancer.exe (SingularLabs)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-2893890877-294734729-3406206096-1000..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyToolz.lnk = C:\Programme (Portable)\Easy Toolz\EasyToolz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EEDA5CE-E80B-4FED-B947-29960F4AAADC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23df1b4a-8de8-11e3-bc9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23df1b4a-8de8-11e3-bc9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{a57f7ac6-8de1-11e3-9a93-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a57f7ac6-8de1-11e3-9a93-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.03.11 09:20:33 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Nitro PDF
[2014.03.11 09:18:05 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Nitro
[2014.03.11 09:18:05 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\FileOpen
[2014.03.11 09:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2014.03.11 09:17:35 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2014.03.11 09:17:35 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2014.03.11 09:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2014.03.11 09:15:59 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Downloaded Installations
[2014.03.11 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\PDF24
[2014.03.11 09:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2014.03.11 09:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2014.03.11 06:01:11 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Flux
[2014.03.11 03:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flux sound and picture development
[2014.03.11 03:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux
[2014.03.11 02:58:18 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\dvdcss
[2014.03.11 02:57:33 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\vlc
[2014.03.10 11:34:04 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\Zwischenablage
[2014.03.10 08:15:42 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2014.03.10 04:46:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0EB7C0FC-5BF4-474E-B5F9-A6E991727B3E}
[2014.03.10 04:15:24 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2014.03.10 04:15:24 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2014.03.09 22:09:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2014.03.08 05:54:50 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\J's Stuff
[2014.03.08 05:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\jBridge
[2014.02.26 11:01:42 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\XnView
[2014.02.26 09:32:37 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014.02.26 09:32:37 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014.02.25 11:54:18 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71d.dll
[2014.02.25 11:54:18 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71d.dll
[2014.02.25 10:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2014.02.24 07:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3
[2014.02.24 07:28:17 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014.02.22 15:04:05 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Audacity
[2014.02.21 20:29:07 | 017,858,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.02.19 03:59:15 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\storage
[2014.02.19 03:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2014.02.19 03:49:22 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2014.02.19 03:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2014.02.19 01:23:14 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\GHISLER
[2014.02.18 11:48:46 | 000,000,000 | ---D | C] -- C:\Windows\W7FBC
[2014.02.17 20:33:10 | 000,000,000 | R--D | C] -- C:\Backup
[2014.02.15 00:41:40 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\Desktop\*.{ED7BA470-8E54-465E-825C-99712043E01C}
[2014.02.13 17:45:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014.02.12 09:02:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014.02.12 09:02:04 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014.02.12 09:02:04 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014.02.12 09:02:04 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014.02.12 09:02:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014.02.12 09:02:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014.02.12 09:02:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014.02.12 09:02:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014.02.12 09:02:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014.02.12 09:02:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014.02.12 09:02:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014.02.12 09:02:04 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014.02.12 09:02:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014.02.12 09:02:03 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014.02.12 09:02:03 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014.02.12 09:02:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014.02.12 08:56:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.02.12 08:55:47 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.12 08:55:47 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.12 08:55:46 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.12 08:55:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.12 08:55:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.12 08:55:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.12 08:55:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.12 08:55:45 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.12 08:55:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.12 08:55:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.12 08:55:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.12 08:55:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.12 08:55:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.12 08:55:44 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.12 08:55:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.12 08:55:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.12 08:55:43 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.12 08:55:43 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.12 08:55:43 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.12 08:55:43 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.12 08:55:42 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.12 08:55:42 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.12 08:55:39 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.12 08:55:17 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014.02.12 08:55:17 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014.02.12 08:54:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.02.12 08:54:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.02.12 08:54:29 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014.02.12 08:54:29 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014.02.12 08:54:29 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014.02.12 08:54:28 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014.02.12 08:54:28 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014.02.12 08:54:28 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014.02.12 08:54:28 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014.02.12 08:54:28 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014.02.12 08:54:28 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014.02.12 08:54:28 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014.02.12 08:54:28 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014.02.12 08:54:28 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014.02.12 08:54:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014.02.12 08:54:27 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014.02.12 08:54:27 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014.02.12 08:54:27 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014.02.12 08:54:27 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014.02.12 08:54:23 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014.02.12 08:54:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014.02.09 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2014.02.09 23:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2014.02.09 22:59:39 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Roaming\FlowStone
[2014.02.09 22:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2014.02.09 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\AppData\Local\Apps
[2014.02.09 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename
[2014.02.09 20:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename
[2014.02.09 19:32:10 | 000,000,000 | ---D | C] -- C:\Users\InfectedUser\dwhelper
 
========== Files - Modified Within 30 Days ==========
 
[2014.03.11 16:04:19 | 000,036,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.03.11 16:04:19 | 000,036,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.11 15:56:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.03.11 15:56:32 | 3129,753,600 | -HS- | M] () -- C:\hiberfil.sys
[2014.03.11 15:56:31 | 000,062,524 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2014.03.11 09:58:16 | 000,001,492 | ---- | M] () -- C:\Users\InfectedUser\AppData\Roaming\EasyToolz.ini
[2014.03.11 09:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.10 20:24:10 | 001,585,324 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.03.10 20:24:10 | 000,685,466 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.03.10 20:24:10 | 000,642,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.03.10 20:24:10 | 000,144,764 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.03.10 20:24:10 | 000,119,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.03.10 04:27:49 | 000,268,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.02.25 12:36:44 | 000,001,698 | ---- | M] () -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyToolz.lnk
[2014.02.24 07:28:17 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014.02.21 20:29:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.02.21 20:29:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.02.21 20:29:07 | 017,858,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.02.15 17:02:43 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2014.02.12 08:58:09 | 001,568,918 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2014.03.11 09:17:24 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
[2014.03.10 04:15:41 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2014.03.10 04:15:41 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2014.03.10 04:15:41 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2014.03.10 04:10:45 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll
[2014.02.25 12:36:44 | 000,001,698 | ---- | C] () -- C:\Users\InfectedUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyToolz.lnk
[2014.02.25 12:34:34 | 000,001,492 | ---- | C] () -- C:\Users\InfectedUser\AppData\Roaming\EasyToolz.ini
[2014.02.09 21:06:41 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.02.09 19:07:23 | 000,062,524 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor
[2014.02.04 23:42:51 | 001,199,175 | ---- | C] () -- C:\Windows\unins002.exe
[2014.02.04 23:42:51 | 000,021,757 | ---- | C] () -- C:\Windows\unins002.dat
[2014.02.04 23:42:46 | 000,091,662 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2014.02.04 23:42:45 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2014.02.04 23:42:45 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll
[2014.02.04 23:42:44 | 001,198,049 | ---- | C] () -- C:\Windows\unins001.exe
[2014.02.04 23:42:44 | 000,010,946 | ---- | C] () -- C:\Windows\unins001.dat
[2014.02.04 23:42:22 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2014.02.04 23:42:22 | 000,007,970 | ---- | C] () -- C:\Windows\unins000.dat
[2014.02.04 23:39:51 | 001,568,918 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.02.04 22:54:29 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2014.02.04 22:54:29 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2014.02.04 22:54:29 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2014.02.04 22:54:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2014.02.04 22:54:29 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.02.22 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Audacity
[2014.03.11 09:15:59 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Downloaded Installations
[2014.02.06 22:11:02 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\DriverCure
[2014.03.11 09:18:05 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\FileOpen
[2014.02.09 22:59:40 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\FlowStone
[2014.03.11 06:01:11 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Flux
[2014.02.18 11:10:22 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\GHISLER
[2014.03.11 09:18:05 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Nitro
[2014.03.11 09:45:59 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Nitro PDF
[2014.02.06 22:11:02 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\SpeedyPC Software
[2014.02.04 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\Trillian
[2014.02.26 11:01:42 | 000,000,000 | ---D | M] -- C:\Users\InfectedUser\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
[CODE\]
Geändert von -=InfUsr=- (11.03.2014 um 17:29 Uhr)

 

Themen zu Was stimmt mit meinem OS nicht?
adobe flash player, asus, bho, browser, explorer, explorer.exe, firefox, flash player, format, hotkey, logfile, microsoft, mozilla, norton internet security, pdf, programme, registry, scan, security, service.exe, software, sound, symantec, windows, winlogon


« Mehere cmd.exe im Tastmanager; 1 Prozess davon verursacht 10% Auslastung | langsames Internet »


Ähnliche Themen: Was stimmt mit meinem OS nicht?


  1. Ich werde das Gefühl nicht los dass mit meinem Rechner etwas nicht stimmt .. (einfrieren, langsam,..)
    Log-Analyse und Auswertung - 04.05.2014 (1)
  2. Mit meinem Rechner Stimmt was nicht :) !
    Log-Analyse und Auswertung - 18.10.2012 (13)
  3. Pipezustand stimmt nicht!
    Alles rund um Windows - 07.01.2011 (1)
  4. Firewall lässt sich nicht aktivieren. Da stimmt was nicht
    Log-Analyse und Auswertung - 25.07.2010 (24)
  5. Was stimmt hier nicht?
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (2)
  6. Bitte um Hilfe!!.mit meinem pc stimmt was nicht..
    Mülltonne - 03.08.2008 (1)
  7. Was stimmt hier nicht ?
    Log-Analyse und Auswertung - 05.07.2008 (0)
  8. da stimmt was nicht, nur was
    Log-Analyse und Auswertung - 25.11.2007 (3)
  9. Da stimmt was nicht?!? - Auswertung log
    Log-Analyse und Auswertung - 31.07.2006 (6)
  10. HILFE! Es stimmt was nicht.
    Plagegeister aller Art und deren Bekämpfung - 05.06.2006 (4)
  11. irgendetwas stimmt nicht
    Log-Analyse und Auswertung - 01.05.2006 (2)
  12. was stimmt hier nicht?
    Log-Analyse und Auswertung - 27.03.2006 (7)
  13. Was stimmt bei mir nicht?
    Log-Analyse und Auswertung - 12.01.2006 (2)
  14. Was stimmt hier nicht?!
    Log-Analyse und Auswertung - 30.03.2005 (4)
  15. das stimmt was nicht
    Log-Analyse und Auswertung - 02.03.2005 (6)
  16. Da stimmt was nicht!
    Log-Analyse und Auswertung - 01.02.2005 (6)
  17. was stimmt mit meinem logfile nicht? hartnäckiger trojaner
    Log-Analyse und Auswertung - 09.11.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Was stimmt mit meinem OS nicht? - OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 11.03.2014 16:21:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\InfectedUser\Downloads 64bit- Professional Service Pack 1 - Was stimmt mit meinem OS nicht?...

Alle Zeitangaben in WEZ +1. Es ist jetzt 20:15 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Was stimmt mit meinem OS nicht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27