|
Log-Analyse und Auswertung: IRP-Hook Fund durch AVG - Win7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.06.2014, 14:43 | #1 |
| IRP-Hook Fund durch AVG - Win7 Hallo, ich habe mich vorhin angemeldet, da mein AVG VP gemeldet hatte, dass ich einige Bedrohungen namens IRP-Hook besitze. Problem: Vor einiger Zeit wurde mein Laptop sehr langsam, braucht mittlerweile zum hochfahren ca 10min. Da ich von Avira nicht gewarnt wurde, dass ich evnt einen Virus habe, dachte ich, dass der Laptop evnt zu voll ist (mit nicht mal 50% voller Festplatte ist dies unwahrscheinlich). Weiterhin ist meistens der Arbeitsspeicher sehr voll. Dann hatte ich CCleaner installiert und mir einen erneut schnellen Laptop erwünscht - er wurde aber nicht schneller. (Nachdem ich hier im Forum etwas gestöbert habe, habe ich unter anderem auch gelesen, dass diese Tuneup Programme sehr wenig bis gar nichts bringen -> sofort deinstalliert) Nachdem das Avira Fenster, welches immer aufplobbt (unten rechts - sehr nervig - jeder kennts), nicht mehr sichtbar war, aber immernoch dort (*Erklärung 1 Absatz weiter*), wurde es mir zu blöd und habe Avira den Rücken gekehrt. AVG fand gleich bei dem ersten Suchlauf das möglich Problem. Leider kann AVG dieses nicht entfernen. *Zum unsichtbaren Avira Fenster: Das Fenster war nicht sichtbar, aber wenn man zB etwas anklicken wollte, was dort ist wo das Fenster wäre, konnte man es nicht anklicken - dafür öffnete sich die Avira Seite (was ja auch normal passiert wenn man das Fenster anklickt). Ich habe schon die Logfiles erstellt: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:24 on 01/06/2014 (M@x) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 Ran by M@x (administrator) on MAX on 01-06-2014 14:28:43 Running from C:\Users\M@x\Desktop\virus Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Dropbox, Inc.) C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Igor Pavlov) C:\Program Files (x86)\AVG\AVG2014\Notification\Launcher.exe () C:\Windows\Temp\7zSE90B.tmp\Setup.exe () C:\Windows\Temp\7zSE90B.tmp\AVG-Secure-Search-Update.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1889281412-2550506517-43233976-1000\...\MountPoints2: {c7ca9684-6238-11e3-9e10-dc0ea12158ed} - E:\vs_professional.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation) Startup: C:\Users\M@x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.avg.com?cid={732F2B7F-2F7B-4C51-B077-352BADE8D4A9}&mid=d13b5843104a47d39a860d47e7c5b11e-52706fd01b5b6d3506cc648d2bad3045f154fad6&lang=ge/finishurl=hxxp://toolbar.avg.com/p-install?lang=ge&ds=ht011&coid=avgtbdisht&cmpid=&pr=sa&d=2014-02-05 21:51:36&v=18.1.5.512&pid=safeguard&sg=0&sap=hp SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={732F2B7F-2F7B-4C51-B077-352BADE8D4A9}&mid=d13b5843104a47d39a860d47e7c5b11e-52706fd01b5b6d3506cc648d2bad3045f154fad6&lang=ge/finishurl=hxxp://toolbar.avg.com/p-install?lang=ge&ds=ht011&coid=avgtbdisht&cmpid=&pr=sa&d=2014-02-05 21:51:36&v=18.0.5.292&pid=safeguard&sg=0&sap=dsp&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Hosts: 132.187.1.5 vpngw.uni-wuerzburg.de ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed. Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\M@x\AppData\Roaming\Mozilla\Firefox\Profiles\xsuixptc.default FF Homepage: hxxp://www.google.com/ FF Keyword.URL: user_pref("keyword.URL", ""); FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\M@x\AppData\Roaming\Mozilla\Firefox\Profiles\xsuixptc.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: Ghostery - C:\Users\M@x\AppData\Roaming\Mozilla\Firefox\Profiles\xsuixptc.default\Extensions\firefox@ghostery.com.xpi [2013-08-17] FF Extension: S3.Google Translator - C:\Users\M@x\AppData\Roaming\Mozilla\Firefox\Profiles\xsuixptc.default\Extensions\s3google@translator.xpi [2013-11-10] FF Extension: NoScript - C:\Users\M@x\AppData\Roaming\Mozilla\Firefox\Profiles\xsuixptc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-27] FF Extension: Adblock Plus - C:\Users\M@x\AppData\Roaming\Mozilla\Firefox\Profiles\xsuixptc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-18] FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] FF HKCU\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Users\M@x\AppData\Roaming\Mozilla\Firefox\Profiles\xsuixptc.default\extensions\sparpilot@sparpilot.com ==================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-11] (Razer, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation) S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-11] (Razer, Inc.) R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [267776 2013-05-12] (Jungo Connectivity) S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 14:28 - 2014-06-01 14:28 - 00000000 ____D () C:\FRST 2014-06-01 14:24 - 2014-06-01 14:24 - 00000000 _____ () C:\Users\M@x\defogger_reenable 2014-06-01 14:05 - 2014-06-01 14:28 - 00000000 ____D () C:\Users\M@x\Desktop\virus 2014-06-01 14:01 - 2014-06-01 14:01 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-06-01 14:01 - 2014-06-01 14:01 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-06-01 13:57 - 2014-06-01 13:57 - 00000000 ____D () C:\Users\M@x\Desktop\OpenOffice 4.1.0 (en-US) Installation Files 2014-06-01 13:55 - 2014-06-01 13:57 - 140910890 _____ () C:\Users\M@x\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe 2014-06-01 13:48 - 2014-06-01 13:48 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job 2014-06-01 13:48 - 2014-06-01 13:48 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-05-31 12:53 - 2014-05-31 12:53 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\AVG2014 2014-05-31 12:52 - 2014-05-31 12:52 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-31 12:52 - 2014-05-31 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-31 12:51 - 2014-05-31 12:53 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-31 12:51 - 2014-05-31 12:51 - 00000000 ___HD () C:\$AVG 2014-05-31 12:51 - 2014-05-31 12:51 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-31 12:41 - 2014-06-01 13:51 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-31 12:41 - 2014-05-31 13:08 - 00000000 ____D () C:\Users\M@x\AppData\Local\Avg2014 2014-05-31 12:41 - 2014-05-31 12:41 - 04487240 _____ (AVG Technologies) C:\Users\M@x\Downloads\avg_isct_stb_all_2014_4592.exe 2014-05-31 12:41 - 2014-05-31 12:41 - 00000000 ____D () C:\Users\M@x\AppData\Local\MFAData 2014-05-26 20:11 - 2014-05-26 20:11 - 01097413 _____ () C:\Users\M@x\Desktop\spanien.xps 2014-05-17 17:26 - 2014-06-01 09:30 - 00003024 _____ () C:\Windows\setupact.log 2014-05-17 17:26 - 2014-05-17 17:26 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-17 17:25 - 2014-06-01 09:29 - 00000678 _____ () C:\Windows\PFRO.log 2014-05-17 12:32 - 2014-05-17 13:54 - 00000000 ____D () C:\Users\M@x\.android 2014-05-17 12:31 - 2014-05-17 12:31 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2014-05-17 12:30 - 2014-05-17 12:30 - 00000000 ____D () C:\Users\M@x\AppData\Local\Android 2014-05-17 12:26 - 2014-05-17 12:28 - 87383126 _____ (Google Inc.) C:\Users\M@x\Downloads\installer_r22.6.2-windows.exe 2014-05-17 12:13 - 2014-05-17 13:54 - 00000000 ____D () C:\Users\M@x\Documents\Android 2014-05-17 12:11 - 2014-05-17 12:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-17 11:54 - 2014-05-17 11:58 - 159077280 _____ (Oracle Corporation) C:\Users\M@x\Downloads\jdk-8u5-windows-i586.exe 2014-05-16 15:56 - 2014-06-01 09:33 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\DropboxMaster 2014-05-15 20:03 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 20:03 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 20:03 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 20:03 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 20:03 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 20:03 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 17:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 17:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 17:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 17:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 17:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 17:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 17:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 17:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 17:52 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 17:52 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 17:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 17:52 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 17:52 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 17:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 17:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 17:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 17:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 17:52 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 17:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 17:52 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 17:52 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 17:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 17:52 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 17:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 17:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 17:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 17:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 17:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 17:52 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 17:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 17:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 17:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 17:52 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 17:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-12 21:36 - 2014-05-12 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-06-01 14:29 - 2012-09-18 11:41 - 00000000 ____D () C:\Users\M@x\AppData\Local\Temp 2014-06-01 14:28 - 2014-06-01 14:28 - 00000000 ____D () C:\FRST 2014-06-01 14:28 - 2014-06-01 14:05 - 00000000 ____D () C:\Users\M@x\Desktop\virus 2014-06-01 14:26 - 2012-09-18 12:14 - 00070264 _____ () C:\Users\M@x\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-01 14:24 - 2014-06-01 14:24 - 00000000 _____ () C:\Users\M@x\defogger_reenable 2014-06-01 14:24 - 2012-09-18 11:41 - 00000000 ____D () C:\Users\M@x 2014-06-01 14:01 - 2014-06-01 14:01 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-06-01 14:01 - 2014-06-01 14:01 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-06-01 14:01 - 2013-07-25 10:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-06-01 14:01 - 2012-11-09 09:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-01 13:57 - 2014-06-01 13:57 - 00000000 ____D () C:\Users\M@x\Desktop\OpenOffice 4.1.0 (en-US) Installation Files 2014-06-01 13:57 - 2014-06-01 13:55 - 140910890 _____ () C:\Users\M@x\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe 2014-06-01 13:51 - 2014-05-31 12:41 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-01 13:48 - 2014-06-01 13:48 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job 2014-06-01 13:48 - 2014-06-01 13:48 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-06-01 13:24 - 2012-12-02 18:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 13:23 - 2012-09-18 11:30 - 01605577 _____ () C:\Windows\WindowsUpdate.log 2014-06-01 11:26 - 2009-07-14 06:45 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-01 11:26 - 2009-07-14 06:45 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-01 09:35 - 2013-09-13 10:48 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\Dropbox 2014-06-01 09:34 - 2013-09-13 10:51 - 00000000 ___RD () C:\Users\M@x\Dropbox 2014-06-01 09:33 - 2014-05-16 15:56 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\DropboxMaster 2014-06-01 09:31 - 2013-10-24 20:07 - 00000000 ____D () C:\Users\M@x\AppData\Local\TSVNCache 2014-06-01 09:30 - 2014-05-17 17:26 - 00003024 _____ () C:\Windows\setupact.log 2014-06-01 09:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-01 09:29 - 2014-05-17 17:25 - 00000678 _____ () C:\Windows\PFRO.log 2014-05-31 13:08 - 2014-05-31 12:41 - 00000000 ____D () C:\Users\M@x\AppData\Local\Avg2014 2014-05-31 12:53 - 2014-05-31 12:53 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\AVG2014 2014-05-31 12:53 - 2014-05-31 12:51 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-31 12:52 - 2014-05-31 12:52 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-31 12:52 - 2014-05-31 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-31 12:52 - 2013-12-11 16:41 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\TuneUp Software 2014-05-31 12:51 - 2014-05-31 12:51 - 00000000 ___HD () C:\$AVG 2014-05-31 12:51 - 2014-05-31 12:51 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-31 12:43 - 2013-08-05 20:01 - 00000000 ____D () C:\ProgramData\Avira 2014-05-31 12:41 - 2014-05-31 12:41 - 04487240 _____ (AVG Technologies) C:\Users\M@x\Downloads\avg_isct_stb_all_2014_4592.exe 2014-05-31 12:41 - 2014-05-31 12:41 - 00000000 ____D () C:\Users\M@x\AppData\Local\MFAData 2014-05-31 12:14 - 2013-11-21 23:07 - 00000000 ____D () C:\Program Files (x86)\PasswordBox 2014-05-30 13:40 - 2012-12-24 15:40 - 00000000 ____D () C:\Program Files (x86)\Warcraft III 2014-05-30 12:19 - 2012-09-18 11:42 - 00000000 ___RD () C:\Users\M@x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-30 12:18 - 2013-09-13 10:51 - 00000973 _____ () C:\Users\M@x\Desktop\Dropbox.lnk 2014-05-30 12:18 - 2013-09-13 10:49 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-26 20:11 - 2014-05-26 20:11 - 01097413 _____ () C:\Users\M@x\Desktop\spanien.xps 2014-05-17 17:26 - 2014-05-17 17:26 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-17 17:26 - 2009-07-14 06:45 - 00332768 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-17 15:38 - 2013-09-27 22:06 - 00000000 ____D () C:\ProgramData\Skype 2014-05-17 15:36 - 2013-10-23 17:24 - 00000023 _____ () C:\Windows\ODBCINST.INI 2014-05-17 15:36 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-05-17 15:36 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-05-17 15:33 - 2013-12-11 17:14 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-05-17 15:33 - 2013-12-11 17:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-05-17 14:31 - 2013-09-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-17 14:25 - 2013-12-11 18:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-05-17 14:20 - 2013-12-11 17:14 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-05-17 14:20 - 2013-12-11 17:14 - 00000000 ____D () C:\Windows\SysWOW64\1031 2014-05-17 14:20 - 2013-12-11 17:14 - 00000000 ____D () C:\Windows\system32\1033 2014-05-17 14:20 - 2013-12-11 17:07 - 00000000 ____D () C:\Windows\system32\1031 2014-05-17 14:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-05-17 14:04 - 2013-04-30 20:41 - 00000000 ____D () C:\Users\M@x\AppData\Local\Deployment 2014-05-17 13:54 - 2014-05-17 12:32 - 00000000 ____D () C:\Users\M@x\.android 2014-05-17 13:54 - 2014-05-17 12:13 - 00000000 ____D () C:\Users\M@x\Documents\Android 2014-05-17 13:50 - 2012-10-24 10:44 - 00000000 ____D () C:\Users\M@x\AppData\Local\Eclipse 2014-05-17 13:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-17 12:31 - 2014-05-17 12:31 - 00000000 ____D () C:\Users\M@x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2014-05-17 12:30 - 2014-05-17 12:30 - 00000000 ____D () C:\Users\M@x\AppData\Local\Android 2014-05-17 12:28 - 2014-05-17 12:26 - 87383126 _____ (Google Inc.) C:\Users\M@x\Downloads\installer_r22.6.2-windows.exe 2014-05-17 12:11 - 2014-05-17 12:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-17 12:11 - 2014-02-23 17:03 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-17 12:11 - 2014-02-23 17:03 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-17 12:11 - 2014-02-23 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-17 12:11 - 2014-02-23 17:03 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-17 12:04 - 2013-09-15 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-05-17 12:04 - 2013-09-15 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-17 11:58 - 2014-05-17 11:54 - 159077280 _____ (Oracle Corporation) C:\Users\M@x\Downloads\jdk-8u5-windows-i586.exe 2014-05-16 15:49 - 2012-09-18 11:42 - 00000000 ___RD () C:\Users\M@x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 15:44 - 2014-04-30 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-16 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 20:02 - 2013-08-15 10:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 20:00 - 2012-09-18 13:20 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 19:02 - 2012-11-09 09:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 19:02 - 2012-09-18 16:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 19:02 - 2012-09-18 16:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 17:36 - 2012-09-21 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-12 21:36 - 2014-05-12 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:21 - 2013-12-04 18:32 - 00000000 ____D () C:\Users\M@x\AppData\Local\Battle.net 2014-05-09 08:14 - 2014-05-14 17:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 17:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 06:40 - 2014-05-15 20:03 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 20:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 20:03 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 20:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 20:03 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 20:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 20:37 - 2014-03-03 18:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net Some content of TEMP: ==================== C:\Users\M@x\AppData\Local\Temp\avgnt.exe C:\Users\M@x\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrloxx.dll C:\Users\M@x\AppData\Local\Temp\UNINSTALL.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-01 11:20 ==================== End Of Log ============================ GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-01 15:01:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22JJ5T0 rev.01.01A01 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\M@x\AppData\Local\Temp\pxldypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031a4000 45 bytes [00, 00, D6, 00, 4D, 6D, 57, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031a402f 16 bytes [00, 00, 00, 2D, 07, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007714a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077153f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007716ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007717f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771b94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000771d87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe2f7490 11 bytes JMP 000007fffc3f0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe30bf00 7 bytes JMP 000007fffc3f0260 .text C:\Windows\system32\Dwm.exe[1220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2689e0 8 bytes JMP 000007fffc3f01f0 .text C:\Windows\system32\Dwm.exe[1220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe26be40 8 bytes JMP 000007fffc3f01b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075721f0e 7 bytes JMP 00000001739b3550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075725bad 7 bytes JMP 00000001739b37f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075731409 7 bytes JMP 00000001739b3650 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007573ea45 7 bytes JMP 00000001739b3540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757c8e24 7 bytes JMP 00000001739b3310 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757c8ea9 5 bytes JMP 00000001739b33c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757c91ff 5 bytes JMP 00000001739b3320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d41d29 5 bytes JMP 00000001739b32b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d41dd7 5 bytes JMP 00000001739b3270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d42ab1 5 bytes JMP 00000001739b33d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d42d17 5 bytes JMP 00000001739b30b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075148a29 5 bytes JMP 00000001739b2c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075154572 5 bytes JMP 00000001739b3030 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007516e567 5 bytes JMP 00000001739b30a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000751a7a5c 5 bytes JMP 00000001739b3020 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b1e96b 5 bytes JMP 00000001739b2cd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b1eba5 5 bytes JMP 00000001739b2ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001739b2c20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 00000001739b2bb0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007714a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077153f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007716ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007717f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771b94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000771d87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc402db0 5 bytes JMP 000007fffc3f0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4037d0 7 bytes JMP 000007fffc3f00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc408ef0 6 bytes JMP 000007fffc3f0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc41af60 5 bytes JMP 000007fffc3f0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2689e0 8 bytes JMP 000007fffc3f01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe26be40 8 bytes JMP 000007fffc3f01b8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075721f0e 7 bytes JMP 00000001739b3550 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075725bad 7 bytes JMP 00000001739b37f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075731409 7 bytes JMP 00000001739b3650 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007573ea45 7 bytes JMP 00000001739b3540 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757c8e24 7 bytes JMP 00000001739b3310 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757c8ea9 5 bytes JMP 00000001739b33c0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757c91ff 5 bytes JMP 00000001739b3320 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d41d29 5 bytes JMP 00000001739b32b0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d41dd7 5 bytes JMP 00000001739b3270 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d42ab1 5 bytes JMP 00000001739b33d0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d42d17 5 bytes JMP 00000001739b30b0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b1e96b 5 bytes JMP 00000001739b2cd0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b1eba5 5 bytes JMP 00000001739b2ce0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075148a29 5 bytes JMP 00000001739b2c60 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075154572 5 bytes JMP 00000001739b3030 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007516e567 5 bytes JMP 00000001739b30a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3292] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000751a7a5c 5 bytes JMP 00000001739b3020 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075721f0e 7 bytes JMP 00000001739b3550 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075725bad 7 bytes JMP 00000001739b37f0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075731409 7 bytes JMP 00000001739b3650 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007573ea45 7 bytes JMP 00000001739b3540 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757c8e24 7 bytes JMP 00000001739b3310 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757c8ea9 5 bytes JMP 00000001739b33c0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757c91ff 5 bytes JMP 00000001739b3320 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d41d29 5 bytes JMP 00000001739b32b0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d41dd7 5 bytes JMP 00000001739b3270 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d42ab1 5 bytes JMP 00000001739b33d0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d42d17 5 bytes JMP 00000001739b30b0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075148a29 5 bytes JMP 00000001739b2c60 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075154572 5 bytes JMP 00000001739b3030 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007516e567 5 bytes JMP 00000001739b30a0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000751a7a5c 5 bytes JMP 00000001739b3020 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b1e96b 5 bytes JMP 00000001739b2cd0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b1eba5 5 bytes JMP 00000001739b2ce0 .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075111465 2 bytes [11, 75] .text C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe[3316] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000751114bb 2 bytes [11, 75] .text ... * 2 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075721f0e 7 bytes JMP 00000001739b3550 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075725bad 7 bytes JMP 00000001739b37f0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075731409 7 bytes JMP 00000001739b3650 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007573ea45 7 bytes JMP 00000001739b3540 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000757c8e24 7 bytes JMP 00000001739b3310 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000757c8ea9 5 bytes JMP 00000001739b33c0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000757c91ff 5 bytes JMP 00000001739b3320 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d41d29 5 bytes JMP 00000001739b32b0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d41dd7 5 bytes JMP 00000001739b3270 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d42ab1 5 bytes JMP 00000001739b33d0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d42d17 5 bytes JMP 00000001739b30b0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b1e96b 5 bytes JMP 00000001739b2cd0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b1eba5 5 bytes JMP 00000001739b2ce0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075148a29 5 bytes JMP 00000001739b2c60 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075154572 5 bytes JMP 00000001739b3030 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007516e567 5 bytes JMP 00000001739b30a0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000751a7a5c 5 bytes JMP 00000001739b3020 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001739b2c20 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 00000001739b2bb0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075111465 2 bytes [11, 75] .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751114bb 2 bytes [11, 75] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075721f0e 7 bytes JMP 00000001739b3550 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075725bad 7 bytes JMP 00000001739b37f0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075731409 7 bytes JMP 00000001739b3650 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007573ea45 7 bytes JMP 00000001739b3540 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757c8e24 7 bytes JMP 00000001739b3310 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757c8ea9 5 bytes JMP 00000001739b33c0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757c91ff 5 bytes JMP 00000001739b3320 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d41d29 5 bytes JMP 00000001739b32b0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d41dd7 5 bytes JMP 00000001739b3270 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d42ab1 5 bytes JMP 00000001739b33d0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d42d17 5 bytes JMP 00000001739b30b0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075148a29 5 bytes JMP 00000001739b2c60 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075154572 5 bytes JMP 00000001739b3030 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007516e567 5 bytes JMP 00000001739b30a0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000751a7a5c 5 bytes JMP 00000001739b3020 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b1e96b 5 bytes JMP 00000001739b2cd0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3384] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b1eba5 5 bytes JMP 00000001739b2ce0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075721f0e 7 bytes JMP 00000001739b3550 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075725bad 7 bytes JMP 00000001739b37f0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075731409 7 bytes JMP 00000001739b3650 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007573ea45 7 bytes JMP 00000001739b3540 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757c8e24 7 bytes JMP 00000001739b3310 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757c8ea9 5 bytes JMP 00000001739b33c0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757c91ff 5 bytes JMP 00000001739b3320 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d41d29 5 bytes JMP 00000001739b32b0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d41dd7 5 bytes JMP 00000001739b3270 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d42ab1 5 bytes JMP 00000001739b33d0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d42d17 5 bytes JMP 00000001739b30b0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b1e96b 5 bytes JMP 00000001739b2cd0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b1eba5 5 bytes JMP 00000001739b2ce0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075148a29 5 bytes JMP 00000001739b2c60 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075154572 5 bytes JMP 00000001739b3030 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007516e567 5 bytes JMP 00000001739b30a0 .text C:\Users\M@x\Desktop\virus\Gmer-19357.exe[7736] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000751a7a5c 5 bytes JMP 00000001739b3020 ---- Processes - GMER 2.1 ---- Library C:\Users\M@x\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe [3316](2014-01-03 01:09:26) 0000000004030000 Library c:\users\m@x\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrloxx.dll (*** suspicious ***) @ C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe [3316](2014-06-01 07:32:18) 00000000031c0000 Library C:\Users\M@x\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe [3316](2013-08-23 19:01:44) 0000000067c90000 Library C:\Users\M@x\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\M@x\AppData\Roaming\Dropbox\bin\Dropbox.exe [3316] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000666b0000 Library C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [3368] (Razer Configurator/Razer Inc.)(2014-01-28 06:23:28) 0000000063090000 ---- EOF - GMER 2.1 ---- Von AVG habe ich leider kein Log File - kurze Erklärung wie ich es bekomme, wäre sehr hilfreich ;-) Viele Grüße und vielen Dank im voraus! Max |
01.06.2014, 21:50 | #2 |
/// the machine /// TB-Ausbilder | IRP-Hook Fund durch AVG - Win7 hi,
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
03.06.2014, 21:06 | #3 | |
| IRP-Hook Fund durch AVG - Win7 Hallo,
__________________ich bin mittlerweile etwas verwirrt ... Ich habe gestern den Malwarebytes Anti-Rootkit Scan laufen lassen, dieser fand keine Malware. Gerade eben habe ich nochmals den AVG Scan laufen lassen und dieser fand nichts?! Es kann doch nicht sein, dass einmal was gefunden wird, es nicht gelöscht wird und bei der nächsten Suche wird nichts mehr gefunden?! An was könnte dies liegen, soll ich nochmals einen Scan durchführen? Wenn ich die mbar.exe ausführe, kommt am Anfang direkt ein Fenster welches mich fragt: Zitat:
Noch wichtig, ich habe keine anderen Programme ausgeführt außer die von denen die Log Dateien sind und Malwarebytes Anti-Rootkit. Code:
ATTFilter mbar-log-2014-06-02 (22-39-27).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 324374 Time elapsed: 18 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Viele Grüße Geändert von Toranx (03.06.2014 um 21:11 Uhr) |
04.06.2014, 18:42 | #4 |
/// the machine /// TB-Ausbilder | IRP-Hook Fund durch AVG - Win7 Update von AVG gemacht in der Zwischenzeit? War bestimmt ne Fehlerkennung?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.06.2014, 08:32 | #5 |
| IRP-Hook Fund durch AVG - Win7 Hallo, sorry dass ich jetzt erst antworte, hatte zu viel zum die Ohren. Ja es scheint als ob AVG ein Update gemacht hat. Vielen Dank und viele Grüße |
08.06.2014, 10:04 | #6 |
/// the machine /// TB-Ausbilder | IRP-Hook Fund durch AVG - Win7 Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> IRP-Hook Fund durch AVG - Win7 |
Themen zu IRP-Hook Fund durch AVG - Win7 |
administrator, avg, avira, browser, cid, desktop, explorer, festplatte, firefox, flash player, helper, home, homepage, installation, langsam, log file, mozilla, nicht sichtbar, nvidia, registry, software, svchost.exe, system, temp, tracker, virus, windows |