| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.06.2015, 18:55
| #1 |
| |  Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Hallo, Trojaner-Board-Community. seit gestern bekomme ich von Avira die Meldung, dass mein Rechner mit einem Virus mit im Titel genannten Namen infiziert sei. Die Googleergebnisse sagten mir, dass dieser Virus wohl meist mit Programmen runtergeladen wird, ich wüßte jedoch nicht, wann ich die letzten Tage (bewusst) irgendwas neues auf meinem Rechner installiert haben sollte (damit einher geht, dass mein Laptop derzeit ziemlich langsam ist)... Als ich anschließend mein System mit Avira scannen wollte, nahmen die Suchläufe ewig viel Zeit in Anspruch (normalerweise sind das bei mir max. 2 Stunde, jetzt das zwei- bis vierfache. Malwarebytes funktionierte normal, hat aber keine verdächtigen Funde gemacht. Da ich das Gefühl habe, dass Avira mir bei Beseitigung des Virus (und womöglich auch noch anderer schadhafter Dateien) nicht weiterhelfen kann, bitte ich jetzt euch um Rat! Im folgenden nun die Logs, vielen Dank im Voraus schonmal für die Hilfe!  Avira-Log: Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ Malwarebytes: Code:
ATTFilter Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****mann
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 438921
Verstrichene Zeit: 58 Min, 14 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 11/06/2015 (*****mann)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ Addition: Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-11 19:42:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****M~1\AppData\Local\Temp\uxlcyuoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [3652] entry point in ".rdata" section 000000005b1a71e6
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [3612] entry point in ".rdata" section 000000005b1a71e6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [3996:2504] 0000000001061877
Thread C:\Windows\SysWOW64\ntdll.dll [3996:868] 0000000064a6f8b0
Thread C:\Windows\SysWOW64\ntdll.dll [3996:1352] 0000000064a6e8a0
Thread C:\Windows\SysWOW64\ntdll.dll [3996:1596] 0000000064a6f2e0
---- Processes - GMER 2.1 ----
Library c:\users\*****m~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-06-11 08:37:51) 0000000004c50000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000057cb0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005b90000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000562f0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055b90000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 000000005b1c0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000057ad0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000056ae0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055970000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055710000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b2e0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 000000005b2d0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000055320000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b400000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b340000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 0000000056210000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 0000000056180000
---- EOF - GMER 2.1 ----
|
|
11.06.2015, 20:43
| #2 |
| /// TB-Ausbilder   | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
11.06.2015, 22:39
| #3 |
| | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Hey,
__________________erstmal vielen Dank für die schnelle Antwort! Die log-Dateien haben leider die maximale Beitragslänge um mehr als das doppelte überschritten, weshalb ich sie im Anhang als ZIP-Datei hochgeladen habe! |
|
12.06.2015, 14:23
| #4 | |
| /// TB-Ausbilder | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Scan mit Combofix
|
|
12.06.2015, 16:02
| #5 |
| | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Ok, nun sollte es richtig abgespeichert sein.. Hier das log von Combofix: Code:
ATTFilter ComboFix 15-06-09.01 - ***** 12.06.2015 16:35:48.1.4 - x64
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*****M~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\*****\AppData\Roaming\Love
c:\users\*****\AppData\Roaming\Love\mari0\options.txt
c:\windows\SysWow64\PowerToyReadme.htm
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-12 bis 2015-06-12 ))))))))))))))))))))))))))))))
.
.
2015-06-11 21:35 . 2015-06-11 21:35 -------- d-----w- c:\program files (x86)\7-Zip
2015-06-11 17:12 . 2015-06-11 21:08 -------- d-----w- C:\FRST
2015-06-10 14:11 . 2015-05-25 18:19 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-06-10 14:09 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 14:08 . 2015-06-01 19:16 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-06-10 14:08 . 2015-05-27 14:35 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-06-10 14:08 . 2015-05-22 18:24 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-06-10 14:08 . 2015-05-22 19:12 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-06-10 05:27 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-03 13:59 . 2015-06-03 13:59 -------- d-----w- c:\users\*****\AppData\Roaming\Opera Software
2015-06-03 13:59 . 2015-06-03 13:59 -------- d-----w- c:\users\*****\AppData\Local\Opera Software
2015-06-03 13:58 . 2015-06-11 08:40 -------- d-----w- c:\program files (x86)\Opera
2015-06-03 13:58 . 2015-06-03 13:58 -------- d-----w- c:\users\*****\AppData\Roaming\RHEng
2015-05-14 13:51 . 2015-06-08 21:09 -------- d-----w- c:\users\*****\AppData\Roaming\Telegram Desktop
2015-05-14 12:40 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 12:40 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 17:47 . 2014-08-15 15:57 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-11 08:25 . 2013-08-05 16:03 153256 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-06-11 08:25 . 2013-08-05 16:03 132656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-06-10 14:55 . 2012-03-29 12:50 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 14:55 . 2011-08-04 14:07 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-10 05:25 . 2011-08-04 13:55 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 14:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-06 03:26 . 2015-05-06 03:26 341512 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2015-04-20 03:17 . 2015-05-13 12:11 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 12:11 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 12:11 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 12:13 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 12:13 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2014-08-15 15:57 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-08-15 15:57 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2012-02-27 22:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 12:12 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 12:11 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 12:11 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 12:11 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-03-25 03:24 . 2015-04-15 16:23 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 16:23 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 16:23 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 16:23 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 16:23 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 16:23 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 16:23 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 16:23 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 16:23 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 16:23 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 16:23 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 16:23 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 16:23 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 16:23 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 16:23 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 16:23 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-03-09 297280]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-11 730416]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-05-05 448520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-05-21 130864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Tintenwarnungen überwachen - HP Deskjet 3050 J610 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050 J610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN08H1B04H05HX;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\*****M~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\*****M~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\*****M~1\AppData\Local\Temp\005F642.tmp;c:\users\*****M~1\AppData\Local\Temp\005F642.tmp [x]
R3 X6va007;X6va007;c:\users\*****M~1\AppData\Local\Temp\00712A7.tmp;c:\users\*****M~1\AppData\Local\Temp\00712A7.tmp [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:55]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 10:26]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 10:26]
.
2015-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:07]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5}: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fq2px8s3.default\
FF - prefs.js: browser.startup.homepage - hxxps://elearning.uni-bremen.de/
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\*****M~1\AppData\Local\Temp\005F642.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\*****M~1\AppData\Local\Temp\00712A7.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1808584194-2299857355-2086239866-1001\Software\SecuROM\License information*]
"datasecu"=hex:1a,37,6a,d1,71,fc,7f,e0,fe,91,b8,f6,cd,7a,73,f9,c4,1f,bd,27,d7,
a9,ac,f8,e8,ab,47,bf,c1,98,fc,e1,32,0b,d7,13,cf,89,cf,c4,de,40,03,bb,5f,2d,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-12 16:55:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-06-12 14:55
.
Vor Suchlauf: 14 Verzeichnis(se), 260.246.937.600 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 259.908.997.120 Bytes frei
.
- - End Of File - - 3BF8F1F0D8535A6A1EE3E0D49DB6B958
|
|
12.06.2015, 22:51
| #6 |
| /// TB-Ausbilder | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
13.06.2015, 11:21
| #7 |
| | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Ok, die Logfiles haben wieder die maximale Gesamtlänge überschritten, deshalb die fünf Dateien im Anhang! Liebe Grüße! |
|
13.06.2015, 11:53
| #8 |
| /// TB-Ausbilder | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Servus, Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-1808584194-2299857355-2086239866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 X6va005; \??\C:\Users\*****~1\AppData\Local\Temp\005F642.tmp [X]
S3 X6va007; \??\C:\Users\*****~1\AppData\Local\Temp\00712A7.tmp [X]
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
14.06.2015, 21:18
| #9 |
| | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Also, hier die Logfiles: FRST Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by ***** at 2015-06-14 18:37:45 Run:1
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** & UpdatusUser (Available Profiles: ***** & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1808584194-2299857355-2086239866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 X6va005; \??\C:\Users\*****~1\AppData\Local\Temp\005F642.tmp [X]
S3 X6va007; \??\C:\Users\*****~1\AppData\Local\Temp\00712A7.tmp [X]
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
"HKU\S-1-5-21-1808584194-2299857355-2086239866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
X6va005 => Service removed successfully
X6va007 => Service removed successfully
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1808584194-2299857355-2086239866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1808584194-2299857355-2086239866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 1 GB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 18:37:53 ====
ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c444d5a6d1dfdd42a57cd3d7c1b66d18
# end=init
# utc_time=2015-06-14 04:47:29
# local_time=2015-06-14 06:47:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24323
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c444d5a6d1dfdd42a57cd3d7c1b66d18
# end=updated
# utc_time=2015-06-14 04:50:36
# local_time=2015-06-14 06:50:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c444d5a6d1dfdd42a57cd3d7c1b66d18
# engine=24323
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-14 07:30:47
# local_time=2015-06-14 09:30:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58591644 185940097 0 0
# scanned=254677
# found=1
# cleaned=0
# scan_time=9610
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
Securitycheck: Code:
ATTFilter Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java(TM) 6 Update 33
Java 7 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox (38.0.5)
Mozilla Thunderbird 24.6.0 Thunderbird out of Date!
Google Chrome 14.0.835.202 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
15.06.2015, 15:16
| #10 | ||||||||||
| /// TB-Ausbilder | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
17.06.2015, 14:12
| #11 |
| | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Ok, hier schonmal die Fixlog von FRST, bevor ich DelFix benutze: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by ***** at 2015-06-17 14:53:39 Run:2
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** & UpdatusUser (Available Profiles: ***** & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe
end
*****************
Processes closed successfully.
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe => moved successfully.
The system needed a reboot..
==== End of Fixlog 14:53:40 ====
Ich scheine aber keine Probleme mehr zu haben, deswegen an dieser Stelle schonmal vielen Dank (ich schreib aber auch nochmal einen Feedback-Thread! ;-) ) |
|
17.06.2015, 14:20
| #12 |
| /// TB-Ausbilder | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" |
| adobe, adobe flash player, avg, avira, beseitigung, dateien, desktop, flash player, harddisk, infiziert, langsam, malwarebytes, microsoft, mozilla, namen, nvidia, opera, programme, scan, svchost.exe, system, temp, virus, windows, winlogon.exe |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
