| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.06.2015, 18:55
| #1 |
| |  Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Hallo, Trojaner-Board-Community. seit gestern bekomme ich von Avira die Meldung, dass mein Rechner mit einem Virus mit im Titel genannten Namen infiziert sei. Die Googleergebnisse sagten mir, dass dieser Virus wohl meist mit Programmen runtergeladen wird, ich wüßte jedoch nicht, wann ich die letzten Tage (bewusst) irgendwas neues auf meinem Rechner installiert haben sollte (damit einher geht, dass mein Laptop derzeit ziemlich langsam ist)... Als ich anschließend mein System mit Avira scannen wollte, nahmen die Suchläufe ewig viel Zeit in Anspruch (normalerweise sind das bei mir max. 2 Stunde, jetzt das zwei- bis vierfache. Malwarebytes funktionierte normal, hat aber keine verdächtigen Funde gemacht. Da ich das Gefühl habe, dass Avira mir bei Beseitigung des Virus (und womöglich auch noch anderer schadhafter Dateien) nicht weiterhelfen kann, bitte ich jetzt euch um Rat! Im folgenden nun die Logs, vielen Dank im Voraus schonmal für die Hilfe!  Avira-Log: Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ Malwarebytes: Code:
ATTFilter Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****mann
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 438921
Verstrichene Zeit: 58 Min, 14 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 11/06/2015 (*****mann)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ Addition: Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-11 19:42:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****M~1\AppData\Local\Temp\uxlcyuoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [3652] entry point in ".rdata" section 000000005b1a71e6
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [3612] entry point in ".rdata" section 000000005b1a71e6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [3996:2504] 0000000001061877
Thread C:\Windows\SysWOW64\ntdll.dll [3996:868] 0000000064a6f8b0
Thread C:\Windows\SysWOW64\ntdll.dll [3996:1352] 0000000064a6e8a0
Thread C:\Windows\SysWOW64\ntdll.dll [3996:1596] 0000000064a6f2e0
---- Processes - GMER 2.1 ----
Library c:\users\*****m~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-06-11 08:37:51) 0000000004c50000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000057cb0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005b90000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000562f0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055b90000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 000000005b1c0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000057ad0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000056ae0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055970000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055710000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b2e0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 000000005b2d0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000055320000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b400000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b340000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 0000000056210000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 0000000056180000
---- EOF - GMER 2.1 ----
|
| Themen zu Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" |
| adobe, adobe flash player, avg, avira, beseitigung, dateien, desktop, flash player, harddisk, infiziert, langsam, malwarebytes, microsoft, mozilla, namen, nvidia, opera, programme, scan, svchost.exe, system, temp, virus, windows, winlogon.exe |
Baum-Darstellung