| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
11.06.2015, 18:55
| #1 |
| |  Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Hallo, Trojaner-Board-Community. seit gestern bekomme ich von Avira die Meldung, dass mein Rechner mit einem Virus mit im Titel genannten Namen infiziert sei. Die Googleergebnisse sagten mir, dass dieser Virus wohl meist mit Programmen runtergeladen wird, ich wüßte jedoch nicht, wann ich die letzten Tage (bewusst) irgendwas neues auf meinem Rechner installiert haben sollte (damit einher geht, dass mein Laptop derzeit ziemlich langsam ist)... Als ich anschließend mein System mit Avira scannen wollte, nahmen die Suchläufe ewig viel Zeit in Anspruch (normalerweise sind das bei mir max. 2 Stunde, jetzt das zwei- bis vierfache. Malwarebytes funktionierte normal, hat aber keine verdächtigen Funde gemacht. Da ich das Gefühl habe, dass Avira mir bei Beseitigung des Virus (und womöglich auch noch anderer schadhafter Dateien) nicht weiterhelfen kann, bitte ich jetzt euch um Rat! Im folgenden nun die Logs, vielen Dank im Voraus schonmal für die Hilfe!  Avira-Log: Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ Malwarebytes: Code:
ATTFilter Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****mann
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 438921
Verstrichene Zeit: 58 Min, 14 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 11/06/2015 (*****mann)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ Addition: Code:
ATTFilter aOW64\dxtmsft.dll 2015-06-10 16:09 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 16:09 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 16:09 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 16:09 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 16:09 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 16:09 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 16:09 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 16:09 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 16:09 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 16:09 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 16:09 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 16:09 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 16:09 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 16:09 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 16:09 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 16:09 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 16:09 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 16:09 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 16:09 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 16:09 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 16:09 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 16:09 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 16:09 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 16:09 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 16:09 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 16:09 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-10 16:09 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-10 16:09 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-10 16:09 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 16:09 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 16:09 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 16:09 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 16:09 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 16:09 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 16:09 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 16:09 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 16:09 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-10 16:09 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 16:09 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 16:08 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 07:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-03 15:59 - 2015-06-11 10:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433339937 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Opera Software 2015-06-03 15:59 - 2015-06-03 15:59 - 00000000 ____D C:\Users\*****mann\AppData\Local\Opera Software 2015-06-03 15:59 - 2015-06-03 15:58 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-03 15:58 - 2015-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-03 15:58 - 2015-06-03 15:58 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\RHEng 2015-06-03 15:57 - 2015-06-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-06-03 15:56 - 2015-06-03 15:56 - 01010672 _____ (DivX, LLC) C:\Users\*****mann\Downloads\DivXInstaller103.exe 2015-06-02 16:59 - 2015-06-03 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-14 15:50 - 2015-05-14 15:50 - 13039160 _____ (Telegram Messenger LLP ) C:\Users\*****mann\Downloads\tsetup.0.8.13.exe 2015-05-14 14:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 14:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:59 - 2015-05-13 15:34 - 00017903 _____ C:\Users\*****mann\Desktop\masterstudiengänge.odt 2015-05-13 14:13 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 14:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 14:12 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 14:11 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 14:11 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 14:11 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 14:11 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 14:11 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:11 - 2012-08-13 01:26 - 00000168 _____ C:\Users\*****mann\defogger_reenable 2015-06-11 19:01 - 2012-08-08 01:38 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job 2015-06-11 18:55 - 2012-03-29 14:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 18:15 - 2011-09-09 11:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 18:00 - 2012-09-25 09:43 - 01396562 _____ C:\Windows\WindowsUpdate.log 2015-06-11 17:37 - 2015-04-03 12:53 - 00006216 _____ C:\Windows\setupact.log 2015-06-11 13:32 - 2014-08-15 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 13:32 - 2014-08-15 17:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:45 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 10:38 - 2012-03-23 15:23 - 00000000 ___RD C:\Users\*****mann\Dropbox 2015-06-11 10:38 - 2012-03-23 15:21 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Dropbox 2015-06-11 10:38 - 2011-08-04 14:59 - 00000000 ____D C:\ProgramData\clear.fi 2015-06-11 10:38 - 2011-07-16 08:11 - 00685244 _____ C:\Windows\system32\perfh007.dat 2015-06-11 10:38 - 2011-07-16 08:11 - 00145180 _____ C:\Windows\system32\perfc007.dat 2015-06-11 10:38 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 10:36 - 2011-09-09 11:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 10:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 10:34 - 2009-07-14 06:45 - 04868384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 10:33 - 2015-04-03 12:52 - 00169944 _____ C:\Windows\PFRO.log 2015-06-11 10:33 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Avira 2015-06-11 10:31 - 2014-12-13 20:18 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-11 10:31 - 2014-05-06 15:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-11 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 10:28 - 2012-08-08 01:38 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job 2015-06-11 10:27 - 2013-08-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-11 10:25 - 2013-08-05 18:03 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-11 10:25 - 2013-08-05 18:03 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-10 16:55 - 2012-03-29 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 16:55 - 2012-03-29 14:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 16:55 - 2011-08-04 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-10 16:15 - 2014-08-05 10:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-10 16:15 - 2013-08-05 18:03 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-10 07:40 - 2013-07-17 18:10 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 07:25 - 2011-08-04 15:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-03 16:57 - 2011-11-03 14:39 - 00000000 ____D C:\Users\*****mann\Documents\Studium 2015-06-03 15:58 - 2012-03-13 02:37 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\ProgramData\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files\DivX 2015-06-03 15:58 - 2012-03-13 02:36 - 00000000 ____D C:\Program Files (x86)\DivX 2015-06-03 15:33 - 2012-05-03 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 18:22 - 2012-06-05 12:19 - 00005577 _____ C:\Windows\wininit.ini 2015-06-01 17:24 - 2014-05-26 23:43 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\vlc 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-25 14:25 - 2015-04-05 01:02 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 20:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-18 23:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 07:10 - 2011-09-09 11:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:10 - 2011-09-09 11:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 20:56 - 2012-08-08 01:38 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA 2015-05-17 20:56 - 2012-08-08 01:38 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-15 08:22 - 2013-03-14 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 00:06 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 00:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 14:40 - 2013-03-14 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 09:58 - 2012-03-23 15:22 - 00000000 ____D C:\Users\*****mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Files in the root of some directories ======= 2011-08-05 17:16 - 2014-11-12 00:26 - 0005120 _____ () C:\Users\*****mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-13 00:58 - 2014-01-13 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-07-15 22:41 - 2011-07-15 22:43 - 0015181 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\*****mann\AppData\Local\Temp\avgnt.exe C:\Users\*****mann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 07:00 ==================== End of log ============================ GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-11 19:42:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****M~1\AppData\Local\Temp\uxlcyuoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe[3452] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [3652] entry point in ".rdata" section 000000005b1a71e6
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [3612] entry point in ".rdata" section 000000005b1a71e6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076301401 2 bytes JMP 76f1b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076301419 2 bytes JMP 76f1b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076301431 2 bytes JMP 76f98f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007630144a 2 bytes CALL 76ef489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763014dd 2 bytes JMP 76f98822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763014f5 2 bytes JMP 76f989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007630150d 2 bytes JMP 76f98718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076301525 2 bytes JMP 76f98ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007630153d 2 bytes JMP 76f0fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076301555 2 bytes JMP 76f168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007630156d 2 bytes JMP 76f98fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076301585 2 bytes JMP 76f98b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007630159d 2 bytes JMP 76f986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763015b5 2 bytes JMP 76f0fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763015cd 2 bytes JMP 76f1b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763016b2 2 bytes JMP 76f98ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763016bd 2 bytes JMP 76f98671 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [3996:2504] 0000000001061877
Thread C:\Windows\SysWOW64\ntdll.dll [3996:868] 0000000064a6f8b0
Thread C:\Windows\SysWOW64\ntdll.dll [3996:1352] 0000000064a6e8a0
Thread C:\Windows\SysWOW64\ntdll.dll [3996:1596] 0000000064a6f2e0
---- Processes - GMER 2.1 ----
Library c:\users\*****m~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0awryt.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-06-11 08:37:51) 0000000004c50000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000057cb0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005b90000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000562f0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055b90000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 000000005b1c0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000057ad0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000056ae0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055970000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000055710000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b2e0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 000000005b2d0000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000055320000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b400000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b340000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 0000000056210000
Library C:\Users\*****mann\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\*****mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [3452](2015-03-04 21:45:30) 0000000056180000
---- EOF - GMER 2.1 ----
|
|
11.06.2015, 20:43
| #2 |
| /// TB-Ausbilder   | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
11.06.2015, 22:39
| #3 |
| | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Hey,
__________________erstmal vielen Dank für die schnelle Antwort! Die log-Dateien haben leider die maximale Beitragslänge um mehr als das doppelte überschritten, weshalb ich sie im Anhang als ZIP-Datei hochgeladen habe! |
|
12.06.2015, 14:23
| #4 | |
| /// TB-Ausbilder | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Scan mit Combofix
|
|
12.06.2015, 16:02
| #5 |
| | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Ok, nun sollte es richtig abgespeichert sein.. Hier das log von Combofix: Code:
ATTFilter ComboFix 15-06-09.01 - ***** 12.06.2015 16:35:48.1.4 - x64
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*****M~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\*****\AppData\Roaming\Love
c:\users\*****\AppData\Roaming\Love\mari0\options.txt
c:\windows\SysWow64\PowerToyReadme.htm
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-12 bis 2015-06-12 ))))))))))))))))))))))))))))))
.
.
2015-06-11 21:35 . 2015-06-11 21:35 -------- d-----w- c:\program files (x86)\7-Zip
2015-06-11 17:12 . 2015-06-11 21:08 -------- d-----w- C:\FRST
2015-06-10 14:11 . 2015-05-25 18:19 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-06-10 14:09 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 14:08 . 2015-06-01 19:16 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-06-10 14:08 . 2015-05-27 14:35 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-06-10 14:08 . 2015-05-22 18:24 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-06-10 14:08 . 2015-05-22 19:12 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-06-10 05:27 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-03 13:59 . 2015-06-03 13:59 -------- d-----w- c:\users\*****\AppData\Roaming\Opera Software
2015-06-03 13:59 . 2015-06-03 13:59 -------- d-----w- c:\users\*****\AppData\Local\Opera Software
2015-06-03 13:58 . 2015-06-11 08:40 -------- d-----w- c:\program files (x86)\Opera
2015-06-03 13:58 . 2015-06-03 13:58 -------- d-----w- c:\users\*****\AppData\Roaming\RHEng
2015-05-14 13:51 . 2015-06-08 21:09 -------- d-----w- c:\users\*****\AppData\Roaming\Telegram Desktop
2015-05-14 12:40 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 12:40 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 17:47 . 2014-08-15 15:57 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-11 08:25 . 2013-08-05 16:03 153256 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-06-11 08:25 . 2013-08-05 16:03 132656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-06-10 14:55 . 2012-03-29 12:50 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 14:55 . 2011-08-04 14:07 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-10 05:25 . 2011-08-04 13:55 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 14:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-06 03:26 . 2015-05-06 03:26 341512 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2015-04-20 03:17 . 2015-05-13 12:11 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 12:11 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 12:11 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 12:13 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 12:13 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2014-08-15 15:57 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-08-15 15:57 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2012-02-27 22:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 12:12 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 12:11 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 12:11 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 12:11 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-03-25 03:24 . 2015-04-15 16:23 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 16:23 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 16:23 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 16:23 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 16:23 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 16:23 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 16:23 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 16:23 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 16:23 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 16:23 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 16:23 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 16:23 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 16:23 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 16:23 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 16:23 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 16:23 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-03-09 297280]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-11 730416]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-05-05 448520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-05-21 130864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Tintenwarnungen überwachen - HP Deskjet 3050 J610 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050 J610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN08H1B04H05HX;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\*****M~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\*****M~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\*****M~1\AppData\Local\Temp\005F642.tmp;c:\users\*****M~1\AppData\Local\Temp\005F642.tmp [x]
R3 X6va007;X6va007;c:\users\*****M~1\AppData\Local\Temp\00712A7.tmp;c:\users\*****M~1\AppData\Local\Temp\00712A7.tmp [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:55]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 10:26]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 10:26]
.
2015-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:07]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808584194-2299857355-2086239866-1001UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5}: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fq2px8s3.default\
FF - prefs.js: browser.startup.homepage - hxxps://elearning.uni-bremen.de/
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\*****M~1\AppData\Local\Temp\005F642.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\*****M~1\AppData\Local\Temp\00712A7.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1808584194-2299857355-2086239866-1001\Software\SecuROM\License information*]
"datasecu"=hex:1a,37,6a,d1,71,fc,7f,e0,fe,91,b8,f6,cd,7a,73,f9,c4,1f,bd,27,d7,
a9,ac,f8,e8,ab,47,bf,c1,98,fc,e1,32,0b,d7,13,cf,89,cf,c4,de,40,03,bb,5f,2d,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-12 16:55:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-06-12 14:55
.
Vor Suchlauf: 14 Verzeichnis(se), 260.246.937.600 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 259.908.997.120 Bytes frei
.
- - End Of File - - 3BF8F1F0D8535A6A1EE3E0D49DB6B958
|
|
12.06.2015, 22:51
| #6 |
| /// TB-Ausbilder | Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
| Themen zu Windows 7 - 64 BIT: Virenmeldung "ADWARE/Amonetizen" |
| adobe, adobe flash player, avg, avira, beseitigung, dateien, desktop, flash player, harddisk, infiziert, langsam, malwarebytes, microsoft, mozilla, namen, nvidia, opera, programme, scan, svchost.exe, system, temp, virus, windows, winlogon.exe |
Hybrid-Darstellung
