| |
| |||||||
Log-Analyse und Auswertung: ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtkWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.02.2014, 14:10
| #1 |
| |  ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Hallo, Ich habe mir wohlmöglich bei einem Download eines Mods für ein Spiel eine Infektion weggeholt. Mein Browser zeigt mir seit dem unterstrichene Wörter an, wenn ich mit der Maus drüber fahre, öffnen sich popups mit Werbung für z.B. Antiviren Software. Ich habe mit Zonearlam ein Scan durchgeführt und es wurden 6 Verdächtige gefunden. Auch nach der " ZA Behandlung" besteht das Problem weiterhin. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by Master at 2014-02-07 10:24:58
Running from C:\Users\Master\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Airline Tycoon - Deluxe (remove only) (x32 Version: - JenkatGames)
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANNO 2070 (x32 Version: 1.0.0.0 - Ubisoft)
A-Train 8 (x32 Version: - Degica)
Brother HL-3040CN (x32 Version: 1.00 - Brother)
Call of Duty: Black Ops II - Multiplayer (x32 Version: - )
Call of Duty: Black Ops II - Zombies (x32 Version: - )
Call of Duty: Black Ops II (x32 Version: - )
Creative ALchemy (x32 Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (x32 Version: 2.00 - Creative Technology Limited)
Creative Konsole Starter (x32 Version: - Creative Technology Limited)
Creative MediaSource 5 (x32 Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version: - )
Creative WaveStudio 7 (x32 Version: 7.14 - Creative Technology Limited)
DCS World (x32 Version: - Eagle Dynamics)
Democracy 3 (x32 Version: - Positech Games)
Dota 2 (x32 Version: - Valve)
Dropbox (HKCU Version: 1.6.2 - Dropbox, Inc.)
Euro Truck Simulator 2 (x32 Version: - SCS Software)
F1 2012 (x32 Version: - Codemasters Birmingham)
Far Cry 3 (x32 Version: 1.05 - Ubisoft)
Farming Simulator 2013 - Modding Tutorials (x32 Version: - )
Farming Simulator 2013 (x32 Version: - Giants Software)
Flight Simulator X (x32 Version: - )
Flight Simulator X Service Pack 1 (x32 Version: - )
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.00.0000 - Rockstar Games)
Java 7 Update 40 (64-bit) (Version: 7.0.400 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Marvel Heroes (x32 Version: - Gazillion Entertainment)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
Nokia_Multimedia_Common_Components_2_5 (x32 Version: 2.5.197 - Nokia)
NVIDIA 3D Vision Controller-Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
OpenAL (x32 Version: - )
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
PAYDAY 2 (x32 Version: - OVERKILL - a Starbreeze Studio.)
Port Royale 3 (x32 Version: - Gaming Minds)
Prison Architect (x32 Version: - Introversion Software)
Pro Cycling Manager 2012 (x32 Version: - Cyanide Studios)
PunkBuster Services (x32 Version: 0.989 - Even Balance, Inc.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (x32 Version: - )
Red Orchestra 2: Heroes of Stalingrad (x32 Version: - Tripwire)
REFLEX Model Flight Simulator (x32 Version: 5.04.2 - Dipl.-Ing. Stefan Kunde)
RollerCoaster Tycoon 3 (x32 Version: 1.00.000 - )
Saitek DirectOutput 7.0.27.13 (Version: 7.0.27.13 - Saitek)
Silent Hunter III (x32 Version: - Ubisoft)
Smart Technology Programming Software 7.0.27.13 (Version: 7.0.27.13 - Mad Catz)
Spacebase DF-9 (x32 Version: - Double Fine Productions)
Spec Ops: The Line Demo (x32 Version: - Yager)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Train Simulator 2014 (x32 Version: - RailSimulator.com)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
War Thunder (x32 Version: - Gaijin Entertainment)
Winamp (x32 Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (Version: 5.00.0 - win.rar GmbH)
World of Tanks (x32 Version: - Wargaming.net)
ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (x32 Version: 12.0.104.000 - Check Point)
ZoneAlarm LTD Toolbar (Version: - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
==================== Restore Points =========================
02-02-2014 20:44:08 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
02-02-2014 20:48:55 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
02-02-2014 20:50:50 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
03-02-2014 00:49:58 Windows Update
03-02-2014 02:00:15 Windows Update
04-02-2014 02:23:37 Windows Update
04-02-2014 16:57:07 Geplanter Prüfpunkt
05-02-2014 19:35:42 Geplanter Prüfpunkt
05-02-2014 23:53:05 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
05-02-2014 23:55:59 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
05-02-2014 23:57:00 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
06-02-2014 02:00:10 Windows Update
07-02-2014 06:35:03 Removed Nokia_Multimedia_Common_Components_2_5.
==================== Hosts content: ==========================
2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {012BC5C8-E0F9-4DE2-BC43-04CF1632C544} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {27C5AB9A-BF10-41B7-80C6-0759D16FE190} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {52449AAB-816B-46E6-8989-C364CC12ED51} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9475DD97-BB54-4FD8-A31A-032B4833F6AA} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {9A441CE9-6C4F-4991-954B-EDCB9256D04F} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AA105019-BFFB-4713-B627-81B47F4419F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-11-24] ()
Task: {C41E9FD5-A5DB-4DEF-9715-E4F7BAFEE730} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {EBBF0E7C-7586-4F05-BAE8-5DEE19A4260E} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-10-17 05:33 - 2013-10-17 05:33 - 00065936 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
2012-11-23 04:02 - 2006-06-09 15:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL
2012-11-23 04:05 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-05 19:34 - 2014-02-05 19:34 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-05 05:17 - 2014-02-05 05:17 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/07/2014 06:42:10 AM) (Source: MsiInstaller) (User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , ,
Error: (02/07/2014 04:17:22 AM) (Source: MsiInstaller) (User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , ,
Error: (02/06/2014 11:05:23 PM) (Source: MsiInstaller) (User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , ,
Error: (02/06/2014 11:03:08 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (02/06/2014 06:14:10 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (02/06/2014 05:13:12 AM) (Source: MsiInstaller) (User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , ,
Error: (02/06/2014 04:41:14 AM) (Source: MsiInstaller) (User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , ,
Error: (02/06/2014 01:09:24 AM) (Source: MsiInstaller) (User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , ,
Error: (02/06/2014 01:08:11 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (02/05/2014 10:40:35 PM) (Source: MsiInstaller) (User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , ,
System errors:
=============
Error: (02/07/2014 10:13:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/07/2014 03:59:47 AM) (Source: Service Control Manager) (User: )
Description: ZoneAlarm Privacy Service1600001Neustart des Diensts
Error: (02/06/2014 11:02:57 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/06/2014 03:02:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070103NVIDIA driver update for NVIDIA GeForce GTX 460{98CE85D4-6265-4315-9497-5007EDFEAD25}200
Error: (02/06/2014 01:06:51 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/06/2014 00:58:47 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/06/2014 00:46:44 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/06/2014 00:41:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/05/2014 06:14:01 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/04/2014 05:03:53 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{FE70B085-0F7D-4757-9E04-17798933447F}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Microsoft Office Sessions:
=========================
Error: (02/07/2014 06:42:10 AM) (Source: MsiInstaller)(User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , , (NULL)(NULL)(NULL)(NULL)
Error: (02/07/2014 04:17:22 AM) (Source: MsiInstaller)(User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , , (NULL)(NULL)(NULL)(NULL)
Error: (02/06/2014 11:05:23 PM) (Source: MsiInstaller)(User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , , (NULL)(NULL)(NULL)(NULL)
Error: (02/06/2014 11:03:08 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (02/06/2014 06:14:10 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Master\Downloads\SoftonicDownloader_fuer_der-bahngigant.exe
Error: (02/06/2014 05:13:12 AM) (Source: MsiInstaller)(User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , , (NULL)(NULL)(NULL)(NULL)
Error: (02/06/2014 04:41:14 AM) (Source: MsiInstaller)(User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , , (NULL)(NULL)(NULL)(NULL)
Error: (02/06/2014 01:09:24 AM) (Source: MsiInstaller)(User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , , (NULL)(NULL)(NULL)(NULL)
Error: (02/06/2014 01:08:11 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (02/05/2014 10:40:35 PM) (Source: MsiInstaller)(User: Master-PC)
Description: Produkt: NVIDIA PhysX -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2738. Argumente: , , (NULL)(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2014-01-07 14:16:01.532
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Master\{c4232cb3-5329-40db-b664-e7830993c124}\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:59.692
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Master\{c4232cb3-5329-40db-b664-e7830993c124}\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:57.658
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Master\{c4232cb3-5329-40db-b664-e7830993c124}\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:55.693
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Master\{c4232cb3-5329-40db-b664-e7830993c124}\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:42.410
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\CheckPoint\ZoneAlarm\drivers\vista_64\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:42.225
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\CheckPoint\ZoneAlarm\drivers\vista_64\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:42.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\CheckPoint\ZoneAlarm\drivers\vista_64\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:41.851
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\CheckPoint\ZoneAlarm\drivers\vista_64\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:41.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-07 14:15:41.490
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\vsdatant.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 8189.63 MB
Available physical RAM: 5929.94 MB
Total Pagefile: 16568.27 MB
Available Pagefile: 14179.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:299.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:292.47 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D8757272)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D875724F)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Master (administrator) on MASTER-PC on 07-02-2014 10:23:28
Running from C:\Users\Master\Downloads
Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Saitek) C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [BrStsWnd] - C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [NokiaMusic FastStart] - "C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1193390861-196073755-2047653796-1000\...\Run: [RGSC] - D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1193390861-196073755-2047653796-1000\...\MountPoints2: {4d3a170c-3512-11e2-acd4-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\WS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\WS-Enabler\Assistant_x64.dll [4241408 2014-02-06] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.webisgreat.info/?pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBB56ED669FDBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.webisgreat.info/?pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48
SearchScopes: HKCU - {F966A675-593D-4BB4-A418-DD701413149C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=7b696f2190704c05bea444b0129000e9&tu=10GXy00Bt1C01g0&sku=&tstsId=&ver=&&r=138
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default
FF user.js: detected! => C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\user.js
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.webisgreat.info/?pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48&l=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SNT - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\72sdoom@azltiawz.edu [2014-02-06]
FF Extension: zonealarm.com - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\ffxtlbr@zonealarm.com [2014-01-07]
FF Extension: webseauve - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\l.fmtvu@tjaiuuee.org [2014-02-06]
FF Extension: YoutubeAdblocker - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\vyuyzuah@itoaj-ao.com [2014-02-06]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-07]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-02-07]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-07-21]
FF Extension: Adblock Plus - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-23]
FF Extension: QuickJava - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SNT) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafocjeleomahlpacopmpddomimjceaa [2014-02-06]
CHR Extension: (Yoono Twitter Facebook LinkedIn Youtube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli [2014-02-06]
CHR Extension: (webseauve) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgbfhchpamfmdicdfllapdobhgbeeka [2014-02-06]
CHR Extension: (YoutubeAdblocker) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdclngklkpjcklmomecdnhkhkfjfphc [2014-02-06]
CHR Extension: (YTaBBookMaRk) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgkjdkpfllcjkpklonfgpioogpnlije [2014-02-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-21] ()
R2 SaiDOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [233984 2013-04-16] (Saitek)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-10] (NVIDIA Corporation)
S3 SaiK0762; C:\Windows\System32\DRIVERS\SaiK0762.sys [181024 2013-04-30] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [444952 2013-06-13] (Check Point Software Technologies LTD)
S3 AtiHDAudioService; system32\drivers\AtihdLH6.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-07 10:23 - 2014-02-07 10:24 - 00016634 _____ () C:\Users\Master\Downloads\FRST.txt
2014-02-07 10:22 - 2014-02-07 10:23 - 00000000 ____D () C:\FRST
2014-02-07 10:21 - 2014-02-07 10:22 - 02079744 _____ (Farbar) C:\Users\Master\Downloads\FRST64.exe
2014-02-06 06:13 - 2014-02-06 06:14 - 00000000 ____D () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4
2014-02-06 06:11 - 2014-02-06 06:24 - 39663402 _____ () C:\Users\Master\Downloads\zzTSM_Schwerlast_Trailerpacket_1.7.5_Packet_1-3.rar
2014-02-06 06:02 - 2014-02-06 06:12 - 30672100 _____ () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4.7z
2014-02-06 05:55 - 2014-02-07 10:12 - 00000000 ____D () C:\ProgramData\SNT
2014-02-06 05:55 - 2014-02-07 08:02 - 00000000 ____D () C:\Program Files (x86)\WS-Enabler
2014-02-06 05:55 - 2014-02-07 07:34 - 00000000 ____D () C:\Program Files (x86)\SNT
2014-02-06 05:55 - 2014-02-06 05:55 - 00000754 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 05:54 - 2014-02-07 10:12 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-02-06 05:54 - 2014-02-07 07:34 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-02-06 05:53 - 2014-02-07 10:12 - 00000000 ____D () C:\ProgramData\GreaTssaver
2014-02-06 05:53 - 2014-02-07 07:34 - 00000000 ____D () C:\ProgramData\8e6786b3e52dfe8e
2014-02-06 05:53 - 2014-02-07 07:34 - 00000000 ____D () C:\Program Files (x86)\GreaTssaver
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Packages
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator
2014-02-06 05:43 - 2014-02-06 05:43 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-06 05:42 - 2014-02-06 05:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-06 05:37 - 2014-02-06 05:37 - 00000000 ____D () C:\Users\Master\AppData\Roaming\NVIDIA
2014-02-05 21:47 - 2014-02-05 21:47 - 00340776 _____ (SetApp) C:\Users\Master\Downloads\zzzz_Kilroy__s_Multi_Traffic_Mod_1.0.rar.exe
2014-02-05 19:34 - 2014-02-05 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 21:55 - 2014-02-06 01:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-02 21:53 - 2014-02-02 21:53 - 00001182 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-02 21:48 - 2013-12-19 19:53 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-02 21:48 - 2013-12-19 19:53 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-02 21:47 - 2013-12-19 21:33 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-02 21:47 - 2013-12-19 21:33 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-02 21:46 - 2014-02-02 21:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-02 21:43 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-02 21:43 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 00023754 _____ () C:\Windows\system32\nvinfo.pb
2014-02-02 21:43 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-02-02 21:43 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-02-02 21:43 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-02-02 21:37 - 2014-02-02 21:41 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql(1).exe
2014-02-02 18:38 - 2014-02-02 18:38 - 00000000 ____D () C:\Users\Master\AppData\Local\DoNotTrackPlus
2014-02-02 18:27 - 2014-02-02 18:27 - 00000000 ____D () C:\Program Files\ATI
2014-02-02 18:26 - 2014-02-02 18:26 - 00000000 ____D () C:\AMD
2014-02-02 18:23 - 2014-02-02 18:25 - 218673400 _____ (Advanced Micro Devices, Inc.) C:\Users\Master\Downloads\13-12_winvista_64_dd_ccc_whql.exe
2014-02-01 07:04 - 2014-02-06 00:47 - 00000000 ____D () C:\Users\Master\AppData\Local\NVIDIA
2014-02-01 06:52 - 2014-02-01 06:52 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-01 06:52 - 2012-11-29 20:02 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-01 06:52 - 2012-11-29 20:02 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-01 06:33 - 2014-02-01 06:33 - 00321944 _____ () C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 06:17 - 2014-02-01 06:19 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-02-01 05:52 - 2014-02-02 18:48 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2
2014-02-01 04:19 - 2014-02-01 04:19 - 00000222 _____ () C:\Users\Master\Desktop\PAYDAY 2.url
2014-01-31 21:02 - 2014-01-31 21:02 - 00000222 _____ () C:\Users\Master\Desktop\A-Train 8.url
2014-01-28 15:44 - 2014-01-28 15:44 - 00000000 ____D () C:\Users\Master\Documents\SH3
2014-01-28 15:27 - 2014-01-28 15:27 - 00000198 _____ () C:\Users\Master\Desktop\Silent Hunter III.url
2014-01-28 01:57 - 2014-01-28 01:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Unity
2014-01-28 01:56 - 2014-02-07 07:31 - 00000000 ____D () C:\Users\Master\AppData\Local\Unity
2014-01-28 01:56 - 2014-01-28 01:56 - 01050768 _____ (Unity Technologies ApS) C:\Users\Master\Downloads\UnityWebPlayer.exe
2014-01-23 04:05 - 2014-01-23 04:14 - 582650926 _____ (UIG GmbH ) C:\Users\Master\Downloads\TrainGiantDEMOSetup.exe
2014-01-23 04:02 - 2014-01-23 04:02 - 00401760 _____ (Softonic ) C:\Users\Master\Downloads\SoftonicDownloader_fuer_der-bahngigant.exe
2014-01-21 20:15 - 2014-01-21 20:15 - 00000000 ____D () C:\Users\Master\My Games
2014-01-21 18:51 - 2014-01-21 18:58 - 00000000 ____D () C:\Users\Master\Documents\America's Army 3
2014-01-21 18:47 - 2014-01-21 18:44 - 03360624 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-01-21 17:47 - 2014-01-21 17:49 - 00000000 ____D () C:\Users\Master\Documents\America's Army
2014-01-18 22:52 - 2014-01-18 22:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-18 19:37 - 2014-01-18 19:37 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2 (Demo)
2014-01-18 19:02 - 2014-01-18 19:02 - 00355536 _____ () C:\Users\Master\AppData\Local\dd_vcredistMSI6815.txt
2014-01-18 19:02 - 2014-01-18 19:02 - 00011146 _____ () C:\Users\Master\AppData\Local\dd_vcredistUI6815.txt
2014-01-18 18:23 - 2014-01-18 18:23 - 00000222 _____ () C:\Users\Master\Desktop\Spec Ops The Line Demo.url
2014-01-17 19:24 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 19:24 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-17 19:24 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-17 19:24 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 19:23 - 2014-01-17 19:24 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
==================== One Month Modified Files and Folders =======
2014-02-07 10:24 - 2014-02-07 10:23 - 00016634 _____ () C:\Users\Master\Downloads\FRST.txt
2014-02-07 10:23 - 2014-02-07 10:22 - 00000000 ____D () C:\FRST
2014-02-07 10:22 - 2014-02-07 10:21 - 02079744 _____ (Farbar) C:\Users\Master\Downloads\FRST64.exe
2014-02-07 10:19 - 2006-11-02 20:15 - 00688018 _____ () C:\Windows\system32\perfh007.dat
2014-02-07 10:19 - 2006-11-02 20:15 - 00151392 _____ () C:\Windows\system32\perfc007.dat
2014-02-07 10:19 - 2006-11-02 13:46 - 01608278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 10:17 - 2012-11-23 03:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 10:16 - 2006-11-02 16:26 - 01052463 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 10:12 - 2014-02-06 05:55 - 00000000 ____D () C:\ProgramData\SNT
2014-02-07 10:12 - 2014-02-06 05:54 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-02-07 10:12 - 2014-02-06 05:53 - 00000000 ____D () C:\ProgramData\GreaTssaver
2014-02-07 10:12 - 2006-11-02 16:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 10:12 - 2006-11-02 16:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 10:12 - 2006-11-02 16:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 10:11 - 2006-11-02 16:40 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-07 08:02 - 2014-02-06 05:55 - 00000000 ____D () C:\Program Files (x86)\WS-Enabler
2014-02-07 07:35 - 2013-03-31 00:24 - 00048169 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-02-07 07:34 - 2014-02-06 05:55 - 00000000 ____D () C:\Program Files (x86)\SNT
2014-02-07 07:34 - 2014-02-06 05:54 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-02-07 07:34 - 2014-02-06 05:53 - 00000000 ____D () C:\ProgramData\8e6786b3e52dfe8e
2014-02-07 07:34 - 2014-02-06 05:53 - 00000000 ____D () C:\Program Files (x86)\GreaTssaver
2014-02-07 07:31 - 2014-01-28 01:56 - 00000000 ____D () C:\Users\Master\AppData\Local\Unity
2014-02-07 05:48 - 2013-09-30 21:23 - 00000000 ____D () C:\Users\Master\Documents\Euro Truck Simulator 2
2014-02-07 05:34 - 2013-04-05 02:16 - 00003698 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9767DE0A-F9EC-45DD-96BD-0D99EB6C9648}
2014-02-06 23:01 - 2006-11-02 16:39 - 00024094 _____ () C:\Windows\PFRO.log
2014-02-06 06:24 - 2014-02-06 06:11 - 39663402 _____ () C:\Users\Master\Downloads\zzTSM_Schwerlast_Trailerpacket_1.7.5_Packet_1-3.rar
2014-02-06 06:14 - 2014-02-06 06:13 - 00000000 ____D () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4
2014-02-06 06:12 - 2014-02-06 06:02 - 30672100 _____ () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4.7z
2014-02-06 05:56 - 2014-02-06 05:42 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-06 05:55 - 2014-02-06 05:55 - 00000754 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 05:54 - 2006-11-02 14:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-06 05:54 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Packages
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator
2014-02-06 05:43 - 2014-02-06 05:43 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-06 05:37 - 2014-02-06 05:37 - 00000000 ____D () C:\Users\Master\AppData\Roaming\NVIDIA
2014-02-06 01:05 - 2014-02-02 21:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-06 00:57 - 2012-11-23 03:17 - 00000000 ____D () C:\Users\Master
2014-02-06 00:52 - 2012-12-23 23:05 - 00001356 _____ () C:\Users\Master\AppData\Local\d3d9caps.dat
2014-02-06 00:47 - 2014-02-01 07:04 - 00000000 ____D () C:\Users\Master\AppData\Local\NVIDIA
2014-02-06 00:45 - 2012-11-23 03:17 - 00001460 _____ () C:\Users\Master\AppData\Local\d3d9caps64.dat
2014-02-05 22:44 - 2012-11-23 03:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 21:47 - 2014-02-05 21:47 - 00340776 _____ (SetApp) C:\Users\Master\Downloads\zzzz_Kilroy__s_Multi_Traffic_Mod_1.0.rar.exe
2014-02-05 19:34 - 2014-02-05 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 05:17 - 2012-11-23 03:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 05:17 - 2012-11-23 03:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 05:17 - 2012-11-23 03:24 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-02 22:01 - 2012-11-23 03:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-02 21:53 - 2014-02-02 21:53 - 00001182 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-02 21:53 - 2014-02-02 21:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-02 21:52 - 2012-11-23 03:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-02 21:48 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\Help
2014-02-02 21:41 - 2014-02-02 21:37 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql(1).exe
2014-02-02 18:48 - 2014-02-01 05:52 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2
2014-02-02 18:38 - 2014-02-02 18:38 - 00000000 ____D () C:\Users\Master\AppData\Local\DoNotTrackPlus
2014-02-02 18:27 - 2014-02-02 18:27 - 00000000 ____D () C:\Program Files\ATI
2014-02-02 18:26 - 2014-02-02 18:26 - 00000000 ____D () C:\AMD
2014-02-02 18:25 - 2014-02-02 18:23 - 218673400 _____ (Advanced Micro Devices, Inc.) C:\Users\Master\Downloads\13-12_winvista_64_dd_ccc_whql.exe
2014-02-01 06:52 - 2014-02-01 06:52 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-01 06:33 - 2014-02-01 06:33 - 00321944 _____ () C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 06:33 - 2013-12-01 02:49 - 445061522 _____ () C:\Windows\MEMORY.DMP
2014-02-01 06:19 - 2014-02-01 06:17 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-02-01 05:23 - 2012-11-29 05:45 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-01 04:19 - 2014-02-01 04:19 - 00000222 _____ () C:\Users\Master\Desktop\PAYDAY 2.url
2014-01-31 21:02 - 2014-01-31 21:02 - 00000222 _____ () C:\Users\Master\Desktop\A-Train 8.url
2014-01-29 16:01 - 2012-12-11 11:42 - 00000000 ____D () C:\Users\Master\AppData\Local\Adobe
2014-01-28 15:44 - 2014-01-28 15:44 - 00000000 ____D () C:\Users\Master\Documents\SH3
2014-01-28 15:44 - 2012-11-28 21:52 - 00221794 _____ () C:\Windows\DirectX.log
2014-01-28 15:27 - 2014-01-28 15:27 - 00000198 _____ () C:\Users\Master\Desktop\Silent Hunter III.url
2014-01-28 01:57 - 2014-01-28 01:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Unity
2014-01-28 01:56 - 2014-01-28 01:56 - 01050768 _____ (Unity Technologies ApS) C:\Users\Master\Downloads\UnityWebPlayer.exe
2014-01-26 19:08 - 2006-11-02 16:26 - 00044165 _____ () C:\Windows\setupact.log
2014-01-23 04:14 - 2014-01-23 04:05 - 582650926 _____ (UIG GmbH ) C:\Users\Master\Downloads\TrainGiantDEMOSetup.exe
2014-01-23 04:02 - 2014-01-23 04:02 - 00401760 _____ (Softonic ) C:\Users\Master\Downloads\SoftonicDownloader_fuer_der-bahngigant.exe
2014-01-21 20:15 - 2014-01-21 20:15 - 00000000 ____D () C:\Users\Master\My Games
2014-01-21 18:58 - 2014-01-21 18:51 - 00000000 ____D () C:\Users\Master\Documents\America's Army 3
2014-01-21 18:54 - 2012-12-02 00:24 - 00298280 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-21 18:54 - 2012-12-01 23:05 - 00298280 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-21 18:54 - 2012-12-01 23:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-21 18:49 - 2012-12-02 00:24 - 00000000 ____D () C:\Users\Master\AppData\Local\PunkBuster
2014-01-21 18:44 - 2014-01-21 18:47 - 03360624 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-01-21 17:59 - 2012-12-01 23:05 - 00291096 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-21 17:58 - 2012-12-01 23:06 - 00000000 ____D () C:\Users\Master\Documents\My Games
2014-01-21 17:49 - 2014-01-21 17:47 - 00000000 ____D () C:\Users\Master\Documents\America's Army
2014-01-18 22:53 - 2014-01-18 22:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-18 19:37 - 2014-01-18 19:37 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2 (Demo)
2014-01-18 19:02 - 2014-01-18 19:02 - 00355536 _____ () C:\Users\Master\AppData\Local\dd_vcredistMSI6815.txt
2014-01-18 19:02 - 2014-01-18 19:02 - 00011146 _____ () C:\Users\Master\AppData\Local\dd_vcredistUI6815.txt
2014-01-18 18:23 - 2014-01-18 18:23 - 00000222 _____ () C:\Users\Master\Desktop\Spec Ops The Line Demo.url
2014-01-17 19:33 - 2013-09-12 11:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-17 19:24 - 2014-01-17 19:23 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 19:24 - 2013-09-12 11:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-17 15:13 - 2012-11-23 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-17 15:06 - 2012-11-28 21:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Ubisoft
2014-01-16 03:02 - 2013-08-15 11:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2006-11-02 13:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-12 22:30 - 2013-10-31 05:15 - 00000000 ____D () C:\Users\Master\Documents\Pro Cycling Manager 2012
2014-01-12 20:49 - 2013-10-31 05:15 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Pro Cycling Manager 2012
Some content of TEMP:
====================
C:\Users\Master\AppData\Local\Temp\APNStub.exe
C:\Users\Master\AppData\Local\Temp\dotnetfx35setup.exe
C:\Users\Master\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Master\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Master\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Master\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe
C:\Users\Master\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre_setup.exe
C:\Users\Master\AppData\Local\Temp\NEventMessages.dll
C:\Users\Master\AppData\Local\Temp\nsp8623.tmp.exe
C:\Users\Master\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Master\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Master\AppData\Local\Temp\nvStInst.exe
C:\Users\Master\AppData\Local\Temp\safeguard.exe
C:\Users\Master\AppData\Local\Temp\SIntf16.dll
C:\Users\Master\AppData\Local\Temp\SIntf32.dll
C:\Users\Master\AppData\Local\Temp\SIntfNT.dll
C:\Users\Master\AppData\Local\Temp\ubi4E47.tmp.exe
C:\Users\Master\AppData\Local\Temp\Uninstall.exe
C:\Users\Master\AppData\Local\Temp\_is9308.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-07 10:18
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-07 12:32:44
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\0000005f WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Master\AppData\Local\Temp\ufdiypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2944] C:\Windows\SysWOW64\WSOCK32.dll!recv + 81 00000000743718a9 2 bytes CALL 74af142d C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2944] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 87 000000007437190e 2 bytes CALL 74af142d C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2944] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000743719f0 2 bytes JMP 76068400 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2944] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000743719fb 2 bytes JMP 76078b38 C:\Windows\syswow64\WS2_32.dll
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{377A0968-8908-4726-8FCB-709E162966BD}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [480] (Microsoft Malware Protection Engine/Microsoft Corporation)(2014-02-05 00:00:56) 000007fefa0d0000
Library C:\Users\Master\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2456] (Dropbox Shell Extension/Dropbox, Inc.)(2012-11-13 23:32:48) 000007fef6f30000
---- EOF - GMER 2.1 ----
Gruß Heckymecky |
|
07.02.2014, 15:11
| #2 |
| /// the machine /// TB-Ausbilder    | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
08.02.2014, 01:24
| #3 |
| | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Hallo schrauber,
__________________Ich habe deine Anweisungen befolgt. Hier die mbam-log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.07.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Master :: MASTER-PC [Administrator] Schutz: Aktiviert 07.02.2014 23:44:17 mbam-log-2014-02-07 (23-44-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 246007 Laufzeit: 10 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.WebSearchInfo) -> Daten: {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bösartig: (hxxp://websearch.webisgreat.info/?pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bösartig: (hxxp://websearch.webisgreat.info/?pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 5 C:\Users\Master\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Master\AppData\Roaming\OpenCandy\B3AA2E7D69FC4058A917293EFA140976 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\YoutubeAdblocker (PUP.Optional.Multiplug) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\GreaTssaver (PUP.Optional.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\GreaTssaver (PUP.Optional.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\Users\Master\Downloads\airlinetycoon_d3665428(1).exe (PUP.Optional.InstallIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Master\Downloads\airlinetycoon_d3665428.exe (PUP.Optional.InstallIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Master\Downloads\PowerISO5.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Master\Downloads\SoftonicDownloader_fuer_der-bahngigant.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Master\Downloads\winamp563_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Master\Downloads\zzzz_Kilroy__s_Multi_Traffic_Mod_1.0.rar.exe (PUP.Optional.Tarma) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Master\AppData\Roaming\OpenCandy\B3AA2E7D69FC4058A917293EFA140976\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 08/02/2014 um 00:27:19
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzername : Master - MASTER-PC
# Gestartet von : C:\Users\Master\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\apn
[!] Ordner Gelöscht : C:\Users\Master\AppData\Local\torch
[!] Ordner Gelöscht : C:\Users\Master\AppData\Local\Temp\OCS
[!] Ordner Gelöscht : C:\Users\Master\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Datei Gelöscht : C:\Users\Master\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Master\Desktop\More FREE games.lnk
Datei Gelöscht : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\InstallIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v27.0 (de)
[ Datei : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.webisgreat.info/?pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.DMVr7DPcta.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/res[...]
Zeile gelöscht : user_pref("extensions.SCxDrHaUifJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/re[...]
Zeile gelöscht : user_pref("extensions.e0tY.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.c[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.webisgreat.info/?pid=2356&r=2014/02/06&hid=1183319691830482458&lg=EN&cc=DE&unqvl=48&l=1&q=");
*************************
AdwCleaner[R0].txt - [5813 octets] - [08/02/2014 00:12:49]
AdwCleaner[S0].txt - [5562 octets] - [08/02/2014 00:27:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5622 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows (TM) Vista Ultimate x64
Ran by Master on 08.02.2014 at 0:37:46,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\youtubeadblocker"
~~~ FireFox
Successfully deleted the following from C:\Users\Master\AppData\Roaming\mozilla\firefox\profiles\cf6or2ys.default\prefs.js
user_pref("extensions.DMVr7DPcta.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000
user_pref("extensions.SCxDrHaUifJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp0000
user_pref("extensions.SCxDrHaUifJ.url", "hxxp://gethexnow.com/sync2/?q=hfZ9ofV9CShEAen0rTr8qShTB6lKDzt4okmxtNtVh7n0rjnErTa7rdn8rHn6tMFHhd9FqdaGrdCGrHr9rdwMDMlGojUMAe4UojrEpdC8
user_pref("extensions.e0tY.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")
Emptied folder: C:\Users\Master\AppData\Roaming\mozilla\firefox\profiles\cf6or2ys.default\minidumps [55 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2014 at 0:45:31,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Master (administrator) on MASTER-PC on 08-02-2014 00:55:09
Running from C:\Users\Master\Downloads
Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Saitek) C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [BrStsWnd] - C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [NokiaMusic FastStart] - "C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1193390861-196073755-2047653796-1000\...\Run: [RGSC] - D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1193390861-196073755-2047653796-1000\...\MountPoints2: {4d3a170c-3512-11e2-acd4-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\WS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\WS-Enabler\Assistant_x64.dll [4241408 2014-02-06] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBB56ED669FDBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F966A675-593D-4BB4-A418-DD701413149C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=7b696f2190704c05bea444b0129000e9&tu=10GXy00Bt1C01g0&sku=&tstsId=&ver=&&r=138
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SNT - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\72sdoom@azltiawz.edu [2014-02-06]
FF Extension: zonealarm.com - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\ffxtlbr@zonealarm.com [2014-01-07]
FF Extension: webseauve - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\l.fmtvu@tjaiuuee.org [2014-02-06]
FF Extension: YoutubeAdblocker - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\vyuyzuah@itoaj-ao.com [2014-02-06]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-07]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-02-07]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-07-21]
FF Extension: Adblock Plus - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-23]
FF Extension: QuickJava - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\cf6or2ys.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SNT) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafocjeleomahlpacopmpddomimjceaa [2014-02-06]
CHR Extension: (Yoono Twitter Facebook LinkedIn Youtube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli [2014-02-06]
CHR Extension: (webseauve) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgbfhchpamfmdicdfllapdobhgbeeka [2014-02-06]
CHR Extension: (YoutubeAdblocker) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdclngklkpjcklmomecdnhkhkfjfphc [2014-02-06]
CHR Extension: (YTaBBookMaRk) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgkjdkpfllcjkpklonfgpioogpnlije [2014-02-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-21] ()
R2 SaiDOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [233984 2013-04-16] (Saitek)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-10] (NVIDIA Corporation)
S3 SaiK0762; C:\Windows\System32\DRIVERS\SaiK0762.sys [181024 2013-04-30] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [444952 2013-06-13] (Check Point Software Technologies LTD)
S3 AtiHDAudioService; system32\drivers\AtihdLH6.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-08 00:55 - 2014-02-08 00:55 - 00015062 _____ () C:\Users\Master\Downloads\FRST.txt
2014-02-08 00:45 - 2014-02-08 00:48 - 00001666 _____ () C:\Users\Master\Desktop\JRT.txt
2014-02-08 00:37 - 2014-02-08 00:37 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 00:35 - 2014-02-08 00:35 - 01037530 _____ (Thisisu) C:\Users\Master\Downloads\JRT.exe
2014-02-08 00:31 - 2014-02-08 00:31 - 00005706 _____ () C:\Users\Master\Desktop\AdwCleaner[S0].txt
2014-02-08 00:24 - 2014-02-08 00:24 - 00005813 _____ () C:\Users\Master\Desktop\AdwCleaner[R0].txt
2014-02-08 00:12 - 2014-02-08 00:27 - 00000000 ____D () C:\AdwCleaner
2014-02-08 00:10 - 2014-02-08 00:10 - 01166132 _____ () C:\Users\Master\Downloads\adwcleaner.exe
2014-02-07 23:32 - 2014-02-07 23:32 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 23:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-07 23:30 - 2014-02-07 23:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Master\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-07 12:34 - 2014-02-07 12:34 - 00003254 _____ () C:\Users\Master\Desktop\gmer.txt
2014-02-07 12:33 - 2014-02-07 12:33 - 00000000 _____ () C:\Users\Master\Desktop\Neues Textdokument.txt
2014-02-07 10:47 - 2014-02-07 10:47 - 00042111 _____ () C:\Users\Master\Desktop\FRST.txt
2014-02-07 10:40 - 2014-02-07 10:40 - 00380416 _____ () C:\Users\Master\Downloads\Gmer-19357.exe
2014-02-07 10:37 - 2014-02-07 10:37 - 00026884 _____ () C:\Users\Master\Desktop\Addition.txt
2014-02-07 10:22 - 2014-02-08 00:55 - 00000000 ____D () C:\FRST
2014-02-07 10:21 - 2014-02-07 10:22 - 02079744 _____ (Farbar) C:\Users\Master\Downloads\FRST64.exe
2014-02-06 06:13 - 2014-02-06 06:14 - 00000000 ____D () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4
2014-02-06 06:11 - 2014-02-06 06:24 - 39663402 _____ () C:\Users\Master\Downloads\zzTSM_Schwerlast_Trailerpacket_1.7.5_Packet_1-3.rar
2014-02-06 06:02 - 2014-02-06 06:12 - 30672100 _____ () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4.7z
2014-02-06 05:55 - 2014-02-07 10:12 - 00000000 ____D () C:\ProgramData\SNT
2014-02-06 05:55 - 2014-02-07 08:02 - 00000000 ____D () C:\Program Files (x86)\WS-Enabler
2014-02-06 05:55 - 2014-02-07 07:34 - 00000000 ____D () C:\Program Files (x86)\SNT
2014-02-06 05:55 - 2014-02-06 05:55 - 00000754 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 05:53 - 2014-02-07 07:34 - 00000000 ____D () C:\ProgramData\8e6786b3e52dfe8e
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Packages
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator
2014-02-06 05:43 - 2014-02-06 05:43 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-06 05:42 - 2014-02-06 05:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-06 05:37 - 2014-02-06 05:37 - 00000000 ____D () C:\Users\Master\AppData\Roaming\NVIDIA
2014-02-05 19:34 - 2014-02-05 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 21:55 - 2014-02-06 01:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-02 21:53 - 2014-02-02 21:53 - 00001182 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-02 21:48 - 2013-12-19 19:53 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-02 21:48 - 2013-12-19 19:53 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-02 21:47 - 2013-12-19 21:33 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-02 21:47 - 2013-12-19 21:33 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-02 21:46 - 2014-02-02 21:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-02 21:43 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-02 21:43 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 00023754 _____ () C:\Windows\system32\nvinfo.pb
2014-02-02 21:43 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-02-02 21:43 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-02-02 21:43 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-02-02 21:37 - 2014-02-02 21:41 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql(1).exe
2014-02-02 18:38 - 2014-02-02 18:38 - 00000000 ____D () C:\Users\Master\AppData\Local\DoNotTrackPlus
2014-02-02 18:27 - 2014-02-02 18:27 - 00000000 ____D () C:\Program Files\ATI
2014-02-02 18:23 - 2014-02-02 18:25 - 218673400 _____ (Advanced Micro Devices, Inc.) C:\Users\Master\Downloads\13-12_winvista_64_dd_ccc_whql.exe
2014-02-01 07:04 - 2014-02-06 00:47 - 00000000 ____D () C:\Users\Master\AppData\Local\NVIDIA
2014-02-01 06:52 - 2014-02-01 06:52 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-01 06:52 - 2012-11-29 20:02 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-01 06:52 - 2012-11-29 20:02 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-01 06:33 - 2014-02-01 06:33 - 00321944 _____ () C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 06:17 - 2014-02-01 06:19 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-02-01 05:52 - 2014-02-02 18:48 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2
2014-02-01 04:19 - 2014-02-01 04:19 - 00000222 _____ () C:\Users\Master\Desktop\PAYDAY 2.url
2014-01-31 21:02 - 2014-01-31 21:02 - 00000222 _____ () C:\Users\Master\Desktop\A-Train 8.url
2014-01-28 15:44 - 2014-01-28 15:44 - 00000000 ____D () C:\Users\Master\Documents\SH3
2014-01-28 15:27 - 2014-01-28 15:27 - 00000198 _____ () C:\Users\Master\Desktop\Silent Hunter III.url
2014-01-28 01:57 - 2014-01-28 01:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Unity
2014-01-28 01:56 - 2014-02-07 07:31 - 00000000 ____D () C:\Users\Master\AppData\Local\Unity
2014-01-28 01:56 - 2014-01-28 01:56 - 01050768 _____ (Unity Technologies ApS) C:\Users\Master\Downloads\UnityWebPlayer.exe
2014-01-23 04:05 - 2014-01-23 04:14 - 582650926 _____ (UIG GmbH ) C:\Users\Master\Downloads\TrainGiantDEMOSetup.exe
2014-01-21 20:15 - 2014-01-21 20:15 - 00000000 ____D () C:\Users\Master\My Games
2014-01-21 18:51 - 2014-01-21 18:58 - 00000000 ____D () C:\Users\Master\Documents\America's Army 3
2014-01-21 18:47 - 2014-01-21 18:44 - 03360624 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-01-21 17:47 - 2014-01-21 17:49 - 00000000 ____D () C:\Users\Master\Documents\America's Army
2014-01-18 22:52 - 2014-01-18 22:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-18 19:37 - 2014-01-18 19:37 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2 (Demo)
2014-01-18 19:02 - 2014-01-18 19:02 - 00355536 _____ () C:\Users\Master\AppData\Local\dd_vcredistMSI6815.txt
2014-01-18 19:02 - 2014-01-18 19:02 - 00011146 _____ () C:\Users\Master\AppData\Local\dd_vcredistUI6815.txt
2014-01-18 18:23 - 2014-01-18 18:23 - 00000222 _____ () C:\Users\Master\Desktop\Spec Ops The Line Demo.url
2014-01-17 19:24 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 19:24 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-17 19:24 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-17 19:24 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 19:23 - 2014-01-17 19:24 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
==================== One Month Modified Files and Folders =======
2014-02-08 00:57 - 2014-02-08 00:55 - 00015062 _____ () C:\Users\Master\Downloads\FRST.txt
2014-02-08 00:55 - 2014-02-07 10:22 - 00000000 ____D () C:\FRST
2014-02-08 00:48 - 2014-02-08 00:45 - 00001666 _____ () C:\Users\Master\Desktop\JRT.txt
2014-02-08 00:37 - 2014-02-08 00:37 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 00:37 - 2006-11-02 20:15 - 00688018 _____ () C:\Windows\system32\perfh007.dat
2014-02-08 00:37 - 2006-11-02 20:15 - 00151392 _____ () C:\Windows\system32\perfc007.dat
2014-02-08 00:37 - 2006-11-02 13:46 - 01608278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-08 00:35 - 2014-02-08 00:35 - 01037530 _____ (Thisisu) C:\Users\Master\Downloads\JRT.exe
2014-02-08 00:34 - 2006-11-02 16:26 - 01142242 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 00:31 - 2014-02-08 00:31 - 00005706 _____ () C:\Users\Master\Desktop\AdwCleaner[S0].txt
2014-02-08 00:30 - 2013-03-28 13:14 - 00000000 ____D () C:\Users\Master\AppData\Roaming\CheckPoint
2014-02-08 00:30 - 2006-11-02 16:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 00:30 - 2006-11-02 16:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 00:30 - 2006-11-02 16:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 00:29 - 2006-11-02 16:40 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-08 00:27 - 2014-02-08 00:12 - 00000000 ____D () C:\AdwCleaner
2014-02-08 00:24 - 2014-02-08 00:24 - 00005813 _____ () C:\Users\Master\Desktop\AdwCleaner[R0].txt
2014-02-08 00:17 - 2012-11-23 03:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 00:10 - 2014-02-08 00:10 - 01166132 _____ () C:\Users\Master\Downloads\adwcleaner.exe
2014-02-08 00:03 - 2006-11-02 16:39 - 00027180 _____ () C:\Windows\PFRO.log
2014-02-07 23:32 - 2014-02-07 23:32 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 23:30 - 2014-02-07 23:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Master\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-07 12:34 - 2014-02-07 12:34 - 00003254 _____ () C:\Users\Master\Desktop\gmer.txt
2014-02-07 12:33 - 2014-02-07 12:33 - 00000000 _____ () C:\Users\Master\Desktop\Neues Textdokument.txt
2014-02-07 10:47 - 2014-02-07 10:47 - 00042111 _____ () C:\Users\Master\Desktop\FRST.txt
2014-02-07 10:40 - 2014-02-07 10:40 - 00380416 _____ () C:\Users\Master\Downloads\Gmer-19357.exe
2014-02-07 10:37 - 2014-02-07 10:37 - 00026884 _____ () C:\Users\Master\Desktop\Addition.txt
2014-02-07 10:22 - 2014-02-07 10:21 - 02079744 _____ (Farbar) C:\Users\Master\Downloads\FRST64.exe
2014-02-07 10:12 - 2014-02-06 05:55 - 00000000 ____D () C:\ProgramData\SNT
2014-02-07 08:02 - 2014-02-06 05:55 - 00000000 ____D () C:\Program Files (x86)\WS-Enabler
2014-02-07 07:35 - 2013-03-31 00:24 - 00048169 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-02-07 07:34 - 2014-02-06 05:55 - 00000000 ____D () C:\Program Files (x86)\SNT
2014-02-07 07:34 - 2014-02-06 05:53 - 00000000 ____D () C:\ProgramData\8e6786b3e52dfe8e
2014-02-07 07:31 - 2014-01-28 01:56 - 00000000 ____D () C:\Users\Master\AppData\Local\Unity
2014-02-07 05:48 - 2013-09-30 21:23 - 00000000 ____D () C:\Users\Master\Documents\Euro Truck Simulator 2
2014-02-07 05:34 - 2013-04-05 02:16 - 00003698 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9767DE0A-F9EC-45DD-96BD-0D99EB6C9648}
2014-02-06 06:24 - 2014-02-06 06:11 - 39663402 _____ () C:\Users\Master\Downloads\zzTSM_Schwerlast_Trailerpacket_1.7.5_Packet_1-3.rar
2014-02-06 06:14 - 2014-02-06 06:13 - 00000000 ____D () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4
2014-02-06 06:12 - 2014-02-06 06:02 - 30672100 _____ () C:\Users\Master\Downloads\zzzzFirmenmod_TSM4.7z
2014-02-06 05:56 - 2014-02-06 05:42 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-06 05:55 - 2014-02-06 05:55 - 00000754 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 05:54 - 2006-11-02 14:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-06 05:54 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Packages
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator
2014-02-06 05:43 - 2014-02-06 05:43 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-06 05:37 - 2014-02-06 05:37 - 00000000 ____D () C:\Users\Master\AppData\Roaming\NVIDIA
2014-02-06 01:05 - 2014-02-02 21:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-06 00:57 - 2012-11-23 03:17 - 00000000 ____D () C:\Users\Master
2014-02-06 00:52 - 2012-12-23 23:05 - 00001356 _____ () C:\Users\Master\AppData\Local\d3d9caps.dat
2014-02-06 00:47 - 2014-02-01 07:04 - 00000000 ____D () C:\Users\Master\AppData\Local\NVIDIA
2014-02-06 00:45 - 2012-11-23 03:17 - 00001460 _____ () C:\Users\Master\AppData\Local\d3d9caps64.dat
2014-02-05 22:44 - 2012-11-23 03:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 19:34 - 2014-02-05 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 05:17 - 2012-11-23 03:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 05:17 - 2012-11-23 03:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 05:17 - 2012-11-23 03:24 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-02 22:01 - 2012-11-23 03:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-02 21:53 - 2014-02-02 21:53 - 00001182 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-02 21:53 - 2014-02-02 21:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-02 21:52 - 2012-11-23 03:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-02 21:48 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\Help
2014-02-02 21:41 - 2014-02-02 21:37 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql(1).exe
2014-02-02 18:48 - 2014-02-01 05:52 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2
2014-02-02 18:38 - 2014-02-02 18:38 - 00000000 ____D () C:\Users\Master\AppData\Local\DoNotTrackPlus
2014-02-02 18:27 - 2014-02-02 18:27 - 00000000 ____D () C:\Program Files\ATI
2014-02-02 18:25 - 2014-02-02 18:23 - 218673400 _____ (Advanced Micro Devices, Inc.) C:\Users\Master\Downloads\13-12_winvista_64_dd_ccc_whql.exe
2014-02-01 06:52 - 2014-02-01 06:52 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-01 06:33 - 2014-02-01 06:33 - 00321944 _____ () C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 06:33 - 2013-12-01 02:49 - 445061522 _____ () C:\Windows\MEMORY.DMP
2014-02-01 06:19 - 2014-02-01 06:17 - 262041840 _____ (NVIDIA Corporation) C:\Users\Master\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-02-01 05:23 - 2012-11-29 05:45 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-01 04:19 - 2014-02-01 04:19 - 00000222 _____ () C:\Users\Master\Desktop\PAYDAY 2.url
2014-01-31 21:02 - 2014-01-31 21:02 - 00000222 _____ () C:\Users\Master\Desktop\A-Train 8.url
2014-01-29 16:01 - 2012-12-11 11:42 - 00000000 ____D () C:\Users\Master\AppData\Local\Adobe
2014-01-28 15:44 - 2014-01-28 15:44 - 00000000 ____D () C:\Users\Master\Documents\SH3
2014-01-28 15:44 - 2012-11-28 21:52 - 00221794 _____ () C:\Windows\DirectX.log
2014-01-28 15:27 - 2014-01-28 15:27 - 00000198 _____ () C:\Users\Master\Desktop\Silent Hunter III.url
2014-01-28 01:57 - 2014-01-28 01:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Unity
2014-01-28 01:56 - 2014-01-28 01:56 - 01050768 _____ (Unity Technologies ApS) C:\Users\Master\Downloads\UnityWebPlayer.exe
2014-01-26 19:08 - 2006-11-02 16:26 - 00044165 _____ () C:\Windows\setupact.log
2014-01-23 04:14 - 2014-01-23 04:05 - 582650926 _____ (UIG GmbH ) C:\Users\Master\Downloads\TrainGiantDEMOSetup.exe
2014-01-21 20:15 - 2014-01-21 20:15 - 00000000 ____D () C:\Users\Master\My Games
2014-01-21 18:58 - 2014-01-21 18:51 - 00000000 ____D () C:\Users\Master\Documents\America's Army 3
2014-01-21 18:54 - 2012-12-02 00:24 - 00298280 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-21 18:54 - 2012-12-01 23:05 - 00298280 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-21 18:54 - 2012-12-01 23:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-21 18:49 - 2012-12-02 00:24 - 00000000 ____D () C:\Users\Master\AppData\Local\PunkBuster
2014-01-21 18:44 - 2014-01-21 18:47 - 03360624 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-01-21 17:59 - 2012-12-01 23:05 - 00291096 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-21 17:58 - 2012-12-01 23:06 - 00000000 ____D () C:\Users\Master\Documents\My Games
2014-01-21 17:49 - 2014-01-21 17:47 - 00000000 ____D () C:\Users\Master\Documents\America's Army
2014-01-18 22:53 - 2014-01-18 22:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-18 19:37 - 2014-01-18 19:37 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2 (Demo)
2014-01-18 19:02 - 2014-01-18 19:02 - 00355536 _____ () C:\Users\Master\AppData\Local\dd_vcredistMSI6815.txt
2014-01-18 19:02 - 2014-01-18 19:02 - 00011146 _____ () C:\Users\Master\AppData\Local\dd_vcredistUI6815.txt
2014-01-18 18:23 - 2014-01-18 18:23 - 00000222 _____ () C:\Users\Master\Desktop\Spec Ops The Line Demo.url
2014-01-17 19:33 - 2013-09-12 11:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-17 19:24 - 2014-01-17 19:23 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 19:24 - 2013-09-12 11:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-17 15:13 - 2012-11-23 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-17 15:06 - 2012-11-28 21:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Ubisoft
2014-01-16 03:02 - 2013-08-15 11:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2006-11-02 13:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-12 22:30 - 2013-10-31 05:15 - 00000000 ____D () C:\Users\Master\Documents\Pro Cycling Manager 2012
2014-01-12 20:49 - 2013-10-31 05:15 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Pro Cycling Manager 2012
Some content of TEMP:
====================
C:\Users\Master\AppData\Local\Temp\APNStub.exe
C:\Users\Master\AppData\Local\Temp\dotnetfx35setup.exe
C:\Users\Master\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Master\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Master\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Master\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe
C:\Users\Master\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre_setup.exe
C:\Users\Master\AppData\Local\Temp\NEventMessages.dll
C:\Users\Master\AppData\Local\Temp\nsp8623.tmp.exe
C:\Users\Master\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Master\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Master\AppData\Local\Temp\nvStInst.exe
C:\Users\Master\AppData\Local\Temp\Quarantine.exe
C:\Users\Master\AppData\Local\Temp\safeguard.exe
C:\Users\Master\AppData\Local\Temp\SIntf16.dll
C:\Users\Master\AppData\Local\Temp\SIntf32.dll
C:\Users\Master\AppData\Local\Temp\SIntfNT.dll
C:\Users\Master\AppData\Local\Temp\ubi4E47.tmp.exe
C:\Users\Master\AppData\Local\Temp\_is9308.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 00:36
==================== End Of Log ============================
--- --- --- --- --- --- Ich möchte mich schonmal für deine schnelle Hilfe bedanken  , ich hoffe wir bekommen meine Kiste wieder in die Reihe und den Teufel ausgetrieben  P.S. Das Problem ist nach wie vor da mit den unterstrichenen Wörtern im Browser. Gruß Heckymecky |
|
08.02.2014, 17:01
| #4 |
| /// the machine /// TB-Ausbilder | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Revo Uninstaller - Download - Filepony damit den Browser deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Wenn es Firefox ist dann danach noch: https://support.mozilla.org/de/kb/fi...einfach-loesen ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.02.2014, 04:22
| #5 |
| | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Hallo Schrauber, ich habe noch neben dem Firefox den Internetexplorer auf dem System, habe aber keine Chance gehabt den mit Revo zu löschen.Geht das überhaupt? Den Firefox habe ich wie beschrieben behandelt und er macht schonmal wieder ohne Symtome seine Arbeit. Hoffe das bleibt so. Eset log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c33c4a85e4c42149ade2b7c0bd88f7ff
# engine=17000
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-09 02:42:38
# local_time=2014-02-09 03:42:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=771 16777214 16 1 27442159 27442159 0 0
# compatibility_mode=5892 16776573 100 100 55271 229437758 0 0
# compatibility_mode=9217 16776893 100 13 11221 32429226 0 0
# scanned=338679
# found=7
# cleaned=0
# scan_time=11083
sh=EA9ECD067D2F694DE8ACB427E94F0E413206BEDF ft=1 fh=52ce12bc24d78985 vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QGH3T97\6x0[1].exe"
sh=4AF52169211232B191AD19B44E1261C986796089 ft=1 fh=eaa07087a51ca935 vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QGH3T97\R9MucmX9[1].exe"
sh=F607B0FF99B0A9D500CF94A3064AFC54D3446E4E ft=1 fh=6af42f86531e3dfc vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QGH3T97\wGd[1].exe"
sh=F849A7E519F3DAA00927FB1837A8979D07EE24A5 ft=1 fh=0095dedc99d258a2 vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LP7BMTE\MD[1].exe"
sh=142809F67793F5B30F4ECDEAE62DBC70B95F0556 ft=1 fh=96cfa68db6887e5e vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOZCVO2T\E7[1].exe"
sh=D30C8B83F124B2B79E6CBD25C89664ADD9E21629 ft=1 fh=9ca11bd324447929 vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOZCVO2T\eJNzfHGBD[1].exe"
sh=C23374591A6FADF35BDE54E59A33A9579604DEF0 ft=1 fh=7b36c4415a05ee0f vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOZCVO2T\EO8ZXhRG[1].exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.44 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe ESET ESET Online Scanner OnlineScannerApp.exe Windows Defender MSASCui.exe CheckPoint ZoneAlarm ZAPrivacyService.exe CheckPoint ZoneAlarm zatray.exe CheckPoint ZoneAlarm vsmon.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Master (administrator) on MASTER-PC on 09-02-2014 04:08:24
Running from C:\Users\Master\Downloads
Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Saitek) C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1193390861-196073755-2047653796-1000\...\MountPoints2: {4d3a170c-3512-11e2-acd4-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\WS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\WS-Enabler\Assistant_x64.dll [4241408 2014-02-06] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBB56ED669FDBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {F966A675-593D-4BB4-A418-DD701413149C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=7b696f2190704c05bea444b0129000e9&tu=10GXy00Bt1C01g0&sku=&tstsId=&ver=&&r=138
SearchScopes: HKCU - {F966A675-593D-4BB4-A418-DD701413149C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=7b696f2190704c05bea444b0129000e9&tu=10GXy00Bt1C01g0&sku=&tstsId=&ver=&&r=138
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\ssvruqqj.default-1391901259930
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\ssvruqqj.default-1391901259930\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SNT) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafocjeleomahlpacopmpddomimjceaa [2014-02-06]
CHR Extension: (Yoono Twitter Facebook LinkedIn Youtube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli [2014-02-06]
CHR Extension: (webseauve) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgbfhchpamfmdicdfllapdobhgbeeka [2014-02-06]
CHR Extension: (YoutubeAdblocker) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdclngklkpjcklmomecdnhkhkfjfphc [2014-02-06]
CHR Extension: (YTaBBookMaRk) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgkjdkpfllcjkpklonfgpioogpnlije [2014-02-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-21] ()
R2 SaiDOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [233984 2013-04-16] (Saitek)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-10] (NVIDIA Corporation)
S3 SaiK0762; C:\Windows\System32\DRIVERS\SaiK0762.sys [181024 2013-04-30] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [444952 2013-06-13] (Check Point Software Technologies LTD)
S3 AtiHDAudioService; system32\drivers\AtihdLH6.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-09 03:52 - 2014-02-09 03:52 - 00001074 _____ () C:\Users\Master\Desktop\checkup.txt
2014-02-09 03:47 - 2014-02-09 03:47 - 00987425 _____ () C:\Users\Master\Downloads\SecurityCheck.exe
2014-02-09 03:45 - 2014-02-09 03:45 - 00000000 _____ () C:\Users\Master\Desktop\Neues Textdokument.txt
2014-02-09 00:35 - 2014-02-09 00:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-09 00:34 - 2014-02-09 00:35 - 02347384 _____ (ESET) C:\Users\Master\Downloads\esetsmartinstaller_enu.exe
2014-02-09 00:18 - 2014-02-09 00:18 - 00001099 _____ () C:\Users\Master\Desktop\Revo Uninstaller.lnk
2014-02-09 00:18 - 2014-02-09 00:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-09 00:14 - 2014-02-09 00:14 - 00000000 ____D () C:\Users\Master\Desktop\Alte Firefox-Daten
2014-02-09 00:08 - 2014-02-09 00:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Master\Downloads\revosetup95.exe
2014-02-08 00:55 - 2014-02-09 04:08 - 00012914 _____ () C:\Users\Master\Downloads\FRST.txt
2014-02-08 00:37 - 2014-02-08 00:37 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 00:35 - 2014-02-08 00:35 - 01037530 _____ (Thisisu) C:\Users\Master\Downloads\JRT.exe
2014-02-08 00:12 - 2014-02-08 00:27 - 00000000 ____D () C:\AdwCleaner
2014-02-08 00:10 - 2014-02-08 00:10 - 01166132 _____ () C:\Users\Master\Downloads\adwcleaner.exe
2014-02-07 23:32 - 2014-02-07 23:32 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 23:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-07 23:30 - 2014-02-07 23:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Master\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-07 10:40 - 2014-02-07 10:40 - 00380416 _____ () C:\Users\Master\Downloads\Gmer-19357.exe
2014-02-07 10:22 - 2014-02-09 04:08 - 00000000 ____D () C:\FRST
2014-02-07 10:21 - 2014-02-07 10:22 - 02079744 _____ (Farbar) C:\Users\Master\Downloads\FRST64.exe
2014-02-06 05:55 - 2014-02-07 10:12 - 00000000 ____D () C:\ProgramData\SNT
2014-02-06 05:55 - 2014-02-07 08:02 - 00000000 ____D () C:\Program Files (x86)\WS-Enabler
2014-02-06 05:55 - 2014-02-07 07:34 - 00000000 ____D () C:\Program Files (x86)\SNT
2014-02-06 05:55 - 2014-02-06 05:55 - 00000754 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 05:53 - 2014-02-07 07:34 - 00000000 ____D () C:\ProgramData\8e6786b3e52dfe8e
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Packages
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator
2014-02-06 05:43 - 2014-02-06 05:43 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-06 05:42 - 2014-02-06 05:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-06 05:37 - 2014-02-06 05:37 - 00000000 ____D () C:\Users\Master\AppData\Roaming\NVIDIA
2014-02-05 19:34 - 2014-02-05 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 21:55 - 2014-02-06 01:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-02 21:53 - 2014-02-02 21:53 - 00001182 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-02 21:48 - 2013-12-19 19:53 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-02 21:48 - 2013-12-19 19:53 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-02 21:48 - 2013-12-19 19:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-02 21:47 - 2013-12-19 21:33 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-02 21:47 - 2013-12-19 21:33 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-02 21:46 - 2014-02-02 21:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-02 21:43 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-02 21:43 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-02-02 21:43 - 2013-12-19 21:33 - 00023754 _____ () C:\Windows\system32\nvinfo.pb
2014-02-02 21:43 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-02-02 21:43 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-02-02 21:43 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-02-02 18:38 - 2014-02-02 18:38 - 00000000 ____D () C:\Users\Master\AppData\Local\DoNotTrackPlus
2014-02-02 18:27 - 2014-02-02 18:27 - 00000000 ____D () C:\Program Files\ATI
2014-02-01 07:04 - 2014-02-06 00:47 - 00000000 ____D () C:\Users\Master\AppData\Local\NVIDIA
2014-02-01 06:52 - 2014-02-01 06:52 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-01 06:52 - 2012-11-29 20:02 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-01 06:52 - 2012-11-29 20:02 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-01 06:33 - 2014-02-01 06:33 - 00321944 _____ () C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 05:52 - 2014-02-02 18:48 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2
2014-02-01 04:19 - 2014-02-01 04:19 - 00000222 _____ () C:\Users\Master\Desktop\PAYDAY 2.url
2014-01-31 21:02 - 2014-01-31 21:02 - 00000222 _____ () C:\Users\Master\Desktop\A-Train 8.url
2014-01-28 15:44 - 2014-01-28 15:44 - 00000000 ____D () C:\Users\Master\Documents\SH3
2014-01-28 15:27 - 2014-01-28 15:27 - 00000198 _____ () C:\Users\Master\Desktop\Silent Hunter III.url
2014-01-28 01:57 - 2014-01-28 01:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Unity
2014-01-28 01:56 - 2014-02-07 07:31 - 00000000 ____D () C:\Users\Master\AppData\Local\Unity
2014-01-21 20:15 - 2014-01-21 20:15 - 00000000 ____D () C:\Users\Master\My Games
2014-01-21 18:51 - 2014-01-21 18:58 - 00000000 ____D () C:\Users\Master\Documents\America's Army 3
2014-01-21 18:47 - 2014-01-21 18:44 - 03360624 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-01-21 17:47 - 2014-01-21 17:49 - 00000000 ____D () C:\Users\Master\Documents\America's Army
2014-01-18 22:52 - 2014-01-18 22:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-18 19:37 - 2014-01-18 19:37 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2 (Demo)
2014-01-18 19:02 - 2014-01-18 19:02 - 00355536 _____ () C:\Users\Master\AppData\Local\dd_vcredistMSI6815.txt
2014-01-18 19:02 - 2014-01-18 19:02 - 00011146 _____ () C:\Users\Master\AppData\Local\dd_vcredistUI6815.txt
2014-01-18 18:23 - 2014-01-18 18:23 - 00000222 _____ () C:\Users\Master\Desktop\Spec Ops The Line Demo.url
2014-01-17 19:24 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 19:24 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-17 19:24 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-17 19:24 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 19:23 - 2014-01-17 19:24 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
==================== One Month Modified Files and Folders =======
2014-02-09 04:09 - 2014-02-08 00:55 - 00012914 _____ () C:\Users\Master\Downloads\FRST.txt
2014-02-09 04:08 - 2014-02-07 10:22 - 00000000 ____D () C:\FRST
2014-02-09 03:59 - 2006-11-02 16:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 03:59 - 2006-11-02 16:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 03:52 - 2014-02-09 03:52 - 00001074 _____ () C:\Users\Master\Desktop\checkup.txt
2014-02-09 03:47 - 2014-02-09 03:47 - 00987425 _____ () C:\Users\Master\Downloads\SecurityCheck.exe
2014-02-09 03:45 - 2014-02-09 03:45 - 00000000 _____ () C:\Users\Master\Desktop\Neues Textdokument.txt
2014-02-09 03:43 - 2006-11-02 16:26 - 01194136 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 03:17 - 2012-11-23 03:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 00:35 - 2014-02-09 00:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-09 00:35 - 2014-02-09 00:34 - 02347384 _____ (ESET) C:\Users\Master\Downloads\esetsmartinstaller_enu.exe
2014-02-09 00:25 - 2013-03-31 00:24 - 00048729 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-02-09 00:18 - 2014-02-09 00:18 - 00001099 _____ () C:\Users\Master\Desktop\Revo Uninstaller.lnk
2014-02-09 00:18 - 2014-02-09 00:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-09 00:14 - 2014-02-09 00:14 - 00000000 ____D () C:\Users\Master\Desktop\Alte Firefox-Daten
2014-02-09 00:08 - 2014-02-09 00:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Master\Downloads\revosetup95.exe
2014-02-09 00:05 - 2006-11-02 20:15 - 00688018 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 00:05 - 2006-11-02 20:15 - 00151392 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 00:05 - 2006-11-02 13:46 - 01608278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-08 23:59 - 2006-11-02 16:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 12:21 - 2006-11-02 16:40 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-08 06:15 - 2013-04-05 02:16 - 00003698 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9767DE0A-F9EC-45DD-96BD-0D99EB6C9648}
2014-02-08 04:24 - 2013-09-30 21:23 - 00000000 ____D () C:\Users\Master\Documents\Euro Truck Simulator 2
2014-02-08 00:37 - 2014-02-08 00:37 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 00:35 - 2014-02-08 00:35 - 01037530 _____ (Thisisu) C:\Users\Master\Downloads\JRT.exe
2014-02-08 00:30 - 2013-03-28 13:14 - 00000000 ____D () C:\Users\Master\AppData\Roaming\CheckPoint
2014-02-08 00:27 - 2014-02-08 00:12 - 00000000 ____D () C:\AdwCleaner
2014-02-08 00:10 - 2014-02-08 00:10 - 01166132 _____ () C:\Users\Master\Downloads\adwcleaner.exe
2014-02-08 00:03 - 2006-11-02 16:39 - 00027180 _____ () C:\Windows\PFRO.log
2014-02-07 23:32 - 2014-02-07 23:32 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-07 23:32 - 2014-02-07 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 23:30 - 2014-02-07 23:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Master\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-07 10:40 - 2014-02-07 10:40 - 00380416 _____ () C:\Users\Master\Downloads\Gmer-19357.exe
2014-02-07 10:22 - 2014-02-07 10:21 - 02079744 _____ (Farbar) C:\Users\Master\Downloads\FRST64.exe
2014-02-07 10:12 - 2014-02-06 05:55 - 00000000 ____D () C:\ProgramData\SNT
2014-02-07 08:02 - 2014-02-06 05:55 - 00000000 ____D () C:\Program Files (x86)\WS-Enabler
2014-02-07 07:34 - 2014-02-06 05:55 - 00000000 ____D () C:\Program Files (x86)\SNT
2014-02-07 07:34 - 2014-02-06 05:53 - 00000000 ____D () C:\ProgramData\8e6786b3e52dfe8e
2014-02-07 07:31 - 2014-01-28 01:56 - 00000000 ____D () C:\Users\Master\AppData\Local\Unity
2014-02-06 05:56 - 2014-02-06 05:42 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-06 05:55 - 2014-02-06 05:55 - 00000754 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 05:54 - 2006-11-02 14:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-06 05:54 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Packages
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Master\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Gast
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-06 05:53 - 2014-02-06 05:53 - 00000000 ____D () C:\Users\Administrator
2014-02-06 05:43 - 2014-02-06 05:43 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-06 05:37 - 2014-02-06 05:37 - 00000000 ____D () C:\Users\Master\AppData\Roaming\NVIDIA
2014-02-06 01:05 - 2014-02-02 21:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-06 00:57 - 2012-11-23 03:17 - 00000000 ____D () C:\Users\Master
2014-02-06 00:52 - 2012-12-23 23:05 - 00001356 _____ () C:\Users\Master\AppData\Local\d3d9caps.dat
2014-02-06 00:47 - 2014-02-01 07:04 - 00000000 ____D () C:\Users\Master\AppData\Local\NVIDIA
2014-02-06 00:45 - 2012-11-23 03:17 - 00001460 _____ () C:\Users\Master\AppData\Local\d3d9caps64.dat
2014-02-05 22:44 - 2012-11-23 03:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 19:34 - 2014-02-05 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 05:17 - 2012-11-23 03:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 05:17 - 2012-11-23 03:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 05:17 - 2012-11-23 03:24 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-02 22:01 - 2012-11-23 03:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-02 21:53 - 2014-02-02 21:53 - 00001182 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-02 21:53 - 2014-02-02 21:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-02 21:52 - 2012-11-23 03:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-02 21:48 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\Help
2014-02-02 18:48 - 2014-02-01 05:52 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2
2014-02-02 18:38 - 2014-02-02 18:38 - 00000000 ____D () C:\Users\Master\AppData\Local\DoNotTrackPlus
2014-02-02 18:27 - 2014-02-02 18:27 - 00000000 ____D () C:\Program Files\ATI
2014-02-01 06:52 - 2014-02-01 06:52 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-01 06:52 - 2014-02-01 06:52 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-01 06:33 - 2014-02-01 06:33 - 00321944 _____ () C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 06:33 - 2013-12-01 02:49 - 445061522 _____ () C:\Windows\MEMORY.DMP
2014-02-01 05:23 - 2012-11-29 05:45 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-01 04:19 - 2014-02-01 04:19 - 00000222 _____ () C:\Users\Master\Desktop\PAYDAY 2.url
2014-01-31 21:02 - 2014-01-31 21:02 - 00000222 _____ () C:\Users\Master\Desktop\A-Train 8.url
2014-01-29 16:01 - 2012-12-11 11:42 - 00000000 ____D () C:\Users\Master\AppData\Local\Adobe
2014-01-28 15:44 - 2014-01-28 15:44 - 00000000 ____D () C:\Users\Master\Documents\SH3
2014-01-28 15:44 - 2012-11-28 21:52 - 00221794 _____ () C:\Windows\DirectX.log
2014-01-28 15:27 - 2014-01-28 15:27 - 00000198 _____ () C:\Users\Master\Desktop\Silent Hunter III.url
2014-01-28 01:57 - 2014-01-28 01:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Unity
2014-01-26 19:08 - 2006-11-02 16:26 - 00044165 _____ () C:\Windows\setupact.log
2014-01-21 20:15 - 2014-01-21 20:15 - 00000000 ____D () C:\Users\Master\My Games
2014-01-21 18:58 - 2014-01-21 18:51 - 00000000 ____D () C:\Users\Master\Documents\America's Army 3
2014-01-21 18:54 - 2012-12-02 00:24 - 00298280 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-21 18:54 - 2012-12-01 23:05 - 00298280 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-21 18:54 - 2012-12-01 23:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-21 18:49 - 2012-12-02 00:24 - 00000000 ____D () C:\Users\Master\AppData\Local\PunkBuster
2014-01-21 18:44 - 2014-01-21 18:47 - 03360624 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-01-21 17:59 - 2012-12-01 23:05 - 00291096 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-21 17:58 - 2012-12-01 23:06 - 00000000 ____D () C:\Users\Master\Documents\My Games
2014-01-21 17:49 - 2014-01-21 17:47 - 00000000 ____D () C:\Users\Master\Documents\America's Army
2014-01-18 22:53 - 2014-01-18 22:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-18 19:37 - 2014-01-18 19:37 - 00000000 ____D () C:\Users\Master\AppData\Local\PAYDAY 2 (Demo)
2014-01-18 19:02 - 2014-01-18 19:02 - 00355536 _____ () C:\Users\Master\AppData\Local\dd_vcredistMSI6815.txt
2014-01-18 19:02 - 2014-01-18 19:02 - 00011146 _____ () C:\Users\Master\AppData\Local\dd_vcredistUI6815.txt
2014-01-18 18:23 - 2014-01-18 18:23 - 00000222 _____ () C:\Users\Master\Desktop\Spec Ops The Line Demo.url
2014-01-17 19:33 - 2013-09-12 11:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-17 19:24 - 2014-01-17 19:23 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 19:24 - 2013-09-12 11:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-17 15:13 - 2012-11-23 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-17 15:06 - 2012-11-28 21:57 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Ubisoft
2014-01-16 03:02 - 2013-08-15 11:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2006-11-02 13:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-12 22:30 - 2013-10-31 05:15 - 00000000 ____D () C:\Users\Master\Documents\Pro Cycling Manager 2012
2014-01-12 20:49 - 2013-10-31 05:15 - 00000000 ____D () C:\Users\Master\AppData\Roaming\Pro Cycling Manager 2012
Some content of TEMP:
====================
C:\Users\Master\AppData\Local\Temp\APNStub.exe
C:\Users\Master\AppData\Local\Temp\dotnetfx35setup.exe
C:\Users\Master\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Master\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Master\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Master\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe
C:\Users\Master\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Master\AppData\Local\Temp\jre_setup.exe
C:\Users\Master\AppData\Local\Temp\NEventMessages.dll
C:\Users\Master\AppData\Local\Temp\nsp8623.tmp.exe
C:\Users\Master\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Master\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Master\AppData\Local\Temp\nvStInst.exe
C:\Users\Master\AppData\Local\Temp\Quarantine.exe
C:\Users\Master\AppData\Local\Temp\safeguard.exe
C:\Users\Master\AppData\Local\Temp\SIntf16.dll
C:\Users\Master\AppData\Local\Temp\SIntf32.dll
C:\Users\Master\AppData\Local\Temp\SIntfNT.dll
C:\Users\Master\AppData\Local\Temp\ubi4E47.tmp.exe
C:\Users\Master\AppData\Local\Temp\_is9308.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-09 00:06
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Ich hoffe wir bekommen die 7 gefundenen auch noch weg. Ich sag schon mal danke, du bist echt spitze! Gruß Heckymecky Geändert von Heckymecky (09.02.2014 um 05:03 Uhr) |
|
09.02.2014, 17:16
| #6 |
| /// the machine /// TB-Ausbilder | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Macht der IE denn auch Probleme? Die Funde sind nur in den Temps. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ --> ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk |
|
09.02.2014, 23:28
| #7 |
| | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Vielen Dank!  Damit ist die Behandlung abgeschlossen wenn ich dich richtig verstehe. Nochmals vielen Dank, ich werde in Zukunft vorsichtiger sein. Gruß Heckymecky |
|
10.02.2014, 17:33
| #8 |
| /// the machine /// TB-Ausbilder | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.02.2014, 03:46
| #9 |
| | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Danke Schrauber, ich nehme deine Tips gerne mit, werde mich jetzt mehr mit der Sicherheit meines Computers beschäftigen. Vielein Dank noch mal. Alle Fragen sind erstmal für mich hier beantwortet. Gruß Heckymecky |
|
11.02.2014, 18:47
| #10 |
| /// the machine /// TB-Ausbilder | ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk |
| antivirus, desktop, firefox, flash player, helper, homepage, iexplore.exe, installation, kunde, malware, minidump, msiinstaller, problem, pup.optional.installiq, pup.optional.multiplug, pup.optional.opencandy, pup.optional.softonic.a, pup.optional.tarma, pup.optional.websearchinfo, svchost.exe, werbung, win32/adware.multiplug.o, windows |
Linear-Darstellung
