|
Log-Analyse und Auswertung: ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.02.2014, 14:14 | #1 |
| ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Moin, ich habe mir von shareware.de ein Programm runtergeladen, gut ich wusste, dass ich danach dann erstmal die Viren etc. entfernen muss, aber das Programm gabs leider nirgendwo anders. Ich beziehe mich auf diese Anleitung : http://www.trojaner-board.de/146467-...entfernen.html Was habe ich bisher gemacht?: - ResultsAlpha Toolbar aus Firefox entfernt, da ich nur Firefox nutze(muss ich dasselbe auch beim Internet Explorer machen?) - Ich habe erstmal nur den " Malwarebytes Anti-Malware " benutzt, da der weitere Schritt bereits Löschungen vorsieht. Hier die Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Ich :: PCJD1234567 [Administrator] 10.02.2014 14:02:49 MBAM-log-2014-02-10 (14-08-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 219193 Laufzeit: 3 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 3 C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe (PUP.Optional.ResultsAlpha.A) -> 2136 -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\ResultsAlpha.FirstRun.exe (PUP.Optional.Sambreel.A) -> 1572 -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\Windows Net Data\net.exe (PUP.Optional.NetData.A) -> 2576 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKLM\SYSTEM\CurrentControlSet\Services\Update ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{cbab673a-a480-4050-bd2b-5de24a7a0282} (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{f631e34d-23d3-4ed2-8942-631b8aaf9ea4} (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. HKCR\Interface\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8} (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBAB673A-A480-4050-BD2B-5DE24A7A0282} (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Utils (PUP.Optional.NetData.A) -> Keine Aktion durchgeführt. HKCU\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. HKLM\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE82B3340-D146-401E-A0E0-8D91832618F4&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 5 C:\Users\Ich\AppData\Roaming\Windows Net Data (PUP.Optional.NetData.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy\64E34C8B7B264469BD8F84EA905168F3 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy\OpenCandy_64E34C8B7B264469BD8F84EA905168F3 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. Infizierte Dateien: 29 C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\ResultsAlpha.FirstRun.exe (PUP.Optional.Sambreel.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\ResultsAlphaBHO.dll (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\Temp\nsnFF3C.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\Temp\nstE6AB.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\Temp\nsw40A.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\Temp\nsyE851.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\Temp\nsyFDA6.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\Temp\nsyD9FD\SpSetup.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\DownloadGuide\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\DownloadGuide\Offers\Lollipop.exe (Adware.Linkular) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Local\DownloadGuide\Offers\sp-downloader.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\Windows Net Data\well.dat (PUP.Optional.NetData.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\Windows Net Data\id.dat (PUP.Optional.NetData.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\Windows Net Data\net.exe (PUP.Optional.NetData.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\Windows Net Data\uninstaller.exe (PUP.Optional.NetData.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\ResultsAlpha.ico (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\0 (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\7za.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\ResultsAlpha.BrowserFilter.Helper.dll (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\ResultsAlphaBrowserFilter.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\ResultsAlphaUninstall.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.InstallState (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy\64E34C8B7B264469BD8F84EA905168F3\2877.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy\64E34C8B7B264469BD8F84EA905168F3\avg.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy\64E34C8B7B264469BD8F84EA905168F3\AVG923_p1v3.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy\64E34C8B7B264469BD8F84EA905168F3\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ich\AppData\Roaming\OpenCandy\64E34C8B7B264469BD8F84EA905168F3\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. (Ende) Ich habe noch nichts gelöscht, vielleicht schaut sich das einer mal an. Vielen Dank Der- Geändert von Der- (10.02.2014 um 14:29 Uhr) Grund: Logfile in CODE-Box gestellt |
10.02.2014, 14:18 | #2 |
/// the machine /// TB-Ausbilder | ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) hi,
__________________So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
10.02.2014, 16:46 | #3 |
| ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) danke für die schnelle Antwort
__________________FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03 Ran by Ich (administrator) on PCJD1234567 on 10-02-2014 14:36:58 Running from C:\Users\Ich\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Windows Net) C:\Users\Ich\AppData\Roaming\Windows Net Data\net.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\ProgramData\dlprotect.exe () C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Dominik Reichl) F:\KeePass-1.18\KeePass.exe () C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2012-07-05] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-07-05] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HF_G_Jul] - "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [NetFxUpdate_v1.1.4322] - "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-02-10] () HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X] HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [ASRockXTU] - [X] HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\MountPoints2: {8112dd65-3020-11e2-9147-bc5ff438953c} - F:\pushinst.exe Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Ich\AppData\Roaming\Windows Net Data\net.exe (Windows Net) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE82B3340-D146-401E-A0E0-8D91832618F4&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC921F7A2E25ACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPE82B3340-D146-401E-A0E0-8D91832618F4&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPE82B3340-D146-401E-A0E0-8D91832618F4&q={searchTerms}&SSPV= SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ResultsAlpha - {cbab673a-a480-4050-bd2b-5de24a7a0282} - C:\Program Files (x86)\ResultsAlpha\ResultsAlphabho.dll (ResultsAlpha) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default FF user.js: detected! => C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default\user.js FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://isearch.avg.com/search?cid=%7Bd9f8503a-2241-4984-a675-c36e8f958b45%7D&mid=fab962d9f94247d0bc376d16b2dc7ccf-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=od011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-06%2009%3A54%3A43&sap=ku&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: pricealarm - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-02-07] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-01] (BitRaider, LLC) R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-03] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2012-08-03] () R2 Update ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe [80160 2014-02-10] () R2 Util ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe [80160 2014-02-10] () ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-01] (BitRaider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-06] (DT Soft Ltd) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH) S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation) R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-10 14:36 - 2014-02-10 14:37 - 00013486 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-02-10 14:36 - 2014-02-10 14:36 - 00000000 ____D () C:\FRST 2014-02-10 14:35 - 2014-02-10 14:35 - 02170880 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Malwarebytes 2014-02-10 14:01 - 2014-02-10 14:01 - 00000798 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-10 14:01 - 2014-02-10 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-10 14:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-10 13:55 - 2014-02-10 13:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-10 13:10 - 2014-02-10 14:10 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha 2014-02-10 13:10 - 2014-02-10 13:18 - 00000000 ____D () C:\Users\Ich\AppData\Local\Lollipop 2014-02-10 13:10 - 2014-02-10 13:10 - 00012800 _____ () C:\ProgramData\dlprotect.exe 2014-02-10 13:09 - 2014-02-10 13:09 - 00125440 _____ () C:\Windows\system32\DlProtectSvc.exe 2014-02-10 13:09 - 2014-02-10 13:09 - 00118784 _____ () C:\Windows\system32\pomstore.exe 2014-02-10 13:09 - 2014-02-10 13:09 - 00000000 _____ () C:\END 2014-02-10 12:35 - 2014-02-10 12:35 - 00003028 _____ () C:\Windows\System32\Tasks\asrRd 2014-02-10 03:29 - 2014-02-10 13:17 - 00000000 ____D () C:\Users\Ich\AppData\Local\DownloadGuide 2014-02-10 00:11 - 2014-02-10 00:11 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-02-10 00:11 - 2014-02-10 00:11 - 00000000 ____D () C:\Program Files\Java 2014-02-09 23:44 - 2014-02-10 00:17 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-02-09 23:44 - 2014-02-09 23:48 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\GitHub 2014-02-09 23:44 - 2014-02-09 23:48 - 00000000 ____D () C:\Users\Ich\AppData\Local\GitHub 2014-02-09 23:41 - 2014-02-10 00:17 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment 2014-02-09 23:41 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0 2014-02-08 22:53 - 2014-02-08 22:53 - 00000416 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.dat 2014-02-08 22:53 - 2014-02-08 22:52 - 00034358 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.bmp 2014-02-08 19:17 - 2014-02-09 23:01 - 00000000 ____D () C:\ProgramData\gtk-2.0 2014-02-08 16:04 - 2014-02-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-06 15:02 - 2014-02-10 03:28 - 00000000 ____D () C:\Users\Ich\Downloads\Chatbot 2014-02-06 14:28 - 2014-02-06 14:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\gtk-2.0 2014-02-06 14:25 - 2014-02-06 14:25 - 07101452 _____ (Tobias Schulz ) C:\Users\Ich\Downloads\jeliza-setup-2.2.2.exe 2014-02-06 13:47 - 2014-02-06 13:48 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Windows Net Data 2014-02-03 22:04 - 2014-02-03 22:04 - 00000224 _____ () C:\Users\Ich\Desktop\Februar 2008 Das Leben ist ein Süßigkeitenladen.URL 2014-01-29 19:27 - 2014-01-29 19:27 - 00000222 _____ () C:\Users\Ich\Desktop\Professional Game Music Creation Tips & Avoiding Common Mistakes Aaron WALZ - YouTube.URL 2014-01-22 04:23 - 2014-01-22 04:23 - 00000221 _____ () C:\Users\Ich\Desktop\nl_Kripp - nolife Kripparrian -- HEARTHSTONE! Constructed Practice. Day 5 - Twitch.URL 2014-01-15 13:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-15 13:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-15 13:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-15 13:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-15 13:36 - 2014-01-15 13:37 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-11 13:43 - 2014-01-11 13:43 - 00000534 _____ () C:\Users\Public\Desktop\Fraps.lnk ==================== One Month Modified Files and Folders ======= 2014-02-10 14:37 - 2014-02-10 14:36 - 00013486 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-02-10 14:36 - 2014-02-10 14:36 - 00000000 ____D () C:\FRST 2014-02-10 14:35 - 2014-02-10 14:35 - 02170880 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-02-10 14:35 - 2012-07-06 14:23 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-02-10 14:10 - 2014-02-10 13:10 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha 2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Malwarebytes 2014-02-10 14:01 - 2014-02-10 14:01 - 00000798 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-10 14:01 - 2014-02-10 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-10 13:55 - 2014-02-10 13:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-10 13:18 - 2014-02-10 13:10 - 00000000 ____D () C:\Users\Ich\AppData\Local\Lollipop 2014-02-10 13:17 - 2014-02-10 03:29 - 00000000 ____D () C:\Users\Ich\AppData\Local\DownloadGuide 2014-02-10 13:11 - 2012-07-05 11:32 - 01501856 _____ () C:\Windows\WindowsUpdate.log 2014-02-10 13:10 - 2014-02-10 13:10 - 00012800 _____ () C:\ProgramData\dlprotect.exe 2014-02-10 13:09 - 2014-02-10 13:09 - 00125440 _____ () C:\Windows\system32\DlProtectSvc.exe 2014-02-10 13:09 - 2014-02-10 13:09 - 00118784 _____ () C:\Windows\system32\pomstore.exe 2014-02-10 13:09 - 2014-02-10 13:09 - 00000000 _____ () C:\END 2014-02-10 12:41 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-10 12:41 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-10 12:35 - 2014-02-10 12:35 - 00003028 _____ () C:\Windows\System32\Tasks\asrRd 2014-02-10 12:35 - 2012-07-09 12:21 - 00002962 _____ () C:\Windows\System32\Tasks\AsrXTU 2014-02-10 12:34 - 2013-09-30 11:34 - 00017129 _____ () C:\Windows\setupact.log 2014-02-10 12:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-10 03:28 - 2014-02-06 15:02 - 00000000 ____D () C:\Users\Ich\Downloads\Chatbot 2014-02-10 02:00 - 2012-07-09 14:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-02-10 01:51 - 2014-01-08 14:55 - 00000000 ____D () C:\Users\Ich\AppData\Local\Battle.net 2014-02-10 00:17 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-02-10 00:17 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment 2014-02-10 00:11 - 2014-02-10 00:11 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-02-10 00:11 - 2014-02-10 00:11 - 00000000 ____D () C:\Program Files\Java 2014-02-09 23:48 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\GitHub 2014-02-09 23:48 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Local\GitHub 2014-02-09 23:41 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0 2014-02-09 23:01 - 2014-02-08 19:17 - 00000000 ____D () C:\ProgramData\gtk-2.0 2014-02-09 17:05 - 2012-07-05 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-08 22:53 - 2014-02-08 22:53 - 00000416 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.dat 2014-02-08 22:53 - 2012-12-19 16:55 - 00131584 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe 2014-02-08 22:52 - 2014-02-08 22:53 - 00034358 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.bmp 2014-02-08 18:39 - 2012-07-05 11:29 - 00000000 ____D () C:\Users\Ich\AppData\Local\VirtualStore 2014-02-08 16:04 - 2014-02-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-08 01:18 - 2012-07-21 23:58 - 01780224 ___SH () C:\Users\Ich\Desktop\Thumbs.db 2014-02-07 00:32 - 2013-12-06 23:03 - 00000888 _____ () C:\Windows\LkmdfCoInst.log 2014-02-07 00:31 - 2012-07-06 00:24 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-02-06 14:28 - 2014-02-06 14:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\gtk-2.0 2014-02-06 14:25 - 2014-02-06 14:25 - 07101452 _____ (Tobias Schulz ) C:\Users\Ich\Downloads\jeliza-setup-2.2.2.exe 2014-02-06 13:48 - 2014-02-06 13:47 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Windows Net Data 2014-02-06 13:48 - 2012-07-05 11:29 - 00000000 ___RD () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-06 11:08 - 2012-07-05 22:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 11:08 - 2012-07-05 22:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-03 22:04 - 2014-02-03 22:04 - 00000224 _____ () C:\Users\Ich\Desktop\Februar 2008 Das Leben ist ein Süßigkeitenladen.URL 2014-02-03 09:06 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-29 19:27 - 2014-01-29 19:27 - 00000222 _____ () C:\Users\Ich\Desktop\Professional Game Music Creation Tips & Avoiding Common Mistakes Aaron WALZ - YouTube.URL 2014-01-22 04:23 - 2014-01-22 04:23 - 00000221 _____ () C:\Users\Ich\Desktop\nl_Kripp - nolife Kripparrian -- HEARTHSTONE! Constructed Practice. Day 5 - Twitch.URL 2014-01-19 01:08 - 2012-07-09 12:25 - 00000000 ____D () C:\Users\Ich\Downloads\steinberg & NI & Plugins 2014-01-15 13:37 - 2014-01-15 13:36 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 13:37 - 2013-10-20 18:51 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-15 13:37 - 2012-07-17 15:50 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-11 13:43 - 2014-01-11 13:43 - 00000534 _____ () C:\Users\Public\Desktop\Fraps.lnk Files to move or delete: ==================== C:\ProgramData\dlprotect.exe Some content of TEMP: ==================== C:\Users\Ich\AppData\Local\Temp\avgnt.exe C:\Users\Ich\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Ich\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Ich\AppData\Local\Temp\nsnFF3C.exe C:\Users\Ich\AppData\Local\Temp\nstE6AB.exe C:\Users\Ich\AppData\Local\Temp\nsw40A.exe C:\Users\Ich\AppData\Local\Temp\nsyE851.exe C:\Users\Ich\AppData\Local\Temp\nsyFDA6.exe C:\Users\Ich\AppData\Local\Temp\sdanircmdc.exe C:\Users\Ich\AppData\Local\Temp\sdapskill.exe C:\Users\Ich\AppData\Local\Temp\sdaspwn.exe C:\Users\Ich\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 17:51 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Additions.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014 03 Ran by Ich at 2014-02-10 14:37:10 Running from C:\Users\Ich\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (x32 Version: 12.0.6.147 - Adobe Systems, Inc.) Aidan (x32 Version: - ) AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (x32 Version: 2.3.4 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) ArtsAcoustic Reverb DEMO 1.5.0.5 (x32 Version: 1.5.0.5 - ArtsAcoustic Vertrieb GbR) ASIO4ALL (x32 Version: 2.10 - Michael Tippach) Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.1.000 - Asmedia Technology) ASRock eXtreme Tuner v0.1.188 (x32 Version: - ) ASRock XFast RAM v2.0.9 (Version: - ASRock Inc.) Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Battle.net (x32 Version: - Blizzard Entertainment) BitRaider Web Client (x32 Version: 1.1.9.4 - BitRaider, LLC) Blender (Version: 2.69 - Blender Foundation) Borderlands 2 (x32 Version: - Gearbox Software) CamStudio Lossless Codec (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCleaner (Version: 4.06 - Piriform) Chivalry: Medieval Warfare (x32 Version: - ) Connect (x32 Version: 2.2.2 - Continuata) DAEMON Tools Lite (x32 Version: 4.45.4.0314 - DT Soft Ltd) eLicenser Control (x32 Version: - Steinberg Media Technologies GmbH) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EZdrummer Lite Edition 64 bit (Version: 1.3.1 - Toontrack) FLAC 1.2.1b (remove only) (x32 Version: 1.2.1b - Xiph.org) Fraps (x32 Version: - ) Goalscape (x32 Version: 2.7.2 - Goalscape Software GmbH) Goalscape (x32 Version: 2.7.2 - Goalscape Software GmbH) Hidden Hearthstone (x32 Version: - Blizzard Entertainment) HOFA-Plugins Uninstall (x32 Version: - HOFA-Plugins) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation) Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 51 (64-bit) (Version: 1.7.0.510 - Oracle) JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation) keFIR VST plugin (x32 Version: 1.0.0 - Piotr "Habib" Pyrzanowski) L&H TTS3000 British English (x32 Version: - ) Legend of Grimrock (x32 Version: - ) Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) M-Audio Oxygen Driver 1.3.0 (x64) (Version: 1.3.0 - M-Audio) MeldaProduction MFreeEffectsBundle64 7 (x32 Version: - MeldaProduction) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Age of Empires II (x32 Version: - ) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mount & Blade: Warband (x32 Version: - Tale Worlds) Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla) Mumble 1.2.4 (x32 Version: 1.2.4 - Thorvald Natvig) Native Instruments Abbey Road 60s Drums (Version: 1.2.0.003 - Native Instruments) Hidden Native Instruments Abbey Road 60s Drums (x32 Version: - Native Instruments) Native Instruments Absynth 5 (Version: 5.2.0.1277 - Native Instruments) Hidden Native Instruments Absynth 5 (x32 Version: 5.2.0.1277 - Native Instruments) Native Instruments Battery 3 (Version: 3.2.3.637 - Native Instruments) Hidden Native Instruments Battery 3 (x32 Version: - Native Instruments) Native Instruments Battery Library Importer for Maschine (Version: 1.0.0.003 - Native Instruments) Hidden Native Instruments Battery Library Importer for Maschine (x32 Version: - Native Instruments) Native Instruments Berlin Concert Grand (Version: 1.3.0.004 - Native Instruments) Hidden Native Instruments Berlin Concert Grand (x32 Version: - Native Instruments) Native Instruments Controller Editor (Version: 1.6.0.1528 - Native Instruments) Hidden Native Instruments Controller Editor (x32 Version: 1.6.0.1528 - Native Instruments) Native Instruments FM8 (Version: 1.3.0.1244 - Native Instruments) Hidden Native Instruments FM8 (x32 Version: 1.3.0.1244 - Native Instruments) Native Instruments Guitar Rig 5 (Version: 5.2.0.2770 - Native Instruments) Hidden Native Instruments Guitar Rig 5 (x32 Version: 5.2.0.2770 - Native Instruments) Native Instruments Guitar Rig Mobile IO Driver (Version: 3.1.0.761 - Native Instruments) Hidden Native Instruments Guitar Rig Mobile IO Driver (x32 Version: - Native Instruments) Native Instruments Guitar Rig Session IO Driver (Version: 3.1.0.761 - Native Instruments) Hidden Native Instruments Guitar Rig Session IO Driver (x32 Version: - Native Instruments) Native Instruments Komplete 8 (Version: 8.0.0.001 - Native Instruments) Hidden Native Instruments Komplete 8 (x32 Version: - Native Instruments) Native Instruments Kontakt 5 (Version: 5.3.0.6464 - Native Instruments) Hidden Native Instruments Kontakt 5 (x32 Version: 5.3.0.6464 - Native Instruments) Native Instruments Kontakt Factory Library (Version: 1.1.0.6 - Native Instruments) Hidden Native Instruments Kontakt Factory Library (x32 Version: 1.1.0.6 - Native Instruments) Native Instruments Massive (Version: 1.4.0.292 - Native Instruments) Hidden Native Instruments Massive (x32 Version: 1.4.0.292 - Native Instruments) Native Instruments New York Concert Grand (Version: 1.3.0.004 - Native Instruments) Hidden Native Instruments New York Concert Grand (x32 Version: - Native Instruments) Native Instruments Rammfire (Version: 2.0.0.4 - Native Instruments) Hidden Native Instruments Rammfire (x32 Version: 2.0.0.4 - Native Instruments) Native Instruments Reaktor 5 (Version: 5.9.0.725 - Native Instruments) Hidden Native Instruments Reaktor 5 (x32 Version: 5.9.0.725 - Native Instruments) Native Instruments Reaktor Prism (Version: 1.4.0.3 - Native Instruments) Hidden Native Instruments Reaktor Prism (x32 Version: 1.4.0.3 - Native Instruments) Native Instruments Reaktor Spark R2 (Version: 1.1.0.004 - Native Instruments) Hidden Native Instruments Reaktor Spark R2 (x32 Version: - Native Instruments) Native Instruments Reflektor (Version: 2.0.0.1 - Native Instruments) Hidden Native Instruments Reflektor (x32 Version: 2.0.0.1 - Native Instruments) Native Instruments Rig Kontrol 3 Driver (Version: 3.1.0.761 - Native Instruments) Hidden Native Instruments Rig Kontrol 3 Driver (x32 Version: - Native Instruments) Native Instruments Scarbee MM-Bass (Version: 1.2.0.006 - Native Instruments) Hidden Native Instruments Scarbee MM-Bass (x32 Version: - Native Instruments) Native Instruments Scarbee Vintage Keys (Version: 1.1.0.002 - Native Instruments) Hidden Native Instruments Scarbee Vintage Keys (x32 Version: - Native Instruments) Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden Native Instruments Service Center (x32 Version: - Native Instruments) Native Instruments Studio Drummer (Version: 1.2.0.008 - Native Instruments) Hidden Native Instruments Studio Drummer (x32 Version: - Native Instruments) Native Instruments The Finger R2 (Version: 1.3.0.2 - Native Instruments) Hidden Native Instruments The Finger R2 (x32 Version: 1.3.0.2 - Native Instruments) Native Instruments Traktors 12 (Version: 2.0.0.2 - Native Instruments) Hidden Native Instruments Traktors 12 (x32 Version: 2.0.0.2 - Native Instruments) Native Instruments Transient Master (Version: 1.0.0.004 - Native Instruments) Hidden Native Instruments Transient Master (x32 Version: - Native Instruments) Native Instruments Upright Piano (Version: 1.3.0.004 - Native Instruments) Hidden Native Instruments Upright Piano (x32 Version: - Native Instruments) Native Instruments Vienna Concert Grand (Version: 1.3.0.003 - Native Instruments) Hidden Native Instruments Vienna Concert Grand (x32 Version: - Native Instruments) Native Instruments Vintage Organs (Version: 1.1.0.007 - Native Instruments) Hidden Native Instruments Vintage Organs (x32 Version: - Native Instruments) Native Instruments West Africa (Version: 1.1.0.004 - Native Instruments) Hidden Native Instruments West Africa (x32 Version: - Native Instruments) NVIDIA PhysX v8.10.29 (x32 Version: 8.10.29 - NVIDIA Corporation) OpenAL (x32 Version: - ) OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation) Path of Exile (x32 Version: 0.9.12.20068 - Grinding Gear Games) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden ProjectSAM Orchestral Essentials (Version: 1.0.0.003 - ProjectSAM) Hidden ProjectSAM Orchestral Essentials (x32 Version: - ProjectSAM) PunkBuster Services (x32 Version: 0.986 - Even Balance, Inc.) QuickTime (x32 Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482 - Realtek Semiconductor Corp.) ResultsAlpha (Version: 2014.02.10.054214 - ResultsAlpha) RocketDock 1.3.5 (x32 Version: - Punk Software) Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.) Star Wars JK II Jedi Outcast (x32 Version: - ) Star Wars The Old Republic (x32 Version: 7.0.0.15 - Bioware/EA) Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.) Steam (x32 Version: 1.0.0.0 - Valve Corporation) Steinberg Cubase LE AI Elements 6 64bit (Version: 6.0.7 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Vintage Beatboxes (x32 Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE 64bit (Version: 1.5.2 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE Content for Cubase LE AI Elements (x32 Version: 1.5.2.000 - Steinberg Media Technologies GmbH) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH) The Elder Scrolls V: Skyrim (x32 Version: - Bethesda Game Studios) Titan Poker (HKCU Version: - ) TubeOhm Alpha-Ray (x32 Version: - ) Ultima Online Second Age 5.0.8.3 (x32 Version: 5.0.8.3 - UO Second Age) Unknown Device Identifier 8.00 (Version: - Huntersoft) UO Auto-Map 9.0.0 (x32 Version: 9.0.0 - UOAM) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) ValhallaRoomDemo version 1.1.0 (x32 Version: 1.1.0 - Valhalla DSP, LLC) VLC media player 2.0.2 (Version: 2.0.2 - VideoLAN) Waves Complete V9r14 (x32 Version: 9.1.14 - Waves) Windows Utils (x32 Version: - ) WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH) World of Warcraft (x32 Version: - Blizzard Entertainment) XSplit Broadcaster (x32 Version: 1.3.1311.1201 - SplitMediaLabs) Yamaha Steinberg USB Driver (Version: 1.7.1 - Yamaha Corporation) Hidden Yamaha Steinberg USB Driver (x32 Version: 1.7.1 - Yamaha Corporation) ==================== Restore Points ========================= 23-01-2014 15:30:01 Geplanter Prüfpunkt 01-02-2014 10:04:31 Geplanter Prüfpunkt 09-02-2014 23:10:51 Installed Java SE Development Kit 7 Update 51 (64-bit) 09-02-2014 23:11:31 Installed Java 7 Update 51 (64-bit) ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0E1C7BED-8BF8-45CA-95D5-859A6B462CC0} - System32\Tasks\{907C207E-780E-4BD4-B49B-4D369E20813F} => E:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe Task: {174B5533-30A9-4189-B1B9-E26AC592C2C9} - System32\Tasks\{D3CD4E43-A759-427F-8C1C-B36DB8776016} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {20366983-4D87-492D-A47F-CBA04AEC9D4A} - System32\Tasks\{9BE986DA-017B-491F-92DA-232546ADAC76} => E:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe Task: {3418E80F-D684-48AE-B801-BF60C82CF416} - System32\Tasks\{99E895A5-D469-4F99-90CF-944D262F4A09} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603 Task: {453A502C-8FB8-4FE8-B99D-E531F13690DF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {527C2F23-4DF0-4700-B174-12A3D0EB42E8} - System32\Tasks\{584C1011-413C-40ED-BEE1-57F4EBAD1432} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {6FDA0C23-A5CB-487E-BA09-7C270774B2A6} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe [2012-01-13] () Task: {90BB570F-3263-4F48-910C-B540AB850980} - System32\Tasks\AdobeAAMUpdater-1.0-PCJD1234567-Ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {A1F7FDA7-14EB-475B-9A51-C0D5E8AFB6AA} - System32\Tasks\{F6A2398F-2F36-4E06-817F-0C90B46C8CF4} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {BF5C9CE8-5950-4A97-8240-3EA7B0149236} - System32\Tasks\{D1F477EB-BBAE-4A04-BC43-26FC40381F0F} => E:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe Task: {D494C0E9-42EF-4F7C-88F1-72322C3188D0} - System32\Tasks\{D42373C2-B3A5-43B5-946B-3029C0CF18E5} => E:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe Task: {E846506A-A31B-4490-89E5-6BCF8E98C011} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {EA85A216-F1FC-408D-A55D-2A55E9040CAE} - System32\Tasks\{CC6FC7C2-60BB-4722-850C-6DB1E8835435} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {FB1BBD2E-F8D4-46DB-B38B-777745E9A20C} - System32\Tasks\{A4BA9D83-B330-4959-985E-3FB05884264F} => E:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe Task: {FF8250B1-4027-4FC7-924F-2D81A30473C9} - System32\Tasks\AsrXTU => C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe [2012-03-06] () ==================== Loaded Modules (whitelisted) ============= 2012-07-05 21:05 - 2012-03-06 17:14 - 08238376 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe 2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2012-07-05 23:56 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2012-07-05 21:05 - 2012-01-13 14:47 - 01448744 _____ () C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe 2014-02-10 13:10 - 2014-02-10 13:10 - 00012800 _____ () C:\ProgramData\dlprotect.exe 2013-02-23 15:13 - 2013-02-23 15:06 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2012-08-03 17:32 - 2012-08-03 17:32 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-08-03 17:32 - 2012-08-03 17:32 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2012-07-05 21:05 - 2012-02-24 09:53 - 00094208 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL 2012-07-05 23:56 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2014-02-10 06:42 - 2014-02-10 06:42 - 00080160 _____ () C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe 2014-02-08 16:04 - 2014-02-08 16:04 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-02-06 11:08 - 2014-02-06 11:08 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll 2014-02-10 14:10 - 2014-02-10 14:10 - 00080160 _____ () C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/10/2014 00:35:47 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2014 11:20:29 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009b0c0 ID des fehlerhaften Prozesses: 0x142c Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 11:12:51 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009b0c0 ID des fehlerhaften Prozesses: 0x998 Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 10:46:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e41b ID des fehlerhaften Prozesses: 0x1438 Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 10:46:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000330bd ID des fehlerhaften Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 10:46:16 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000330bd ID des fehlerhaften Prozesses: 0x840 Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 10:46:00 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000330bd ID des fehlerhaften Prozesses: 0x1624 Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 10:45:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000330bd ID des fehlerhaften Prozesses: 0x590 Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 10:45:19 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000330bd ID des fehlerhaften Prozesses: 0x155c Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 Error: (02/09/2014 10:44:59 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: JElizaGtk.exe, Version: 2.2.0.158, Zeitstempel: 0x463dc2b8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000330bd ID des fehlerhaften Prozesses: 0xa6c Startzeit der fehlerhaften Anwendung: 0xJElizaGtk.exe0 Pfad der fehlerhaften Anwendung: JElizaGtk.exe1 Pfad des fehlerhaften Moduls: JElizaGtk.exe2 Berichtskennung: JElizaGtk.exe3 System errors: ============= Error: (02/01/2014 09:52:56 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (01/28/2014 06:31:58 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/28/2014 06:16:20 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/28/2014 06:16:20 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (01/24/2014 04:22:20 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/23/2014 02:42:09 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/22/2014 07:06:54 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/21/2014 02:26:24 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/15/2014 01:30:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Oxygen Audio Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/15/2014 01:30:33 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Oxygen Audio Device Monitor erreicht. Microsoft Office Sessions: ========================= Error: (02/10/2014 00:35:47 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2014 11:20:29 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8JElizaGtk.exe2.2.0.158463dc2b8c00000050009b0c0142c01cf25e4166d69c4C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Program Files (x86)\JEliza\JElizaGtk.exe61bc5593-91d8-11e3-aeb3-bc5ff438953c Error: (02/09/2014 11:12:51 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8JElizaGtk.exe2.2.0.158463dc2b8c00000050009b0c099801cf25e3688d48e1C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Program Files (x86)\JEliza\JElizaGtk.exe50301142-91d7-11e3-aeb3-bc5ff438953c Error: (02/09/2014 10:46:46 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8ntdll.dll6.1.7601.18247521ea8e7c00000050002e41b143801cf25e06ad72d97C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Windows\SysWOW64\ntdll.dllab6c25e6-91d3-11e3-aeb3-bc5ff438953c Error: (02/09/2014 10:46:30 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8ntdll.dll6.1.7601.18247521ea8e7c0000005000330bd133401cf25e061c4cf66C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Windows\SysWOW64\ntdll.dlla24db998-91d3-11e3-aeb3-bc5ff438953c Error: (02/09/2014 10:46:16 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8ntdll.dll6.1.7601.18247521ea8e7c0000005000330bd84001cf25e058f0daaeC:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Windows\SysWOW64\ntdll.dll99783e3b-91d3-11e3-aeb3-bc5ff438953c Error: (02/09/2014 10:46:00 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8ntdll.dll6.1.7601.18247521ea8e7c0000005000330bd162401cf25e04f97fc95C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Windows\SysWOW64\ntdll.dll90098de0-91d3-11e3-aeb3-bc5ff438953c Error: (02/09/2014 10:45:40 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8ntdll.dll6.1.7601.18247521ea8e7c0000005000330bd59001cf25e043c03270C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Windows\SysWOW64\ntdll.dll8464e26b-91d3-11e3-aeb3-bc5ff438953c Error: (02/09/2014 10:45:19 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8ntdll.dll6.1.7601.18247521ea8e7c0000005000330bd155c01cf25e0360fa9c0C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Windows\SysWOW64\ntdll.dll778875b5-91d3-11e3-aeb3-bc5ff438953c Error: (02/09/2014 10:44:59 PM) (Source: Application Error)(User: ) Description: JElizaGtk.exe2.2.0.158463dc2b8ntdll.dll6.1.7601.18247521ea8e7c0000005000330bda6c01cf25e02aec8c41C:\Program Files (x86)\JEliza\JElizaGtk.exeC:\Windows\SysWOW64\ntdll.dll6babc97e-91d3-11e3-aeb3-bc5ff438953c ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 8087.43 MB Available physical RAM: 6064.51 MB Total Pagefile: 16173.03 MB Available Pagefile: 13517.44 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:40.51 GB) NTFS Drive e: (Spiele/Daten) (Fixed) (Total:368.1 GB) (Free:171.32 GB) NTFS Drive f: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 842BB2C0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End Of Log ============================ beim runterladen von Shareware.de musste ich einen "installer" installieren, der installierte eben neben ResultsAlpha auch Search Protect. Search Protect habe ich bereits deinstalliert ResultsAlpha aber noch nicht. Scheinbar ist beides ziemlicher dreck, der wohl noch nicht wirklich vom PC runter ist. Folgendes trat seit der installation besagter Programme ein: - Firefox schließt sich jetzt ungefragt(bisher nur einmal) - Es öffnet sich öfter ein neuer Tab mit Werbung von Goodgame Empire. Vermutlich von ResultsAlpha. Das ResultsAlpha habe ich, wie gesagt, noch nicht deinstalliert. Sollte ich das zuerst tun? Das vorher in Firefox deaktivierte ResulstAlpha, hat sich mittlerweile schon wieder selbständig reaktiviert. + lollipop network hat sich auch mit installiert(ich hab das gerade hier auf dem trojaner-board gelesen und da viel es mir wieder ein Oo) + sorry für die konfuse Vorstellung hier, irgendwie poste ich hier alles kreuz und quer... |
11.02.2014, 11:32 | #4 |
/// the machine /// TB-Ausbilder | ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Hi, MBAM nochmal scannen, diesmal alle Funde löschen lassen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.02.2014, 13:35 | #5 |
| ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Hi, also soll ich vorher nicht ResulstAlpha per "Systemsteuerung->Programme und Funktionen" deinstallieren? |
11.02.2014, 19:18 | #6 |
/// the machine /// TB-Ausbilder | ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Kannste gerne versuchen
__________________ --> ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) |
11.02.2014, 21:36 | #7 |
| ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Moin, AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 11/02/2014 um 21:17:22 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Ich - PCJD1234567 # Gestartet von : C:\Users\Ich\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Ich\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\Ich\AppData\Local\lollipop Ordner Gelöscht : C:\Users\Ich\AppData\Local\Temp\OCS Datei Gelöscht : C:\END Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lollipop.lnk Datei Gelöscht : C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk Datei Gelöscht : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default\searchplugins\conduit-search.xml Datei Gelöscht : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKCU\Software\IGearSettings Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\powerpack ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Mozilla Firefox v27.0 (de) [ Datei : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search"); ************************* AdwCleaner[R0].txt - [3422 octets] - [11/02/2014 20:58:52] AdwCleaner[S0].txt - [2808 octets] - [11/02/2014 21:17:22] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2868 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows 7 Home Premium x64 Ran by Ich on 11.02.2014 at 21:23:33,05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] util resultsalpha Successfully deleted: [Service] util resultsalpha ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\onvzeuol.default\minidumps [228 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.02.2014 at 21:26:53,78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01 Ran by Ich (administrator) on PCJD1234567 on 11-02-2014 21:30:02 Running from C:\Users\Ich\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2012-07-05] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-07-05] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HF_G_Jul] - "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [NetFxUpdate_v1.1.4322] - "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [ASRockXTU] - [X] HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\MountPoints2: {8112dd65-3020-11e2-9147-bc5ff438953c} - F:\pushinst.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC921F7A2E25ACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-01] (BitRaider, LLC) R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-03] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2012-08-03] () ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-01] (BitRaider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-06] (DT Soft Ltd) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH) S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation) R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-11 21:30 - 2014-02-11 21:30 - 00010476 _____ () C:\Users\Ich\Desktop\FRST.txt 2014-02-11 21:29 - 2014-02-11 21:29 - 00000000 ____D () C:\Users\Ich\Desktop\FRST-OlderVersion 2014-02-11 21:23 - 2014-02-11 21:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 21:19 - 2014-02-11 21:19 - 00003028 _____ () C:\Windows\System32\Tasks\asrRd 2014-02-11 20:58 - 2014-02-11 21:17 - 00000000 ____D () C:\AdwCleaner 2014-02-11 20:42 - 2014-02-11 20:42 - 01037530 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-02-11 20:41 - 2014-02-11 20:41 - 01166132 _____ () C:\Users\Ich\Desktop\adwcleaner.exe 2014-02-11 02:26 - 2014-02-11 02:26 - 00000222 _____ () C:\Users\Ich\Desktop\▶ Quick ANT installation tutorial - YouTube.URL 2014-02-11 01:59 - 2014-02-11 14:04 - 00000000 ____D () C:\zed 2014-02-11 01:23 - 2014-02-11 01:23 - 131557792 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jdk-7u51-windows-x64.exe 2014-02-10 14:36 - 2014-02-11 21:30 - 00000000 ____D () C:\FRST 2014-02-10 14:35 - 2014-02-11 21:29 - 02151424 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Malwarebytes 2014-02-10 14:01 - 2014-02-10 14:01 - 00000798 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-10 14:01 - 2014-02-10 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-10 14:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-10 13:09 - 2014-02-10 13:09 - 00118784 _____ () C:\Windows\system32\pomstore.exe 2014-02-10 00:11 - 2014-02-11 01:17 - 00000000 ____D () C:\Program Files\Java 2014-02-10 00:11 - 2014-02-10 00:11 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-02-09 23:44 - 2014-02-10 00:17 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-02-09 23:44 - 2014-02-09 23:48 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\GitHub 2014-02-09 23:44 - 2014-02-09 23:48 - 00000000 ____D () C:\Users\Ich\AppData\Local\GitHub 2014-02-09 23:41 - 2014-02-10 00:17 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment 2014-02-09 23:41 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0 2014-02-08 22:53 - 2014-02-08 22:53 - 00000416 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.dat 2014-02-08 22:53 - 2014-02-08 22:52 - 00034358 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.bmp 2014-02-08 19:17 - 2014-02-09 23:01 - 00000000 ____D () C:\ProgramData\gtk-2.0 2014-02-08 16:04 - 2014-02-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-06 15:02 - 2014-02-11 19:13 - 00000000 ____D () C:\Users\Ich\Downloads\Chatbot 2014-02-06 14:28 - 2014-02-06 14:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\gtk-2.0 2014-02-06 14:25 - 2014-02-06 14:25 - 07101452 _____ (Tobias Schulz ) C:\Users\Ich\Downloads\jeliza-setup-2.2.2.exe 2014-02-03 22:04 - 2014-02-03 22:04 - 00000224 _____ () C:\Users\Ich\Desktop\Februar 2008 Das Leben ist ein Süßigkeitenladen.URL 2014-01-29 19:27 - 2014-01-29 19:27 - 00000222 _____ () C:\Users\Ich\Desktop\Professional Game Music Creation Tips & Avoiding Common Mistakes Aaron WALZ - YouTube.URL 2014-01-22 04:23 - 2014-01-22 04:23 - 00000221 _____ () C:\Users\Ich\Desktop\nl_Kripp - nolife Kripparrian -- HEARTHSTONE! Constructed Practice. Day 5 - Twitch.URL 2014-01-15 13:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-15 13:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-15 13:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-15 13:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-15 13:36 - 2014-01-15 13:37 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log ==================== One Month Modified Files and Folders ======= 2014-02-11 21:30 - 2014-02-11 21:30 - 00010476 _____ () C:\Users\Ich\Desktop\FRST.txt 2014-02-11 21:30 - 2014-02-10 14:36 - 00000000 ____D () C:\FRST 2014-02-11 21:29 - 2014-02-11 21:29 - 00000000 ____D () C:\Users\Ich\Desktop\FRST-OlderVersion 2014-02-11 21:29 - 2014-02-10 14:35 - 02151424 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2014-02-11 21:25 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-11 21:25 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-11 21:23 - 2014-02-11 21:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 21:19 - 2014-02-11 21:19 - 00003028 _____ () C:\Windows\System32\Tasks\asrRd 2014-02-11 21:19 - 2012-07-09 12:21 - 00002962 _____ () C:\Windows\System32\Tasks\AsrXTU 2014-02-11 21:19 - 2012-07-06 14:23 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-02-11 21:18 - 2013-09-30 11:34 - 00017465 _____ () C:\Windows\setupact.log 2014-02-11 21:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-11 21:17 - 2014-02-11 20:58 - 00000000 ____D () C:\AdwCleaner 2014-02-11 21:17 - 2012-07-05 11:32 - 01536952 _____ () C:\Windows\WindowsUpdate.log 2014-02-11 21:17 - 2012-07-05 11:29 - 00000000 ___RD () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-11 20:46 - 2013-10-02 13:29 - 00006628 _____ () C:\Windows\PFRO.log 2014-02-11 20:42 - 2014-02-11 20:42 - 01037530 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-02-11 20:41 - 2014-02-11 20:41 - 01166132 _____ () C:\Users\Ich\Desktop\adwcleaner.exe 2014-02-11 19:13 - 2014-02-06 15:02 - 00000000 ____D () C:\Users\Ich\Downloads\Chatbot 2014-02-11 14:04 - 2014-02-11 01:59 - 00000000 ____D () C:\zed 2014-02-11 02:26 - 2014-02-11 02:26 - 00000222 _____ () C:\Users\Ich\Desktop\▶ Quick ANT installation tutorial - YouTube.URL 2014-02-11 02:00 - 2012-07-09 14:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-02-11 01:23 - 2014-02-11 01:23 - 131557792 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jdk-7u51-windows-x64.exe 2014-02-11 01:17 - 2014-02-10 00:11 - 00000000 ____D () C:\Program Files\Java 2014-02-11 00:42 - 2014-01-08 14:55 - 00000000 ____D () C:\Users\Ich\AppData\Local\Battle.net 2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Malwarebytes 2014-02-10 14:01 - 2014-02-10 14:01 - 00000798 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-10 14:01 - 2014-02-10 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-10 13:09 - 2014-02-10 13:09 - 00118784 _____ () C:\Windows\system32\pomstore.exe 2014-02-10 00:17 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-02-10 00:17 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment 2014-02-10 00:11 - 2014-02-10 00:11 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-02-09 23:48 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\GitHub 2014-02-09 23:48 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Local\GitHub 2014-02-09 23:41 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0 2014-02-09 23:01 - 2014-02-08 19:17 - 00000000 ____D () C:\ProgramData\gtk-2.0 2014-02-09 17:05 - 2012-07-05 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-08 22:53 - 2014-02-08 22:53 - 00000416 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.dat 2014-02-08 22:53 - 2012-12-19 16:55 - 00131584 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe 2014-02-08 22:52 - 2014-02-08 22:53 - 00034358 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.bmp 2014-02-08 18:39 - 2012-07-05 11:29 - 00000000 ____D () C:\Users\Ich\AppData\Local\VirtualStore 2014-02-08 16:04 - 2014-02-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-08 01:18 - 2012-07-21 23:58 - 01780224 ___SH () C:\Users\Ich\Desktop\Thumbs.db 2014-02-07 00:32 - 2013-12-06 23:03 - 00000888 _____ () C:\Windows\LkmdfCoInst.log 2014-02-07 00:31 - 2012-07-06 00:24 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-02-06 14:28 - 2014-02-06 14:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\gtk-2.0 2014-02-06 14:25 - 2014-02-06 14:25 - 07101452 _____ (Tobias Schulz ) C:\Users\Ich\Downloads\jeliza-setup-2.2.2.exe 2014-02-06 11:08 - 2012-07-05 22:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 11:08 - 2012-07-05 22:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-03 22:04 - 2014-02-03 22:04 - 00000224 _____ () C:\Users\Ich\Desktop\Februar 2008 Das Leben ist ein Süßigkeitenladen.URL 2014-02-03 09:06 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-29 19:27 - 2014-01-29 19:27 - 00000222 _____ () C:\Users\Ich\Desktop\Professional Game Music Creation Tips & Avoiding Common Mistakes Aaron WALZ - YouTube.URL 2014-01-22 04:23 - 2014-01-22 04:23 - 00000221 _____ () C:\Users\Ich\Desktop\nl_Kripp - nolife Kripparrian -- HEARTHSTONE! Constructed Practice. Day 5 - Twitch.URL 2014-01-19 01:08 - 2012-07-09 12:25 - 00000000 ____D () C:\Users\Ich\Downloads\steinberg & NI & Plugins 2014-01-15 13:37 - 2014-01-15 13:36 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 13:37 - 2013-10-20 18:51 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-15 13:37 - 2012-07-17 15:50 - 00000000 ____D () C:\Program Files (x86)\Java Some content of TEMP: ==================== C:\Users\Ich\AppData\Local\Temp\avgnt.exe C:\Users\Ich\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Ich\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Ich\AppData\Local\Temp\Quarantine.exe C:\Users\Ich\AppData\Local\Temp\sdanircmdc.exe C:\Users\Ich\AppData\Local\Temp\sdapskill.exe C:\Users\Ich\AppData\Local\Temp\sdaspwn.exe C:\Users\Ich\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 17:51 ==================== End Of Log ============================ --- --- --- --- --- --- Danke Der- |
12.02.2014, 18:19 | #8 |
/// the machine /// TB-Ausbilder | ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat)ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.02.2014, 15:16 | #9 | |
| ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Moin, ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=cd89255cbb5a854c86a546e25b79fa43 # engine=17057 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-13 02:02:28 # local_time=2014-02-13 03:02:28 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 11253 162971453 4035 0 # compatibility_mode=5893 16776574 100 94 17625519 143929998 0 0 # scanned=245904 # found=2 # cleaned=0 # scan_time=3676 sh=58CFEDF66D7D8B1DE9E6F2EA924AE011BAF0E15F ft=1 fh=767e248b0629dd20 vn="a variant of Win32/AdWare.Lollipop.U application" ac=I fn="C:\Users\Ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\588MYRK5\LollipopInstaller_14837[1].exe" sh=C5D958659231B75BCEAF08D27634F4D77ACE488B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Ich\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\416527eb-7d02e9da" Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 51 Adobe Flash Player 12.0.0.44 Flash Player out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01 Ran by Ich (administrator) on PCJD1234567 on 13-02-2014 15:11:29 Running from C:\Users\Ich\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2012-07-05] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-07-05] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HF_G_Jul] - "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [NetFxUpdate_v1.1.4322] - "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [ASRockXTU] - [X] HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-4223253501-851222820-2093432639-1000\...\MountPoints2: {8112dd65-3020-11e2-9147-bc5ff438953c} - F:\pushinst.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC921F7A2E25ACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\onvzeuol.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-01] (BitRaider, LLC) R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-03] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2012-08-03] () ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-01] (BitRaider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-06] (DT Soft Ltd) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH) S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation) R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-13 15:11 - 2014-02-13 15:11 - 00010656 _____ () C:\Users\Ich\Desktop\FRST.txt 2014-02-13 15:11 - 2014-02-13 15:11 - 00000000 ____D () C:\Users\Ich\Desktop\FRST-OlderVersion 2014-02-13 15:08 - 2014-02-13 15:08 - 00987425 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe 2014-02-13 13:59 - 2014-02-13 13:59 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_enu.exe 2014-02-13 13:51 - 2014-02-13 13:51 - 00003028 _____ () C:\Windows\System32\Tasks\asrRd 2014-02-11 21:23 - 2014-02-11 21:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 20:58 - 2014-02-11 21:17 - 00000000 ____D () C:\AdwCleaner 2014-02-11 20:42 - 2014-02-11 20:42 - 01037530 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-02-11 20:41 - 2014-02-11 20:41 - 01166132 _____ () C:\Users\Ich\Desktop\adwcleaner.exe 2014-02-11 02:26 - 2014-02-11 02:26 - 00000222 _____ () C:\Users\Ich\Desktop\▶ Quick ANT installation tutorial - YouTube.URL 2014-02-11 01:59 - 2014-02-11 14:04 - 00000000 ____D () C:\zed 2014-02-11 01:23 - 2014-02-11 01:23 - 131557792 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jdk-7u51-windows-x64.exe 2014-02-10 14:36 - 2014-02-13 15:11 - 00000000 ____D () C:\FRST 2014-02-10 14:35 - 2014-02-13 15:11 - 02152448 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Malwarebytes 2014-02-10 14:01 - 2014-02-10 14:01 - 00000798 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-10 14:01 - 2014-02-10 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-10 14:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-10 13:09 - 2014-02-10 13:09 - 00118784 _____ () C:\Windows\system32\pomstore.exe 2014-02-10 00:11 - 2014-02-11 01:17 - 00000000 ____D () C:\Program Files\Java 2014-02-10 00:11 - 2014-02-10 00:11 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-02-09 23:44 - 2014-02-10 00:17 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-02-09 23:44 - 2014-02-09 23:48 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\GitHub 2014-02-09 23:44 - 2014-02-09 23:48 - 00000000 ____D () C:\Users\Ich\AppData\Local\GitHub 2014-02-09 23:41 - 2014-02-10 00:17 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment 2014-02-09 23:41 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0 2014-02-08 22:53 - 2014-02-08 22:53 - 00000416 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.dat 2014-02-08 22:53 - 2014-02-08 22:52 - 00034358 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.bmp 2014-02-08 19:17 - 2014-02-09 23:01 - 00000000 ____D () C:\ProgramData\gtk-2.0 2014-02-08 16:04 - 2014-02-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-06 15:02 - 2014-02-12 13:28 - 00000000 ____D () C:\Users\Ich\Downloads\Chatbot 2014-02-06 14:28 - 2014-02-06 14:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\gtk-2.0 2014-02-06 14:25 - 2014-02-06 14:25 - 07101452 _____ (Tobias Schulz ) C:\Users\Ich\Downloads\jeliza-setup-2.2.2.exe 2014-02-03 22:04 - 2014-02-03 22:04 - 00000224 _____ () C:\Users\Ich\Desktop\Februar 2008 Das Leben ist ein Süßigkeitenladen.URL 2014-01-29 19:27 - 2014-01-29 19:27 - 00000222 _____ () C:\Users\Ich\Desktop\Professional Game Music Creation Tips & Avoiding Common Mistakes Aaron WALZ - YouTube.URL 2014-01-22 04:23 - 2014-01-22 04:23 - 00000221 _____ () C:\Users\Ich\Desktop\nl_Kripp - nolife Kripparrian -- HEARTHSTONE! Constructed Practice. Day 5 - Twitch.URL 2014-01-15 13:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-15 13:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-15 13:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-15 13:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-15 13:36 - 2014-01-15 13:37 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log ==================== One Month Modified Files and Folders ======= 2014-02-13 15:11 - 2014-02-13 15:11 - 00010656 _____ () C:\Users\Ich\Desktop\FRST.txt 2014-02-13 15:11 - 2014-02-13 15:11 - 00000000 ____D () C:\Users\Ich\Desktop\FRST-OlderVersion 2014-02-13 15:11 - 2014-02-10 14:36 - 00000000 ____D () C:\FRST 2014-02-13 15:11 - 2014-02-10 14:35 - 02152448 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2014-02-13 15:08 - 2014-02-13 15:08 - 00987425 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe 2014-02-13 15:01 - 2012-07-06 14:23 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-02-13 13:59 - 2014-02-13 13:59 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_enu.exe 2014-02-13 13:57 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-13 13:57 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-13 13:53 - 2012-07-05 11:32 - 01584587 _____ () C:\Windows\WindowsUpdate.log 2014-02-13 13:51 - 2014-02-13 13:51 - 00003028 _____ () C:\Windows\System32\Tasks\asrRd 2014-02-13 13:51 - 2012-07-09 12:21 - 00002962 _____ () C:\Windows\System32\Tasks\AsrXTU 2014-02-13 13:50 - 2013-09-30 11:34 - 00018081 _____ () C:\Windows\setupact.log 2014-02-13 13:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-13 02:00 - 2012-07-09 14:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-02-13 01:39 - 2014-01-08 14:55 - 00000000 ____D () C:\Users\Ich\AppData\Local\Battle.net 2014-02-12 13:28 - 2014-02-06 15:02 - 00000000 ____D () C:\Users\Ich\Downloads\Chatbot 2014-02-11 21:23 - 2014-02-11 21:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 21:17 - 2014-02-11 20:58 - 00000000 ____D () C:\AdwCleaner 2014-02-11 21:17 - 2012-07-05 11:29 - 00000000 ___RD () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-11 20:46 - 2013-10-02 13:29 - 00006628 _____ () C:\Windows\PFRO.log 2014-02-11 20:42 - 2014-02-11 20:42 - 01037530 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-02-11 20:41 - 2014-02-11 20:41 - 01166132 _____ () C:\Users\Ich\Desktop\adwcleaner.exe 2014-02-11 14:04 - 2014-02-11 01:59 - 00000000 ____D () C:\zed 2014-02-11 02:26 - 2014-02-11 02:26 - 00000222 _____ () C:\Users\Ich\Desktop\▶ Quick ANT installation tutorial - YouTube.URL 2014-02-11 01:23 - 2014-02-11 01:23 - 131557792 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jdk-7u51-windows-x64.exe 2014-02-11 01:17 - 2014-02-10 00:11 - 00000000 ____D () C:\Program Files\Java 2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Malwarebytes 2014-02-10 14:01 - 2014-02-10 14:01 - 00000798 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-10 14:01 - 2014-02-10 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-10 13:09 - 2014-02-10 13:09 - 00118784 _____ () C:\Windows\system32\pomstore.exe 2014-02-10 00:17 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-02-10 00:17 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment 2014-02-10 00:11 - 2014-02-10 00:11 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-10 00:11 - 2014-02-10 00:11 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-02-09 23:48 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\GitHub 2014-02-09 23:48 - 2014-02-09 23:44 - 00000000 ____D () C:\Users\Ich\AppData\Local\GitHub 2014-02-09 23:41 - 2014-02-09 23:41 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0 2014-02-09 23:01 - 2014-02-08 19:17 - 00000000 ____D () C:\ProgramData\gtk-2.0 2014-02-09 17:05 - 2012-07-05 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-08 22:53 - 2014-02-08 22:53 - 00000416 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.dat 2014-02-08 22:53 - 2012-12-19 16:55 - 00131584 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe 2014-02-08 22:52 - 2014-02-08 22:53 - 00034358 _____ () C:\Windows\SysWOW64\SpoonUninstall-Aidan.bmp 2014-02-08 18:39 - 2012-07-05 11:29 - 00000000 ____D () C:\Users\Ich\AppData\Local\VirtualStore 2014-02-08 16:04 - 2014-02-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-08 01:18 - 2012-07-21 23:58 - 01780224 ___SH () C:\Users\Ich\Desktop\Thumbs.db 2014-02-07 00:32 - 2013-12-06 23:03 - 00000888 _____ () C:\Windows\LkmdfCoInst.log 2014-02-07 00:31 - 2012-07-06 00:24 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-02-06 14:28 - 2014-02-06 14:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\gtk-2.0 2014-02-06 14:25 - 2014-02-06 14:25 - 07101452 _____ (Tobias Schulz ) C:\Users\Ich\Downloads\jeliza-setup-2.2.2.exe 2014-02-06 11:08 - 2012-07-05 22:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 11:08 - 2012-07-05 22:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-03 22:04 - 2014-02-03 22:04 - 00000224 _____ () C:\Users\Ich\Desktop\Februar 2008 Das Leben ist ein Süßigkeitenladen.URL 2014-02-03 09:06 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-29 19:27 - 2014-01-29 19:27 - 00000222 _____ () C:\Users\Ich\Desktop\Professional Game Music Creation Tips & Avoiding Common Mistakes Aaron WALZ - YouTube.URL 2014-01-22 04:23 - 2014-01-22 04:23 - 00000221 _____ () C:\Users\Ich\Desktop\nl_Kripp - nolife Kripparrian -- HEARTHSTONE! Constructed Practice. Day 5 - Twitch.URL 2014-01-19 01:08 - 2012-07-09 12:25 - 00000000 ____D () C:\Users\Ich\Downloads\steinberg & NI & Plugins 2014-01-15 13:37 - 2014-01-15 13:36 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 13:37 - 2013-10-20 18:51 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-15 13:37 - 2012-07-17 15:50 - 00000000 ____D () C:\Program Files (x86)\Java Some content of TEMP: ==================== C:\Users\Ich\AppData\Local\Temp\avgnt.exe C:\Users\Ich\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Ich\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Ich\AppData\Local\Temp\Quarantine.exe C:\Users\Ich\AppData\Local\Temp\sdanircmdc.exe C:\Users\Ich\AppData\Local\Temp\sdapskill.exe C:\Users\Ich\AppData\Local\Temp\sdaspwn.exe C:\Users\Ich\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 17:51 ==================== End Of Log ============================ --- --- --- Zitat:
|
14.02.2014, 15:39 | #10 |
/// the machine /// TB-Ausbilder | ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Nur in den Temps Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe C:\ProgramData\dlprotect.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.02.2014, 19:13 | #11 |
| ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Moin, Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01 Ran by Ich at 2014-02-14 18:36:16 Run:1 Running from C:\Users\Ich\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe C:\ProgramData\dlprotect.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value deleted successfully. "C:\ProgramData\dlprotect.exe" => File/Directory not found. ==== End of Fixlog ==== Adobe Reader sowie Windows wurden aktualisiert. Den Anhang, wie ich mein System sicherer halten kann, werd ich mir die Tage mal genauer anschauen, danke dafür. Noch eine Frage bezürglich Registry cleanern: Ich benutze den CCleaner, allerdings habe ich bisher noch nicht die Funktion der Registry-bereinung genutzt... Ich benutze das Programm bisher auschließlich zum deinstallieren von Programmen und dem Bereinigen des Systems. Gibt es da eine bessere Alternative? Eine andere Frage wäre, wie wird man denn alte Registry-daten wieder los? Danke Der- |
15.02.2014, 18:00 | #12 |
/// the machine /// TB-Ausbilder | ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) Ccleaner kannste behalten für Temps und so, nur Finger weg von der Registry. Tools und Co entfernen ihre Reg Einträge schon selbst (meist), Überbleibsel in der Registry gibt es immer, aber die sind nit schlimm. Das Reinigen der Registry bringt Null Performance, dafür aber nur Probleme.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu ResultsAlpha entfernen(+ anderes Zeug was sich so unbemerkt über die Jahre angesammelt hat) |
administrator, adware.linkular, appdata, au_.exe, browser, entfernen, explorer, gelöscht, helper, install.exe, internet explorer, logfile, microsoft, programm, pup.optional.browsefox.a, pup.optional.conduit.a, pup.optional.netdata.a, pup.optional.opencandy, pup.optional.resultsalpha.a, pup.optional.sambreel.a, pup.optional.searchprotect.a, services, software, temp, unbemerkt, win32/adware.lollipop.u |