PC funktioniert grundlos (?) nicht richtig
hallo community,
seit letzter zeit spinnt mein pc ein wenig und ich habe keine ahnung warum...
(internet verbindet sporadisch/mit servern von programmen)
ja ich bin laie auf diesem gebiet :/
mein pc hier hatte schon mal denn bundestrojaner drauf
(eine veraltete version, mahmut.exe)
die ich aber zum glück selbst enfernen konnte
jetz habe ich mal mit hitmanpro einen check durchgeführt (logfiels unten)
wie gesagt ich bin eine laie auf dem gebiet und finde in denn logfiels nichts kritisches
wenn jemand bitte mal eben nen blick drüber werfen könnte währe ich sehr dankbar!!!
ich kenn mich wirklich nicht aus und würde das lieber in die hände eines profies übergeben!
logfiels von hitmanpro: Code:
HitmanPro 3.7.7.205
www.hitmanpro.com
Computer name . . . . : CHEF
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : CHEF\Admin
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-10-04 02:59:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 33s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 618
Objects scanned . . . : 1.941.499
Files scanned . . . . : 49.848
Remnants scanned . . : 621.571 files / 1.270.080 keys
Miniport ____________________________________________________________________
Primary
DriverObject . . . : FFFFFA8006B05500
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFFA80069E42C0 +0
Solution
DriverObject . . . : FFFFFA8006B05500
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF88000DDA4D8 \SystemRoot\system32\drivers\ataport.SYS+29912
Suspicious files ____________________________________________________________
C:\Users\Admin\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
Size . . . . . . . : 947.283 bytes
Age . . . . . . . : 872.4 days (2011-05-15 18:00:17)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Admin\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
Size . . . . . . . : 139.080 bytes
Age . . . . . . . : 872.4 days (2011-05-15 18:00:57)
Entropy . . . . . : 7.8
SHA-256 . . . . . : FAE59652245B6F30D2B5173E1EBC7079F8BBB1CBAC168BBF151AE81879F26AB7
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Potential Unwanted Programs _________________________________________________
C:\Users\Admin\AppData\Local\Conduit\ (Conduit)
C:\Users\Admin\AppData\Local\Conduit\CT2304157\ (Conduit)
C:\Users\Admin\AppData\Local\Conduit\CT2304157\XfireXOAutoUpdateHelper.exe (Conduit)
Size . . . . . . . : 1.829.776 bytes
Age . . . . . . . : 743.3 days (2011-09-21 20:04:15)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 26F4138AF51C66B7F3AE58637F9A29656CD43A031D06CAF3C9A2D1C31FDF9680
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 7.0
C:\Users\Admin\AppData\LocalLow\Conduit\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Feeds\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_700614_696475_DE.xml (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_DE.xml (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\ (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml (Conduit)
C:\Users\Admin\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en����������.xml (Conduit)
C:\Users\Admin\AppData\Roaming\DealPly\ (Delta Search)
C:\Users\Admin\AppData\Roaming\DealPly\UpdateProc\ (Delta Search)
C:\Users\Admin\AppData\Roaming\DealPly\UpdateProc\config.dat (Delta Search)
C:\Users\Admin\AppData\Roaming\DealPly\UpdateProc\src.dat (Delta Search)
C:\Users\Admin\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (Delta Search)
Size . . . . . . . : 91.024 bytes
Age . . . . . . . : 238.2 days (2013-02-07 23:22:34)
Entropy . . . . . : 6.5
SHA-256 . . . . . : AA80CB9B39FA479B08A67693ACD1A59BA8F13DCD35B644020210917B43B0C590
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -1.0
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\ (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome.manifest (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\ (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images\ (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images\dealplyIcon32.png (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences\ (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences\defaults.js (Delta Search)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\install.rdf (Delta Search)
HKLM\SOFTWARE\Classes\s\ (Softonic)
HKLM\SOFTWARE\Wow6432Node\DealPly\ (Delta Search)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje\ (Delta Search)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ (Delta Search)
HKU\S-1-5-21-1446313871-402721653-2806479947-1000\Software\AppDataLow\Software\Smartbar\ (Conduit)
HKU\S-1-5-21-1446313871-402721653-2806479947-1000\Software\DealPly\ (Delta Search)
HKU\S-1-5-21-1446313871-402721653-2806479947-1000\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje\ (Delta Search)
HKU\S-1-5-21-1446313871-402721653-2806479947-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ (Delta Search)
HKU\S-1-5-21-1446313871-402721653-2806479947-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JRD3F2Y2.txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KOHA0ZJQ.txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y4Z01Q6R.txt
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:adtech.de
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:advertising.com
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:apmebf.com
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:atdmt.com
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:doubleclick.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:invitemedia.com
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:media6degrees.com
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:mediaplex.com
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:revsci.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:track.adform.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9zxez7hz.default\cookies.sqlite:www.googleadservices.com
| 
FRST 32-Bit | FRST 64-Bit