Benötige Analyse von Logdateien nach SpyHunter4-Entfernung (habe 6 Tools durchlaufen lassen)

Katja777

Hallo liebe Helfer,
ersteinmal: schön, dass es so ein Forum gibt! Danke dafür!

Ich habe mir SpyHunter4 eingefangen und bereits erfolgreich entfernt (glaube ich).
Daraufhin bin ich durch eure Seite auf verschiedene Tools aufmerksam geworden und habe diese heruntergeladen und durchlaufen lassen.

Nun möchte ich jemanden von euch bitten, sich die Logdateien dazu einmal anzusehen, da ich damit nicht wirklich etwas anfangen kann.

Ich habe folgende Tools benutzt:
-SpyHunterKiller
-adwCleaner
-JRT4
-MalwarebytesMalwareScanner
-FRST64
-TDSSKiller

Ich kopiere nun die verschiedenen Texdateien hier rein und würde mich sehr über ein Feedback dazu freuen

Grüße, Katja

AdwCleaner
________________

# AdwCleaner 7.0.4.0 - Logfile created on Mon Oct 30 14:57:07 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 10-28-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Chip, chip1click


***** [ Folders ] *****

PUP.Optional.Chip, C:\Program Files (x86)\Chip Digital GmbH
PUP.Optional.Chip, C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2982 B] - [2017/10/30 12:28:1]
C:/AdwCleaner/AdwCleaner[C1].txt - [1492 B] - [2017/10/30 12:42:1]
C:/AdwCleaner/AdwCleaner[S0].txt - [3072 B] - [2017/10/30 12:23:26]
C:/AdwCleaner/AdwCleaner[S1].txt - [1255 B] - [2017/10/30 12:41:4]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########



# AdwCleaner 7.0.4.0 - Logfile created on Mon Oct 30 15:06:32 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: chip1click


***** [ Folders ] *****

Deleted: C:\Program Files (x86)\Chip Digital GmbH
Deleted: C:\Windows\\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2982 B] - [2017/10/30 12:28:1]
C:/AdwCleaner/AdwCleaner[C1].txt - [1492 B] - [2017/10/30 12:42:1]
C:/AdwCleaner/AdwCleaner[S0].txt - [3072 B] - [2017/10/30 12:23:26]
C:/AdwCleaner/AdwCleaner[S1].txt - [1255 B] - [2017/10/30 12:41:4]
C:/AdwCleaner/AdwCleaner[S2].txt - [2134 B] - [2017/10/30 14:57:7]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Katja (Administrator) on 30.10.2017 at 13:49:40,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 40

Successfully deleted: C:\Users\Katja\AppData\Local\{18F58110-13BC-41DC-AA1D-0C2EEDF66C1D} (Empty Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\{39F9F514-E871-498D-A87B-F3B655FEE934} (Empty Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\{BF94A65C-C282-42F7-A4C0-D350E5861293} (Empty Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\{C119E72F-689D-4A32-9B42-FF241239D94E} (Empty Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\{FD6FBC16-9BB7-472C-9108-2ADCC298186D} (Empty Folder)
Successfully deleted: C:\Users\Katja\AppData\Roaming\pdfforge (Folder)
Successfully deleted: C:\Program Files (x86)\GUTC25B.tmp (File)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DSYHO2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8U1CI1IG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1YX9192 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AO1XMIO9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL06Y84U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7K4NO4H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q15G2LIM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCSYUNXG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYETRUK5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCNHYF2L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBKF7Y3R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZN68QXYA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DSYHO2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8U1CI1IG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1YX9192 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AO1XMIO9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL06Y84U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7K4NO4H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q15G2LIM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCSYUNXG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYETRUK5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCNHYF2L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBKF7Y3R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZN68QXYA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\REN30FF.tmp (File)

Deleted the following from C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\w79n8vv3.default\prefs.js
user_pref(browser.search.defaultenginename, Ixquick HTTPS);
user_pref(browser.search.order.1, Ask.com);
user_pref(browser.urlbar.suggest.searches, false);
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15109BDA-A765-4C36-8D7C-53BA50B3DE90} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.10.2017 at 13:55:49,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~