Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ich habe ständig popups und mir wird gemeldet das mein pc bald abstürtzt etc. (https://www.trojaner-board.de/149826-habe-staendig-popups-mir-gemeldet-pc-bald-abstuertzt-etc.html)

Vayureyes 26.02.2014 17:55
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by Leo at 2014-02-25 18:42:53 Run:1
Running from C:\Users\Leo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
() C:\Program Files (x86)\best-markit\best-markit_wd.exe
() C:\Program Files (x86)\best-markit\best-markit153.exe
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 best-markit; C:\Program Files (x86)\best-markit\best-markit153.exe [181248 2014-02-13] ()
S2 InternetUpdater; "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" [X]
C:\ProgramData\InternetUpdater
2014-02-13 17:14 - 2014-02-21 22:03 - 00000378 _____ () C:\Windows\Tasks\best-markit Update.job
2014-02-13 17:14 - 2014-02-21 22:02 - 00000378 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-02-13 17:14 - 2014-02-13 17:14 - 00003022 _____ () C:\Windows\System32\Tasks\best-markit Update
2014-02-13 17:14 - 2014-02-13 17:14 - 00002962 _____ () C:\Windows\System32\Tasks\best-markit_wd
2014-02-13 17:14 - 2014-02-13 17:14 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\dlg
2014-02-13 17:14 - 2014-02-13 17:14 - 00000000 ____D () C:\Program Files (x86)\best-markit
2014-02-13 17:12 - 2014-02-13 17:12 - 00447376 _____ () C:\Users\Leo\Downloads\free+pdf+perfect_1.0.exe
Task: {918A4CC9-3DC8-46F9-A85F-B77E105AC8FB} - System32\Tasks\best-markit_wd => C:\Program Files (x86)\best-markit\best-markit_wd.exe [2014-02-13] ()
Task: {92282804-F8C8-40F3-ACE9-8EA477A19349} - System32\Tasks\best-markit Update => C:\Program Files (x86)\best-markit\bestup.exe [2014-02-13] ()
Task: C:\Windows\Tasks\best-markit Update.job => C:\Program Files (x86)\best-markit\bestup.exe
Task: C:\Windows\Tasks\best-markit_wd.job => C:\Program Files (x86)\best-markit\best-markit_wd.exe
C:\Program Files (x86)\best-markit
end
*****************

[1200] C:\Program Files (x86)\best-markit\best-markit_wd.exe => Process closed successfully.
[1908] C:\Program Files (x86)\best-markit\best-markit153.exe => Process closed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
best-markit => Service deleted successfully.
InternetUpdater => Service deleted successfully.
"C:\ProgramData\InternetUpdater" => File/Directory not found.
C:\Windows\Tasks\best-markit Update.job => Moved successfully.
C:\Windows\Tasks\best-markit_wd.job => Moved successfully.
C:\Windows\System32\Tasks\best-markit Update => Moved successfully.
C:\Windows\System32\Tasks\best-markit_wd => Moved successfully.
C:\Users\Leo\AppData\Roaming\dlg => Moved successfully.
C:\Program Files (x86)\best-markit => Moved successfully.
C:\Users\Leo\Downloads\free+pdf+perfect_1.0.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{918A4CC9-3DC8-46F9-A85F-B77E105AC8FB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{918A4CC9-3DC8-46F9-A85F-B77E105AC8FB} => Key deleted successfully.
C:\Windows\System32\Tasks\best-markit_wd not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\best-markit_wd => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92282804-F8C8-40F3-ACE9-8EA477A19349} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92282804-F8C8-40F3-ACE9-8EA477A19349} => Key deleted successfully.
C:\Windows\System32\Tasks\best-markit Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\best-markit Update => Key deleted successfully.
C:\Windows\Tasks\best-markit Update.job not found.
C:\Windows\Tasks\best-markit_wd.job not found.
"C:\Program Files (x86)\best-markit" => File/Directory not found.


The system needs a manual reboot.

==== End of Fixlog ====

SystemLook 30.07.11 by jpshortstuff
Log created at 17:45 on 26/02/2014 by Leo
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "best-markit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ae30b672-f2e9-4834-a57b-a64c8ae3e88c]
"DisplayName"="best-markit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ae30b672-f2e9-4834-a57b-a64c8ae3e88c]
"Publisher"="best-markit Software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ae30b672-f2e9-4834-a57b-a64c8ae3e88c]
"UninstallString"="C:\Program Files (x86)\best-markit\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\best-markit]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\best-markit]
"ImagePath"="C:\Program Files (x86)\best-markit\best-markit153.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\best-markit]
"DisplayName"="best-markit"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\best-markit]
"Description"="best-markit"

Searching for "InternetUpdater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater]
"DisplayIcon"="C:\ProgramData\InternetUpdater\InternetUpdater.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater]
"UninstallString"="C:\ProgramData\InternetUpdater\uninstall.exe /kb=y /ic=2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\InternetUpdater]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\InternetUpdater]
"ImagePath"=""C:\ProgramData\InternetUpdater\InternetUpdaterService.exe""

Searching for "Internet Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater]
"DisplayName"="Internet Updater"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\InternetUpdater]
"DisplayName"="Internet Updater"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\InternetUpdater]
"Description"="Provides system level support for Internet Updater."

Searching for "FileParade"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller]
"DisplayName"="FileParade bundle uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller]
"UninstallString"=""C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=FileParade bundle uninstaller" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=FileParade" "/searchProvider=a different""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller]
"Publisher"="FileParade"

Searching for "Websteroids"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller]
"AppsToRemoveList"="Optimizer Pro v3.2, PhotoScape, Search Protect, Updater, Websteroids"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller]
"SweetProducts"=""C:\Program Files (x86)\Optimizer Pro\unins000.exe"@@@"C:\Program Files (x86)\PhotoScape\uninstall.exe"@@@"C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe" /S@@@C:\ProgramData\Websteroids\uninstall.exe /kb=y /ic=2@@@C:\ProgramData\Updater\Uninstall.exe /ic=U2@@@"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids]
"DisplayIcon"="C:\ProgramData\Websteroids\Websteroids.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids]
"DisplayName"="Websteroids"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids]
"HelpLink"="hxxp://www.websteroidsapp.com/about.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids]
"UninstallString"="C:\ProgramData\Websteroids\uninstall.exe /kb=y /ic=2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}]
"HelpLink"="hxxp://www.websteroidsapp.com/about.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
"ad"="websteroidsapp.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]
"ad"="websteroidsapp.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
"ad"="websteroidsapp.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]
"ad"="websteroidsapp.com"

-= EOF =-


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014 01
Ran by Leo (administrator) on LEO-PC on 26-02-2014 17:49:48
Running from C:\Users\Leo\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1377883589-1084565505-2771288482-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1377883589-1084565505-2771288482-1001\...\Policies\system: [DisableLockWorkstation] 0
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x52994848A6EFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-19]
CHR Extension: (Google Drive) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-19]
CHR Extension: (YouTube) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-19]
CHR Extension: (Google-Suche) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-19]
CHR Extension: (Google Wallet) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Google Mail) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-19]

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2014-02-13] (soft Xpansion)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 17:48 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\Leo\Desktop\FRST-OlderVersion
2014-02-26 17:45 - 2014-02-26 17:46 - 00010046 _____ () C:\Users\Leo\Downloads\SystemLook.txt
2014-02-26 17:44 - 2014-02-26 17:44 - 00139264 _____ () C:\Users\Leo\Downloads\SystemLook.exe
2014-02-25 22:06 - 2014-02-25 22:06 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-25 22:06 - 2014-02-25 22:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-25 14:24 - 2014-02-25 14:24 - 00381424 _____ () C:\Users\Leo\Downloads\Setup.exe
2014-02-21 22:52 - 2014-02-21 22:52 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 22:34 - 2014-02-26 17:50 - 00007465 _____ () C:\Users\Leo\Desktop\FRST.txt
2014-02-21 22:33 - 2014-02-21 22:33 - 00013028 _____ () C:\Users\Leo\Desktop\Addition.txt
2014-02-21 22:04 - 2014-02-25 18:41 - 00000000 ____D () C:\Users\Leo\Downloads\FRST-OlderVersion
2014-02-18 23:02 - 2014-02-18 23:02 - 00005951 _____ () C:\Users\Leo\Desktop\zoek-results.txt
2014-02-18 22:58 - 2014-02-18 22:49 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-18 22:50 - 2014-02-18 23:01 - 00005951 _____ () C:\zoek-results.log
2014-02-18 22:49 - 2014-02-18 22:57 - 00000000 ____D () C:\zoek_backup
2014-02-18 22:47 - 2014-02-18 22:47 - 01284608 _____ () C:\Users\Leo\Desktop\zoek.exe
2014-02-18 22:35 - 2014-02-18 22:35 - 00000971 _____ () C:\Users\Leo\Desktop\JRT.txt
2014-02-18 22:29 - 2014-02-18 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 22:27 - 2014-02-18 22:27 - 01037530 _____ (Thisisu) C:\Users\Leo\Desktop\JRT.exe
2014-02-18 22:23 - 2014-02-18 22:23 - 00004125 _____ () C:\Users\Leo\Desktop\AdwCleaner[S0].txt
2014-02-18 22:19 - 2014-02-18 22:21 - 00000000 ____D () C:\AdwCleaner
2014-02-18 22:19 - 2014-02-18 22:19 - 01241834 _____ () C:\Users\Leo\Desktop\adwcleaner 1.exe
2014-02-17 18:32 - 2014-02-17 18:32 - 00030699 _____ () C:\ComboFix.txt
2014-02-16 20:58 - 2014-02-16 20:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-16 20:58 - 2014-02-16 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-16 20:57 - 2014-02-16 20:57 - 13697720 _____ (Microsoft Corporation) C:\Users\Leo\Downloads\mseinstall.exe
2014-02-16 14:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-16 14:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-16 14:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-16 14:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-16 14:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-16 14:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-16 14:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-16 14:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-16 14:54 - 2014-02-17 18:34 - 00000000 ____D () C:\Qoobox
2014-02-16 14:54 - 2014-02-17 18:23 - 00000000 ____D () C:\Windows\erdnt
2014-02-16 14:52 - 2014-02-16 20:29 - 05183112 ____R (Swearware) C:\Users\Leo\Desktop\ComboFix.exe
2014-02-16 00:01 - 2014-02-21 22:06 - 00013028 _____ () C:\Users\Leo\Downloads\Addition.txt
2014-02-15 23:59 - 2014-02-26 17:49 - 00000000 ____D () C:\FRST
2014-02-15 23:59 - 2014-02-26 17:48 - 02155008 _____ (Farbar) C:\Users\Leo\Desktop\FRST64.exe
2014-02-15 23:59 - 2014-02-21 22:06 - 00034594 _____ () C:\Users\Leo\Downloads\FRST.txt
2014-02-15 23:56 - 2014-02-15 23:56 - 01141248 _____ (Farbar) C:\Users\Leo\Downloads\FRST.exe.z4041e3.partial
2014-02-13 17:17 - 2014-02-15 18:21 - 00000000 ____D () C:\ProgramData\Freemium
2014-02-13 17:17 - 2014-02-13 17:17 - 00010464 _____ () C:\Windows\SysWOW64\sx_p2d.tlb
2014-02-13 16:59 - 2014-02-13 16:59 - 00072512 _____ () C:\Users\Leo\Downloads\Zertifikat.odt
2014-02-13 16:45 - 2014-02-15 18:16 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-02-13 16:01 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 16:01 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 16:01 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 16:01 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 16:01 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 16:01 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 16:01 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 16:01 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 16:01 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 16:01 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 16:01 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 16:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 16:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 16:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 16:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 16:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 16:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 16:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 16:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 16:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 16:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 16:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 16:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 16:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 16:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 16:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 16:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 16:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 16:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 16:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 16:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 16:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 16:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 16:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 16:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 16:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 16:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 16:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 16:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 16:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 16:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 15:25 - 2014-02-13 16:57 - 00072512 _____ () C:\Users\Leo\Desktop\Zertifikat.odt
2014-02-13 13:33 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 13:33 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 13:33 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 13:33 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 13:33 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 13:33 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 13:33 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 13:33 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 13:33 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 13:33 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 13:33 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 13:33 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 13:33 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 13:33 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 13:33 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 13:33 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 13:33 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 13:33 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 13:33 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 13:33 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 13:33 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 13:33 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 13:33 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 13:33 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 13:33 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 13:33 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 13:33 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 13:33 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-07 14:47 - 2014-02-07 14:47 - 00024724 _____ () C:\Users\Leo\Documents\Leons%20Anschreiben%20vw.doc_0.odt
2014-02-06 18:32 - 2014-02-06 18:32 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\OpenOffice
2014-02-06 17:39 - 2014-02-06 17:39 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-06 17:39 - 2014-02-06 17:39 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-02-06 17:34 - 2014-02-06 17:34 - 00000000 ____D () C:\Users\Leo\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-02-06 17:33 - 2014-02-06 17:34 - 163606685 _____ () C:\Users\Leo\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-02-01 14:32 - 2014-02-01 14:32 - 00016384 ____H () C:\Users\Leo\Desktop\photothumb.db
2014-01-31 10:45 - 2014-02-25 22:06 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-01-31 10:45 - 2014-02-25 22:06 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-01-31 10:45 - 2014-02-25 22:06 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-01-31 10:45 - 2014-01-31 10:54 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\PhotoScape
2014-01-31 10:45 - 2014-01-31 10:45 - 00001035 _____ () C:\Users\Leo\Desktop\PhotoScape.lnk
2014-01-31 10:44 - 2014-01-31 10:45 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-01-31 10:44 - 2014-01-31 10:44 - 00000000 ____D () C:\Users\Leo\Downloads\PhotoScape_TSV236ZBM
2014-01-31 10:44 - 2014-01-31 10:44 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Mozilla
2014-01-31 10:42 - 2014-01-31 10:42 - 00657840 _____ (Conduit) C:\Users\Leo\Downloads\PhotoScape_TSV236ZBM.exe
2014-01-31 10:38 - 2014-02-13 17:06 - 00000000 ____D () C:\Users\Leo\Desktop\fotos
2014-01-31 10:38 - 2014-01-31 10:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2014-02-26 17:50 - 2014-02-21 22:34 - 00007465 _____ () C:\Users\Leo\Desktop\FRST.txt
2014-02-26 17:49 - 2014-02-15 23:59 - 00000000 ____D () C:\FRST
2014-02-26 17:48 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\Leo\Desktop\FRST-OlderVersion
2014-02-26 17:48 - 2014-02-15 23:59 - 02155008 _____ (Farbar) C:\Users\Leo\Desktop\FRST64.exe
2014-02-26 17:46 - 2014-02-26 17:45 - 00010046 _____ () C:\Users\Leo\Downloads\SystemLook.txt
2014-02-26 17:44 - 2014-02-26 17:44 - 00139264 _____ () C:\Users\Leo\Downloads\SystemLook.exe
2014-02-26 17:42 - 2013-12-15 23:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 17:31 - 2011-04-12 08:43 - 00699440 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 17:31 - 2011-04-12 08:43 - 00149548 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 17:31 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 17:30 - 2013-12-02 22:32 - 01836925 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 16:52 - 2013-12-16 17:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-25 22:15 - 2012-03-14 13:50 - 00019082 _____ () C:\Windows\setupact.log
2014-02-25 22:10 - 2013-12-15 23:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-25 22:06 - 2014-02-25 22:06 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-25 22:06 - 2014-02-25 22:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-25 22:06 - 2014-01-31 10:45 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-02-25 22:06 - 2014-01-31 10:45 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-02-25 22:06 - 2014-01-31 10:45 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-02-25 18:42 - 2013-12-15 23:25 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 18:41 - 2014-02-21 22:04 - 00000000 ____D () C:\Users\Leo\Downloads\FRST-OlderVersion
2014-02-25 14:24 - 2014-02-25 14:24 - 00381424 _____ () C:\Users\Leo\Downloads\Setup.exe
2014-02-24 12:49 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 12:49 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 12:42 - 2013-12-08 22:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-24 12:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 22:52 - 2014-02-21 22:52 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 22:52 - 2013-12-16 17:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 22:52 - 2013-12-16 17:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 22:52 - 2013-12-16 17:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 22:33 - 2014-02-21 22:33 - 00013028 _____ () C:\Users\Leo\Desktop\Addition.txt
2014-02-21 22:06 - 2014-02-16 00:01 - 00013028 _____ () C:\Users\Leo\Downloads\Addition.txt
2014-02-21 22:06 - 2014-02-15 23:59 - 00034594 _____ () C:\Users\Leo\Downloads\FRST.txt
2014-02-18 23:02 - 2014-02-18 23:02 - 00005951 _____ () C:\Users\Leo\Desktop\zoek-results.txt
2014-02-18 23:01 - 2014-02-18 22:50 - 00005951 _____ () C:\zoek-results.log
2014-02-18 23:01 - 2010-11-21 04:47 - 00029454 _____ () C:\Windows\PFRO.log
2014-02-18 22:57 - 2014-02-18 22:49 - 00000000 ____D () C:\zoek_backup
2014-02-18 22:49 - 2014-02-18 22:58 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-18 22:47 - 2014-02-18 22:47 - 01284608 _____ () C:\Users\Leo\Desktop\zoek.exe
2014-02-18 22:35 - 2014-02-18 22:35 - 00000971 _____ () C:\Users\Leo\Desktop\JRT.txt
2014-02-18 22:29 - 2014-02-18 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 22:27 - 2014-02-18 22:27 - 01037530 _____ (Thisisu) C:\Users\Leo\Desktop\JRT.exe
2014-02-18 22:23 - 2014-02-18 22:23 - 00004125 _____ () C:\Users\Leo\Desktop\AdwCleaner[S0].txt
2014-02-18 22:21 - 2014-02-18 22:19 - 00000000 ____D () C:\AdwCleaner
2014-02-18 22:19 - 2014-02-18 22:19 - 01241834 _____ () C:\Users\Leo\Desktop\adwcleaner 1.exe
2014-02-17 18:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 18:37 - 2013-12-15 23:25 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 18:37 - 2013-12-15 23:25 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 18:34 - 2014-02-16 14:54 - 00000000 ____D () C:\Qoobox
2014-02-17 18:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-17 18:32 - 2014-02-17 18:32 - 00030699 _____ () C:\ComboFix.txt
2014-02-17 18:23 - 2014-02-16 14:54 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 17:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-17 12:44 - 2013-12-15 23:25 - 00000000 ____D () C:\Program Files\Google
2014-02-17 12:44 - 2013-12-15 23:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-17 01:04 - 2013-12-08 21:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 01:03 - 2012-03-14 12:42 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 20:58 - 2014-02-16 20:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-16 20:58 - 2014-02-16 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-16 20:58 - 2013-12-09 03:05 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-02-16 20:57 - 2014-02-16 20:57 - 13697720 _____ (Microsoft Corporation) C:\Users\Leo\Downloads\mseinstall.exe
2014-02-16 20:29 - 2014-02-16 14:52 - 05183112 ____R (Swearware) C:\Users\Leo\Desktop\ComboFix.exe
2014-02-15 23:56 - 2014-02-15 23:56 - 01141248 _____ (Farbar) C:\Users\Leo\Downloads\FRST.exe.z4041e3.partial
2014-02-15 18:21 - 2014-02-13 17:17 - 00000000 ____D () C:\ProgramData\Freemium
2014-02-15 18:16 - 2014-02-13 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-02-15 18:16 - 2013-12-15 23:25 - 00000000 ____D () C:\Users\Leo\AppData\Local\Google
2014-02-13 17:17 - 2014-02-13 17:17 - 00010464 _____ () C:\Windows\SysWOW64\sx_p2d.tlb
2014-02-13 17:06 - 2014-01-31 10:38 - 00000000 ____D () C:\Users\Leo\Desktop\fotos
2014-02-13 16:59 - 2014-02-13 16:59 - 00072512 _____ () C:\Users\Leo\Downloads\Zertifikat.odt
2014-02-13 16:57 - 2014-02-13 15:25 - 00072512 _____ () C:\Users\Leo\Desktop\Zertifikat.odt
2014-02-13 16:03 - 2013-12-08 22:21 - 01593980 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-07 14:47 - 2014-02-07 14:47 - 00024724 _____ () C:\Users\Leo\Documents\Leons%20Anschreiben%20vw.doc_0.odt
2014-02-07 12:30 - 2013-12-03 00:24 - 00064024 _____ () C:\Users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-07 12:29 - 2009-07-14 05:45 - 00294712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-06 18:32 - 2014-02-06 18:32 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\OpenOffice
2014-02-06 17:39 - 2014-02-06 17:39 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-06 17:39 - 2014-02-06 17:39 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-02-06 17:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-06 17:34 - 2014-02-06 17:34 - 00000000 ____D () C:\Users\Leo\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-02-06 17:34 - 2014-02-06 17:33 - 163606685 _____ () C:\Users\Leo\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-02-06 13:16 - 2014-02-13 16:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 16:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 16:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 16:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 16:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 16:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 16:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 16:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 16:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 16:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 16:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 16:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 16:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 16:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 16:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 16:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 16:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 16:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 16:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 16:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 16:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 16:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 16:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 16:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 16:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 16:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 16:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 16:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 16:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 16:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 16:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 16:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 16:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 16:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 16:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-01 14:32 - 2014-02-01 14:32 - 00016384 ____H () C:\Users\Leo\Desktop\photothumb.db
2014-01-31 10:54 - 2014-01-31 10:45 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\PhotoScape
2014-01-31 10:45 - 2014-01-31 10:45 - 00001035 _____ () C:\Users\Leo\Desktop\PhotoScape.lnk
2014-01-31 10:45 - 2014-01-31 10:44 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-01-31 10:44 - 2014-01-31 10:44 - 00000000 ____D () C:\Users\Leo\Downloads\PhotoScape_TSV236ZBM
2014-01-31 10:44 - 2014-01-31 10:44 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Mozilla
2014-01-31 10:42 - 2014-01-31 10:42 - 00657840 _____ (Conduit) C:\Users\Leo\Downloads\PhotoScape_TSV236ZBM.exe
2014-01-31 10:38 - 2014-01-31 10:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 20:39

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

tja und ob alles weg ist oder nicht kann ich jetzt gerade noch nicht beurteilen... würde ich aber bi smorgen beobachten und dann nochmal mitteilen ok??

M-K-D-B 26.02.2014 20:42
Servus,



Zitat:
Zitat von Vayureyes (Beitrag 1259005)
tja und ob alles weg ist oder nicht kann ich jetzt gerade noch nicht beurteilen... würde ich aber bi smorgen beobachten und dann nochmal mitteilen ok??

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ae30b672-f2e9-4834-a57b-a64c8ae3e88c" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}" /f
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Vayureyes 28.02.2014 13:10
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by Leo at 2014-02-28 12:54:25 Run:2
Running from C:\Users\Leo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ae30b672-f2e9-4834-a57b-a64c8ae3e88c" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}" /f
end

*****************


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ae30b672-f2e9-4834-a57b-a64c8ae3e88c" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASAPI32" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InternetUpdaterService_RASMANCS" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


==== End of Fixlog ====

Code:
HitmanPro 3.7.9.212
www.hitmanpro.com

  Computer name . . . . : LEO-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Leo-PC\Leo
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2014-02-28 12:59:16
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 4m 30s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 2
  Traces  . . . . . . . : 93

  Objects scanned . . . : 1.060.268
  Files scanned . . . . : 28.665
  Remnants scanned  . . : 265.860 files / 765.743 keys

Malware _____________________________________________________________________

  C:\Users\Leo\Desktop\Alte Dateien\Downloads\SweetIMSetup.exe -> Deleted
      Size . . . . . . . : 460.048 bytes
      Age  . . . . . . . : 87.5 days (2013-12-03 01:33:08)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 8FE47F1DB732BD4C4B69FA065600418504D5942553A7BB60954FDE5309340E4E
      Product  . . . . . : SweetIM by SweetPacks
      Publisher  . . . . : SweetIM Technologies Ltd.
      Description  . . . : SweetIM Installer by SweetPacks
      Version  . . . . . : 2.5.0.3
      Copyright  . . . . : Copyright © 2011 SweetIM Technologies Ltd.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > G Data . . . . . . : Trojan.Generic.9720627
    > Bitdefender  . . . : Trojan.Generic.9720627
      Fuzzy  . . . . . . : 101.0

  C:\Users\Leo\Downloads\Setup.exe -> Deleted
      Size . . . . . . . : 381.424 bytes
      Age  . . . . . . . : 2.9 days (2014-02-25 14:24:00)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 21158B8CD16462EA4AFFA0301436586AA70EC50BEB73065EE36CCDC7B8D387FC
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.MSIL.DomaIQ.ahyq
      Fuzzy  . . . . . . : 101.0
      Forensic Cluster
        -2.7s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0017c6
        -2.2s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0017c7
        -0.6s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0017c8
        -0.6s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\
        -0.6s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\
        -0.6s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG
        -0.6s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG.old
        -0.5s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK
        -0.5s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
        -0.4s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\
        -0.4s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\
        -0.4s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\
        -0.4s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\LOG
        -0.4s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\LOCK
        -0.4s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
        -0.3s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000003.log
        -0.3s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000002
        -0.3s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\.usage
        -0.2s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\
        -0.2s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000
          0.0s C:\Users\Leo\Downloads\Setup.exe
          2.0s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0017c9
          2.2s C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0017ca


Cookies _____________________________________________________________________

  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:3276817.fls.doubleclick.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.livelyrics00.live-lyrics.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adplxmd.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.eurogrand.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.us.e-planning.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertizenet.rotator.hadj7.adjuggler.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:cunda.122.2o7.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.pgmediaserve.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:solutions.tradedoubler.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.gmonitor.aliimg.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tjx.112.2o7.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adcocktail.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.de
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
  C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\0LC4AKQV.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\49RCS20J.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\518LOCPR.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\7CEFMAUP.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\9RYR7DRI.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\A6ZP8FXY.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\BQ1RUIQR.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\E20EH0H7.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\FIQ4MNVC.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\FK7JKSU6.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\KS4G1YFM.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\LJW5JGXU.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\N5G1SWUH.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\OOU30UR5.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\PLWYHG2D.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\QFEE2FGU.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\QJXK1VBA.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\RA101DNR.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\TIYO3931.txt
  C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\ZJQU6MNJ.txt

M-K-D-B 28.02.2014 20:47
Servus,


fehlt noch die Logdatei von ESET und SecurityCheck.

M-K-D-B 05.03.2014 14:54
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:05 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19