| TorstenTroll | 06.10.2013 21:21 |
Mein erster Beitrag besteht aus den Log Dateien von Malwarebytes.
Junkware Removal Tool : Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x64
Ran by Kevin on 06.10.2013 at 20:00:32,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.10.2013 at 20:00:33,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST :
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Leck_mich_Trojaner (ATTENTION: The logged in user is not administrator) on KEVIN-PC on 06-10-2013 20:03:16
Running from C:\Users\Leck_mich_Trojaner\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Windows\DAODx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() C:\Program Files (x86)\SkyMonk\SkyMonk.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
() C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Farbar) C:\Users\Leck_mich_Trojaner\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [LXCECATS] - rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCEtime.dll,RunDLLEntry
HKLM\...\Run: [lxcemon.exe] - C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe [205744 2007-05-17] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe [103344 2007-05-17] (Lexmark International Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-06-20] (Hewlett-Packard Company)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-11] ()
HKCU\...\Run: [SkyMonk] - C:\Program Files (x86)\SkyMonk\SkyMonk.exe [372224 2012-02-07] ()
HKCU\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5470488 2013-09-19] (Piriform Ltd)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [QFan Help] - C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe [888960 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2010-10-28] (Nero AG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UnlockerAssistant] - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-02-09] (Geek Software GmbH)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PixelRuler.lnk
ShortcutTarget: PixelRuler.lnk -> C:\Program Files (x86)\PixelRuler\PixelRuler.exe (pixelruler.de)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD3243BEB0A3ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: (No Name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
SearchScopes: HKLM-x32 - {02166DC2-0C79-438e-817F-4BBFBAC6399B} URL =
SearchScopes: HKLM-x32 - {4C5CF529-E4C9-4cbe-870B-7F52496E9E6E} URL =
SearchScopes: HKLM-x32 - {8A6CF4AE-A2A3-44b4-B6D2-7ED0AEAD75D4} URL =
SearchScopes: HKCU - {02166DC2-0C79-438e-817F-4BBFBAC6399B} URL =
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=F48100FF254140D9
SearchScopes: HKCU - {4C5CF529-E4C9-4cbe-870B-7F52496E9E6E} URL =
SearchScopes: HKCU - {8A6CF4AE-A2A3-44b4-B6D2-7ED0AEAD75D4} URL =
SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: MailRuBHO Class - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Leck_mich_Trojaner\AppData\Roaming\Mozilla\Firefox\Profiles\8ptbgn4v.default
FF NewTab: hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=F48100FF254140D9
FF SearchEngineOrder.1: Delta Search
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=F48100FF254140D9
FF Keyword.URL: hxxp://go.mail.ru/search?fr=fftb&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 - C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll (FileLab)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Leck_mich_Trojaner\AppData\Roaming\Mozilla\Firefox\Profiles\8ptbgn4v.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml
Chrome:
=======
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (YouTube) - C:\Users\LECK_M~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\LECK_M~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\LECK_M~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (One Piece Theme) - C:\Users\LECK_M~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkhkehkllpkocgnlbkmpkcicednmbfnp\2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\LECK_M~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-04] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lxce_device; C:\Windows\system32\lxcecoms.exe [566704 2007-03-08] ( )
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-10-06] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-10-06] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 tenCapture; C:\Windows\System32\DRIVERS\tenCapture.sys [23736 2012-07-20] (Hajo Krabbenhöft)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-06 20:02 - 2013-10-06 20:03 - 00000625 _____ C:\Users\Leck_mich_Trojaner\Desktop\LoOL.txt
2013-10-06 20:01 - 2013-10-06 20:01 - 00000625 _____ C:\Users\Kevin\Desktop\JRT2.txt
2013-10-06 20:00 - 2013-10-06 20:00 - 00000625 _____ C:\Users\Kevin\Desktop\JRT.txt
2013-10-06 19:52 - 2013-10-06 19:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 19:52 - 2013-10-06 19:52 - 01045226 _____ C:\Users\Leck_mich_Trojaner\Downloads\adwcleaner.exe
2013-10-06 19:52 - 2013-10-06 19:52 - 01032220 _____ (Thisisu) C:\Users\Leck_mich_Trojaner\Downloads\JRT.exe
2013-10-06 14:55 - 2013-10-06 15:08 - 00020223 _____ C:\Users\Leck_mich_Trojaner\Downloads\Addition.txt
2013-10-06 14:53 - 2013-10-06 14:53 - 01954124 _____ (Farbar) C:\Users\Leck_mich_Trojaner\Downloads\FRST64 (1).exe
2013-10-06 14:53 - 2013-10-06 14:53 - 00000000 ____D C:\FRST
2013-10-06 14:51 - 2013-10-06 14:51 - 01954124 _____ (Farbar) C:\Users\Leck_mich_Trojaner\Downloads\FRST64.exe
2013-10-06 03:45 - 2013-10-06 19:57 - 00000224 _____ C:\Windows\setupact.log
2013-10-06 03:45 - 2013-10-06 03:45 - 00212164 _____ C:\Windows\PFRO.log
2013-10-06 03:45 - 2013-10-06 03:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 03:34 - 2008-10-08 20:08 - 00515584 _____ (GridinSoft) C:\Users\Leck_mich_Trojaner\Desktop\chmdecoder.exe
2013-10-06 03:26 - 2013-10-06 03:26 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-06 03:21 - 2013-10-06 03:48 - 00000000 ____D C:\Users\Leck_mich_Trojaner\Documents\Chameleon gear
2013-10-06 03:21 - 2013-10-06 03:21 - 01440846 _____ C:\Users\Leck_mich_Trojaner\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2013-10-06 03:20 - 2013-10-06 03:20 - 01440846 _____ C:\Users\Leck_mich_Trojaner\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-10-06 03:07 - 2013-10-06 03:07 - 00064996 _____ C:\Users\Kevin\Documents\cc_20131006_030702.reg
2013-10-06 03:04 - 2013-10-06 03:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-06 03:03 - 2013-10-06 03:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-06 03:03 - 2013-10-06 03:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-06 03:03 - 2013-10-06 03:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-06 03:03 - 2013-10-06 03:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-06 02:57 - 2013-10-06 02:57 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-06 02:56 - 2013-10-06 02:57 - 00000000 ____D C:\Program Files\CCleaner
2013-10-06 02:56 - 2013-10-06 02:56 - 00913832 _____ (Oracle Corporation) C:\Users\Leck_mich_Trojaner\Downloads\chromeinstall-7u40.exe
2013-10-06 02:46 - 2013-10-06 02:46 - 03294168 _____ (Piriform Ltd) C:\Users\Leck_mich_Trojaner\Downloads\ccsetup406_slim.exe
2013-10-06 02:40 - 2013-10-06 02:40 - 02828552 _____ (AVAST Software) C:\Users\Kevin\Downloads\avast-browser-cleanup.exe
2013-10-06 02:39 - 2013-10-06 02:39 - 00913832 _____ (Oracle Corporation) C:\Users\Kevin\Downloads\chromeinstall-7u40 (1).exe
2013-10-06 02:12 - 2013-10-06 02:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-06 02:10 - 2013-10-06 03:04 - 00000000 ____D C:\ProgramData\Oracle
2013-10-06 02:10 - 2013-10-06 03:03 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-06 02:08 - 2013-10-06 02:34 - 00000000 ____D C:\Users\Kevin\Desktop\mbar
2013-10-06 02:07 - 2013-10-06 02:07 - 01970848 _____ C:\Users\Kevin\Downloads\winrar-x64-500.exe
2013-10-06 02:06 - 2013-10-06 02:06 - 00913832 _____ (Oracle Corporation) C:\Users\Kevin\Downloads\chromeinstall-7u40.exe
2013-10-06 02:03 - 2013-10-06 02:04 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Leck_mich_Trojaner\Downloads\mbar-1.07.0.1005.exe
2013-10-06 02:02 - 2013-10-06 02:02 - 00204496 _____ (Malwarebytes) C:\Users\Leck_mich_Trojaner\Downloads\startuplite-setup-1.07.exe
2013-10-06 01:54 - 2013-10-06 01:54 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-06 01:54 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-06 01:53 - 2013-10-06 01:53 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-06 01:53 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-06 01:53 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-06 01:53 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-06 01:53 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-06 01:53 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-06 01:53 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-06 01:53 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-06 01:53 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-06 01:52 - 2013-10-06 01:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-06 01:52 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-06 01:47 - 2013-10-06 01:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-06 01:40 - 2013-10-06 01:46 - 131918888 _____ C:\Users\Leck_mich_Trojaner\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-10-06 01:37 - 2013-10-06 01:37 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Roaming\Malwarebytes
2013-10-06 01:32 - 2013-10-06 01:33 - 00007941 _____ C:\Users\Leck_mich_Trojaner\Desktop\My own fucking amazing Malware list.txt
2013-10-05 23:43 - 2013-10-05 23:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-05 23:43 - 2013-10-05 23:43 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Malwarebytes
2013-10-05 23:43 - 2013-10-05 23:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-05 23:43 - 2013-10-05 23:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 23:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-05 23:39 - 2013-10-05 23:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leck_mich_Trojaner\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Users\Kevin\AppData\Local\ArcSoft
2013-10-05 14:28 - 2013-10-06 02:59 - 00000000 ____D C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2013-10-05 01:52 - 2013-10-05 01:52 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-10-05 01:52 - 2013-10-05 01:52 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-10-05 01:52 - 2013-10-05 01:52 - 00000000 ____D C:\Riot Games
2013-10-05 01:50 - 2013-10-05 01:53 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Roaming\Riot Games
2013-10-05 01:18 - 2013-10-05 01:38 - 34888568 _____ (Riot Games) C:\Users\Leck_mich_Trojaner\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-10-04 17:25 - 2013-10-04 17:25 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Local\LogMeIn
2013-10-04 17:25 - 2013-10-04 17:25 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-04 13:18 - 2013-10-04 13:18 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Local\Apps\2.0
2013-10-03 23:06 - 2013-10-03 23:06 - 00000961 _____ C:\Users\Kevin\Desktop\HyperCam 2.lnk
2013-10-03 23:06 - 2013-10-03 23:06 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2013-10-03 23:06 - 2013-10-03 23:06 - 00000000 ____D C:\Program Files (x86)\HyperCam 2
2013-10-03 23:05 - 2013-10-03 23:06 - 05401856 _____ C:\Users\Leck_mich_Trojaner\Downloads\HC228SetDE.exe
2013-10-03 14:45 - 2013-10-03 14:45 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-01 20:39 - 2013-10-01 20:39 - 00114466 _____ C:\Users\Leck_mich_Trojaner\Downloads\MF87419.jpeg
2013-09-27 21:21 - 2013-09-27 21:22 - 00000011 _____ C:\Users\Leck_mich_Trojaner\Desktop\wichtige geburtstage.txt
2013-09-22 09:55 - 2013-09-22 10:07 - 247862628 _____ C:\Users\Leck_mich_Trojaner\Downloads\Patapon_2_USA_PSP-pSyPSP.rar
2013-09-22 09:16 - 2013-09-22 09:33 - 354391928 _____ C:\Users\Leck_mich_Trojaner\Downloads\Patapon_3_USA_PSP-BAHAMUT.rar
2013-09-20 22:45 - 2013-09-20 22:46 - 10857603 _____ C:\Users\Leck_mich_Trojaner\Downloads\jpcsp-1772-windows-x86.7z
2013-09-11 23:23 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 23:23 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 23:23 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 23:23 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 23:23 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 23:23 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 23:23 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 23:23 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 23:23 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 23:23 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 23:23 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 23:23 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 23:23 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 23:23 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 19:12 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 19:12 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 19:12 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 19:12 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 19:12 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 19:12 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 19:12 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 19:12 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 19:12 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 19:12 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 19:12 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 19:12 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 19:12 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 19:12 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 19:12 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 19:12 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 19:12 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 19:12 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 19:12 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 19:12 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 19:12 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 19:12 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 19:12 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 19:12 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 19:12 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 19:12 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 14:51 - 2013-09-10 14:51 - 00000021 _____ C:\Users\Leck_mich_Trojaner\Downloads\Download (1).htm
2013-09-08 17:01 - 2013-09-08 17:16 - 00024617 _____ C:\Users\Public\Documents\Robin.odt
==================== One Month Modified Files and Folders =======
2013-10-06 20:03 - 2013-10-06 20:02 - 00000625 _____ C:\Users\Leck_mich_Trojaner\Desktop\LoOL.txt
2013-10-06 20:03 - 2013-07-28 13:43 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Local\PMB Files
2013-10-06 20:03 - 2013-07-09 11:48 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Local\LogMeIn Hamachi
2013-10-06 20:01 - 2013-10-06 20:01 - 00000625 _____ C:\Users\Kevin\Desktop\JRT2.txt
2013-10-06 20:00 - 2013-10-06 20:00 - 00000625 _____ C:\Users\Kevin\Desktop\JRT.txt
2013-10-06 20:00 - 2011-10-11 05:05 - 01579387 _____ C:\Windows\WindowsUpdate.log
2013-10-06 19:57 - 2013-10-06 03:45 - 00000224 _____ C:\Windows\setupact.log
2013-10-06 19:57 - 2013-03-26 15:55 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 19:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 19:56 - 2009-07-14 06:45 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 19:56 - 2009-07-14 06:45 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 19:55 - 2013-10-06 19:52 - 00000000 ____D C:\AdwCleaner
2013-10-06 19:55 - 2011-10-10 11:27 - 00000507 ____H C:\dvmexp.idx
2013-10-06 19:52 - 2013-10-06 19:52 - 01045226 _____ C:\Users\Leck_mich_Trojaner\Downloads\adwcleaner.exe
2013-10-06 19:52 - 2013-10-06 19:52 - 01032220 _____ (Thisisu) C:\Users\Leck_mich_Trojaner\Downloads\JRT.exe
2013-10-06 19:31 - 2013-01-14 17:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 19:23 - 2013-03-26 15:55 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 17:24 - 2013-06-01 13:58 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Roaming\Skype
2013-10-06 15:08 - 2013-10-06 14:55 - 00020223 _____ C:\Users\Leck_mich_Trojaner\Downloads\Addition.txt
2013-10-06 14:53 - 2013-10-06 14:53 - 01954124 _____ (Farbar) C:\Users\Leck_mich_Trojaner\Downloads\FRST64 (1).exe
2013-10-06 14:53 - 2013-10-06 14:53 - 00000000 ____D C:\FRST
2013-10-06 14:51 - 2013-10-06 14:51 - 01954124 _____ (Farbar) C:\Users\Leck_mich_Trojaner\Downloads\FRST64.exe
2013-10-06 03:48 - 2013-10-06 03:21 - 00000000 ____D C:\Users\Leck_mich_Trojaner\Documents\Chameleon gear
2013-10-06 03:45 - 2013-10-06 03:45 - 00212164 _____ C:\Windows\PFRO.log
2013-10-06 03:45 - 2013-10-06 03:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 03:45 - 2011-10-10 23:40 - 00000000 ____D C:\ProgramData\Norton
2013-10-06 03:34 - 2013-05-27 14:53 - 00000000 ____D C:\Users\Leck_mich_Trojaner\Downloads\Album2
2013-10-06 03:26 - 2013-10-06 03:26 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-06 03:21 - 2013-10-06 03:21 - 01440846 _____ C:\Users\Leck_mich_Trojaner\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2013-10-06 03:20 - 2013-10-06 03:20 - 01440846 _____ C:\Users\Leck_mich_Trojaner\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-10-06 03:19 - 2013-07-26 15:15 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Roaming\BitTorrent
2013-10-06 03:19 - 2013-05-30 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-06 03:19 - 2013-04-23 18:09 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Local\CrashDumps
2013-10-06 03:07 - 2013-10-06 03:07 - 00064996 _____ C:\Users\Kevin\Documents\cc_20131006_030702.reg
2013-10-06 03:04 - 2013-10-06 02:10 - 00000000 ____D C:\ProgramData\Oracle
2013-10-06 03:03 - 2013-10-06 03:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-06 03:03 - 2013-10-06 03:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-06 03:03 - 2013-10-06 03:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-06 03:03 - 2013-10-06 03:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-06 03:03 - 2013-10-06 03:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-06 03:03 - 2013-10-06 02:10 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-06 03:03 - 2011-12-12 15:03 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-06 03:02 - 2011-10-28 15:27 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2013-10-06 02:59 - 2013-10-05 14:28 - 00000000 ____D C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2013-10-06 02:59 - 2012-01-22 21:34 - 00000000 ____D C:\Windows\Minidump
2013-10-06 02:59 - 2011-10-25 15:27 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype
2013-10-06 02:59 - 2011-10-11 22:29 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\TS3Client
2013-10-06 02:59 - 2011-10-11 06:02 - 00000000 ____D C:\Windows\Panther
2013-10-06 02:57 - 2013-10-06 02:57 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-06 02:57 - 2013-10-06 02:56 - 00000000 ____D C:\Program Files\CCleaner
2013-10-06 02:56 - 2013-10-06 02:56 - 00913832 _____ (Oracle Corporation) C:\Users\Leck_mich_Trojaner\Downloads\chromeinstall-7u40.exe
2013-10-06 02:46 - 2013-10-06 02:46 - 03294168 _____ (Piriform Ltd) C:\Users\Leck_mich_Trojaner\Downloads\ccsetup406_slim.exe
2013-10-06 02:40 - 2013-10-06 02:40 - 02828552 _____ (AVAST Software) C:\Users\Kevin\Downloads\avast-browser-cleanup.exe
2013-10-06 02:39 - 2013-10-06 02:39 - 00913832 _____ (Oracle Corporation) C:\Users\Kevin\Downloads\chromeinstall-7u40 (1).exe
2013-10-06 02:34 - 2013-10-06 02:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-06 02:34 - 2013-10-06 02:08 - 00000000 ____D C:\Users\Kevin\Desktop\mbar
2013-10-06 02:07 - 2013-10-06 02:07 - 01970848 _____ C:\Users\Kevin\Downloads\winrar-x64-500.exe
2013-10-06 02:07 - 2011-11-05 12:51 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-10-06 02:07 - 2011-11-05 12:46 - 00000000 ____D C:\Program Files\WinRAR
2013-10-06 02:06 - 2013-10-06 02:06 - 00913832 _____ (Oracle Corporation) C:\Users\Kevin\Downloads\chromeinstall-7u40.exe
2013-10-06 02:04 - 2013-10-06 02:03 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Leck_mich_Trojaner\Downloads\mbar-1.07.0.1005.exe
2013-10-06 02:02 - 2013-10-06 02:02 - 00204496 _____ (Malwarebytes) C:\Users\Leck_mich_Trojaner\Downloads\startuplite-setup-1.07.exe
2013-10-06 01:54 - 2013-10-06 01:54 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-06 01:53 - 2013-10-06 01:53 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-06 01:52 - 2013-10-06 01:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-06 01:52 - 2013-10-06 01:47 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-06 01:46 - 2013-10-06 01:40 - 131918888 _____ C:\Users\Leck_mich_Trojaner\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-10-06 01:37 - 2013-10-06 01:37 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Roaming\Malwarebytes
2013-10-06 01:33 - 2013-10-06 01:32 - 00007941 _____ C:\Users\Leck_mich_Trojaner\Desktop\My own fucking amazing Malware list.txt
2013-10-06 01:32 - 2012-01-20 13:59 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 01:32 - 2012-01-20 13:58 - 00000000 ____D C:\Users\Gast
2013-10-06 01:32 - 2012-01-11 20:40 - 00000000 __SHD C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}
2013-10-06 01:32 - 2011-10-10 10:10 - 00000000 ___RD C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-05 23:43 - 2013-10-05 23:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-05 23:43 - 2013-10-05 23:43 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Malwarebytes
2013-10-05 23:43 - 2013-10-05 23:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-05 23:43 - 2013-10-05 23:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 23:40 - 2013-10-05 23:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leck_mich_Trojaner\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-05 14:34 - 2011-10-11 18:18 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Users\Kevin\AppData\Local\ArcSoft
2013-10-05 14:29 - 2013-08-03 00:57 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\ArcSoft
2013-10-05 14:29 - 2011-10-11 18:18 - 00000000 ____D C:\Users\Kevin\AppData\Local\PMB Files
2013-10-05 14:28 - 2011-10-10 10:11 - 00001421 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-05 14:28 - 2011-10-10 10:10 - 00000000 ___RD C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-05 14:27 - 2011-10-10 10:10 - 00000000 ____D C:\Users\Kevin
2013-10-05 01:53 - 2013-10-05 01:50 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Roaming\Riot Games
2013-10-05 01:52 - 2013-10-05 01:52 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-10-05 01:52 - 2013-10-05 01:52 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-10-05 01:52 - 2013-10-05 01:52 - 00000000 ____D C:\Riot Games
2013-10-05 01:38 - 2013-10-05 01:18 - 34888568 _____ (Riot Games) C:\Users\Leck_mich_Trojaner\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-10-05 01:14 - 2011-10-10 11:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-04 17:25 - 2013-10-04 17:25 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Local\LogMeIn
2013-10-04 17:25 - 2013-10-04 17:25 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-04 13:22 - 2013-06-11 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-04 13:18 - 2013-10-04 13:18 - 00000000 ____D C:\Users\Leck_mich_Trojaner\AppData\Local\Apps\2.0
2013-10-04 13:10 - 2011-10-12 20:48 - 00000000 ____D C:\Program Files\Lx_cats
2013-10-03 23:06 - 2013-10-03 23:06 - 00000961 _____ C:\Users\Kevin\Desktop\HyperCam 2.lnk
2013-10-03 23:06 - 2013-10-03 23:06 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2013-10-03 23:06 - 2013-10-03 23:06 - 00000000 ____D C:\Program Files (x86)\HyperCam 2
2013-10-03 23:06 - 2013-10-03 23:05 - 05401856 _____ C:\Users\Leck_mich_Trojaner\Downloads\HC228SetDE.exe
2013-10-03 14:45 - 2013-10-03 14:45 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-01 20:39 - 2013-10-01 20:39 - 00114466 _____ C:\Users\Leck_mich_Trojaner\Downloads\MF87419.jpeg
2013-09-28 22:25 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-27 21:22 - 2013-09-27 21:21 - 00000011 _____ C:\Users\Leck_mich_Trojaner\Desktop\wichtige geburtstage.txt
2013-09-25 21:38 - 2011-04-12 09:43 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-09-25 21:38 - 2011-04-12 09:43 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-09-25 21:38 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-22 10:07 - 2013-09-22 09:55 - 247862628 _____ C:\Users\Leck_mich_Trojaner\Downloads\Patapon_2_USA_PSP-pSyPSP.rar
2013-09-22 09:33 - 2013-09-22 09:16 - 354391928 _____ C:\Users\Leck_mich_Trojaner\Downloads\Patapon_3_USA_PSP-BAHAMUT.rar
2013-09-21 14:28 - 2013-03-26 15:57 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-20 22:46 - 2013-09-20 22:45 - 10857603 _____ C:\Users\Leck_mich_Trojaner\Downloads\jpcsp-1772-windows-x86.7z
2013-09-20 21:31 - 2013-01-14 17:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 21:31 - 2011-10-11 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 19:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 08:28 - 2013-04-15 20:55 - 00000000 ___RD C:\Users\Leck_mich_Trojaner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 08:28 - 2013-04-15 20:55 - 00000000 ___RD C:\Users\Leck_mich_Trojaner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 08:27 - 2009-07-14 06:45 - 00323824 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 23:23 - 2013-08-14 02:34 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 23:21 - 2011-11-09 01:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 14:51 - 2013-09-10 14:51 - 00000021 _____ C:\Users\Leck_mich_Trojaner\Downloads\Download (1).htm
2013-09-08 17:16 - 2013-09-08 17:01 - 00024617 _____ C:\Users\Public\Documents\Robin.odt
ZeroAccess:
C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}
C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}\@
C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}\U\00000004.@
C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}\U\80000000.@
C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}\L\00000004.@
C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}\L\1afb2d56
C:\Users\Gast\AppData\Local\{baa52d28-0bd6-1df6-bf93-8ed8b3b2c3f0}\L\4cce1f70
Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
C:\ProgramData\8995108.bat
C:\ProgramData\8995108.pad
C:\ProgramData\8995108.reg
C:\ProgramData\c_0_lpt.pad
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kevin\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Addition : Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Leck_mich_Trojaner at 2013-10-06 20:04:15
Running from C:\Users\Leck_mich_Trojaner\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader 9.1 - Deutsch (x32 Version: 9.1.0)
Age of Empires II: HD Edition (x32)
AI Suite (x32 Version: 1.06.20)
AKVIS Magnifier (x32 Version: 6.0.1006.8910)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.1109.2212.39826)
AMD Media Foundation Decoders (Version: 1.0.61109.2218)
AMD USB Filter Driver (x32 Version: 1.0.15.94)
AMD VISION Engine Control Center (x32 Version: 2011.1109.2212.39826)
Amnesia: The Dark Descent (x32)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.15.182)
Arma 2 (x32)
Arma 2: Operation Arrowhead (x32)
ASUSUpdate (x32 Version: 7.18.03)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
AVS Audio Editor 7.1 (x32 Version: 7.1.6.484)
BattlEye for OA Uninstall (x32)
BitTorrent (HKCU Version: 7.8.1.29813)
BurnAware Free 4.3 (x32)
CastleStorm (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1109.2212.39826)
Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826)
CCC Help English (x32 Version: 2011.1109.2211.39826)
ccc-utility64 (Version: 2011.1109.2212.39826)
CCleaner (Version: 4.06)
Cool & Quiet (x32)
CyberGhost VPN
DayZ Commander (x32 Version: 0.92.85)
EPU (x32 Version: 1.02.20)
Fallout 3 (HKCU Version: 1.00.0000)
FileLab Plugin 1.1.33 (x32 Version: 1.1.33)
FINAL FANTASY XIV - A Realm Reborn (x32 Version: 1.0.0000)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.0.0.20)
Free Studio version 5.3.2 (x32)
Free Video to DVD Converter version 5.0.3.1206 (x32)
Free YouTube Download version 3.0.19.1206 (x32)
Garry's Mod (x32)
Google Chrome (x32 Version: 29.0.1547.76)
Google SketchUp 8 (x32 Version: 3.0.4993)
GPU Boost Driver (x32 Version: 1.01.15)
HyperCam 2 (x32 Version: 2.28.01)
IDroo 1.0.0.154 (x32 Version: 1.0.0.154)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
JDownloader 0.9 (x32 Version: 0.9)
JMicron JMB36X Driver (x32 Version: 1.00.0000)
League of Legends (x32 Version: 3.0.1)
Left 4 Dead 2 (x32)
Left 4 Dead 2 Beta (x32)
Lexmark 4300 Series
LightScribe System Software (x32 Version: 1.18.24.1)
LogMeIn Hamachi (x32 Version: 2.2.0.58)
LOLReplay (x32 Version: 0.8.2.2)
MAGIX Foto Designer 7 (x32 Version: 7.0.1.1)
MAGIX Music Maker 2008 13.0.0.16 (D) (x32 Version: 13.0.0.16)
MAGIX PC Visit (x32 Version: 4.3.6.1987)
Mail.Ru Спутник 2.4.0.504 (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 1.2.0241)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft XML Parser (x32 Version: 8.0.7820.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mufin MusicFinder 1.0.0.217 (D) (x32 Version: 1.0.0.217)
Nero BackItUp 10 (x32 Version: 5.6.11300.14.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10000)
Nero BackItUp and Burn Essentials (x32 Version: 10.5.10200)
Nero BurnRights 10 (x32 Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Control Center 10 (x32 Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.19900.9.11)
Nero Express 10 (x32 Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200)
Nero RescueAgent 10 (x32 Version: 3.2.10800.9.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 11.0.10623.22.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Organ Trail: Director's Cut (x32)
Paint XP version 1.1 (x32 Version: 1.1)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (x32 Version: 2.3.6.0)
PC Inspector File Recovery (x32 Version: 4.0)
PC Probe II (x32 Version: 1.04.86)
PCSX2 - Playstation 2 Emulator (x32)
PDF24 Creator 4.4.0 (x32)
PixelRuler v9.0.0.0 (x32)
PlayClaw 4 (x32 Version: 4)
Project64 1.6 (x32 Version: 1.6)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6037)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
SkyMonk Client (x32 Version: 1.63)
Skype™ 6.3 (x32 Version: 6.3.107)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
Tinypic 3.18 (x32 Version: Tinypic 3.18)
TurboV EVO (x32 Version: 1.02.32)
Unlocker 1.9.1 (x32 Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
VLC media player 1.1.11 (x32 Version: 1.1.11)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
XviD4PSP 5.0 (x32 Version: 5.0.37.8 r132)
==================== Restore Points =========================
Could not list Restore Points.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2011-11-09 23:08 - 2011-11-09 23:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-11-09 23:10 - 2011-11-09 23:10 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/06/2013 07:59:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/06/2013 02:40:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (10/06/2013 03:47:29 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:29 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (10/06/2013 03:47:28 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:28 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/06/2013 03:47:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/06/2013 03:47:42 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (10/06/2013 03:47:42 AM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (10/06/2013 03:47:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/06/2013 03:47:39 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (10/06/2013 03:47:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/06/2013 03:47:38 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (10/06/2013 03:47:39 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (10/06/2013 03:47:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/06/2013 03:47:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Microsoft Office Sessions:
=========================
Error: (10/06/2013 07:59:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/06/2013 02:40:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2013 03:47:32 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (10/06/2013 03:47:29 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (10/06/2013 03:47:29 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (10/06/2013 03:47:28 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (10/06/2013 03:47:28 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
CodeIntegrity Errors:
===================================
Date: 2012-01-20 13:40:32.343
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 13:40:32.333
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 13:40:32.323
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 13:40:32.313
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 13:40:18.623
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 13:40:18.613
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 13:40:18.603
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 13:40:18.593
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 4094.18 MB
Available physical RAM: 2669.17 MB
Total Pagefile: 8186.54 MB
Available Pagefile: 6543.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:722.33 GB) NTFS
Drive e: (SYSTEM) (Fixed) (Total:68.36 GB) (Free:43.79 GB) NTFS
Drive f: (DATEN) (Fixed) (Total:80.69 GB) (Free:11.65 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Gruß, Thorsten Troll
Adw Cleaner : Code:
# AdwCleaner v3.006 - Bericht erstellt am 06/10/2013 um 19:53:06
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Kevin - KEVIN-PC
# Gestartet von : C:\Users\Leck_mich_Trojaner\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : BCUService
Dienst Gefunden : DvmMDES
Dienst Gefunden : StumbleUponUpdater
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gefunden : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\bb7c8ssn.default\user.js
Datei Gefunden : C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gefunden : C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gefunden : C:\Users\Kevin\Desktop\QuickStores.url
Datei Gefunden : C:\Users\Leck_mich_Trojaner\AppData\Roaming\Mozilla\Firefox\Profiles\8ptbgn4v.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Leck_mich_Trojaner\AppData\Roaming\Mozilla\Firefox\Profiles\8ptbgn4v.default\bprotector_prefs.js
Datei Gefunden : C:\Windows\System32\Tasks\Dealply
Ordner Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gefunden : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden C:\Program Files (x86)\DeviceVM
Ordner Gefunden C:\Program Files (x86)\Mail.Ru
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\Users\Gast\AppData\LocalLow\facemoods.com
Ordner Gefunden C:\Users\Gast\AppData\LocalLow\Mail.Ru
Ordner Gefunden C:\Users\Kevin\AppData\LocalLow\Mail.Ru
Ordner Gefunden C:\Users\Kevin\AppData\LocalLow\StumbleUpon
Ordner Gefunden C:\Users\Kevin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden C:\Users\Kevin\AppData\Roaming\QuickStoresToolbar
Ordner Gefunden C:\Users\Leck_mich_Trojaner\AppData\LocalLow\facemoods.com
Ordner Gefunden C:\Users\Leck_mich_Trojaner\AppData\LocalLow\Mail.Ru
Ordner Gefunden C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\DeviceVM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StumbleUpon
Schlüssel Gefunden : [x64] HKCU\Software\BI
Schlüssel Gefunden : [x64] HKCU\Software\DeviceVM
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\StumbleUpon
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\DeviceVM
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_xvid4psp_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_xvid4psp_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DeviceVM
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
-\\ Google Chrome v29.0.1547.76
[ Datei : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
Gefunden : urls_to_restore_on_startup
[ Datei : C:\Users\Leck_mich_Trojaner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9281 octets] - [06/10/2013 19:53:06]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [9341 octets] ##########
Thorsten Troll Thorsten Troll
Neue Malwarebytes File: Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.05.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Leck_mich_Trojaner :: KEVIN-PC [limited]
06.10.2013 20:25:58
mbam-log-2013-10-06 (20-25-58).txt
Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 596905
Time elapsed: 1 hour(s), 53 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
So funktioniert es:
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
