| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbung beim Surfen, unangeforderter Browserstart, neue Programme, die ich nicht installiert habeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2015, 21:05
| #1 |
 |  Werbung beim Surfen, unangeforderter Browserstart, neue Programme, die ich nicht installiert habe Abend  Im Moment bekomme ich ständig Werbung und Pop-up Fenster beim Surfen. Manchmal öffnet sich auch unangefordert ein anderer Browser mit Werbung, entweder Firefox oder Mybrowser, während ich aber Google Chrome benutze. Mybrowser gehört neben YTDownloader zu Programmen, die ich eigentlich nicht installiert habe, die aber trotzdem auftauchen. Bevor ich auf dieses Forum gestoßen bin, hab ich versucht alles mit Malwarebytes zu entfernen, habe die Ergebnisse aber nicht gespeichert und jetzt finde ich nur Schutzprotokolle. Avast hat auch einige Dateien in die Quarantäne verschoben, leider weiß ich aber nicht, wo man die Log Dateien findet. Den Log von Defogger habe ich auch leider nicht gefunden und bei GMER kam die Meldung "C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." Ich hatte aber alle Programme geschlossen, Avast deaktiviert und WiFi ausgeschaltet. FRST hat funktioniert. FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:24-10-2015 durchgeführt von saturn1 (Administrator) auf SATURN (24-10-2015 20:56:30) Gestartet von C:\Users\saturn1\Downloads Geladene Profile: UpdatusUser & saturn1 (Verfügbare Profile: UpdatusUser & saturn1 & Gast) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe (Cinema PlusV18.10) C:\Program Files (x86)\CinemaPlus-3.2cV18.10\07193f39-2975-4a06-b838-be65dc69209f-6.exe (Cinema PlusV18.10) C:\Program Files (x86)\CinemaPlus-3.2cV18.10\07193f39-2975-4a06-b838-be65dc69209f-1-6.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\093BD3E7-1445176877-3346-BE18-089E01F42089\hnst635A.tmp (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe () C:\Program Files (x86)\093BD3E7-1445176877-3346-BE18-089E01F42089\knst30D8.tmpfs (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files (x86)\093BD3E7-1445176877-3346-BE18-089E01F42089\jnsz4B9A.tmp (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Cinema PlusV18.10) C:\Program Files (x86)\CinemaPlus-3.2cV18.10\07193f39-2975-4a06-b838-be65dc69209f-1-6.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Cinema PlusV24.10) C:\Program Files (x86)\CinemaPlus-3.2cV24.10\9019b8ca-0bd0-4075-810e-ddb68bb0dc98-6.exe (Cinema PlusV24.10) C:\Program Files (x86)\CinemaPlus-3.2cV24.10\9019b8ca-0bd0-4075-810e-ddb68bb0dc98-1-6.exe (Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe (globalUpdate) C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe (Cinema PlusV24.10) C:\Program Files (x86)\CinemaPlus-3.2cV24.10\9019b8ca-0bd0-4075-810e-ddb68bb0dc98-10.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe () C:\Users\saturn1\AppData\Local\gmsd_de_005010123\upgmsd_de_005010123.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Akamai Technologies, Inc.) C:\Users\saturn1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\saturn1\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\gmsd_de_005010123\gmsd_de_005010123.exe () C:\Program Files (x86)\rec_en_77\rec_en_77.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Goobzo) C:\Program Files (x86)\YTDownloader\BrowserHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.) HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [747520 2014-10-31] () HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.) HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.) HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader) HKLM-x32\...\RunOnce: [upgmsd_de_005010123.exe] => C:\Users\saturn1\AppData\Local\gmsd_de_005010123\upgmsd_de_005010123.exe [3335344 2015-10-22] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-10-05] (Malwarebytes) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\...\Run: [Akamai NetSession Interface] => C:\Users\saturn1\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader) HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.exe HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\...\RunOnce: [Application Restart #2] => C:\Users\saturn1\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-sid (Der Dateneintrag hat 566 mehr Zeichen). HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] () HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\logon.scr AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-08-30] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-08-30] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-03] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2015-10-24] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-10-24] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * aswBoot.exe /M:21d4b14d868 /wow /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0578C397-90C3-41AD-BF4A-E9A5C7F21EDE}: [DhcpNameServer] 40.33.1.55 Tcpip\..\Interfaces\{8338A901-C2B3-48D2-91B5-92D696243DA8}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1506994272-2369309272-3303374795-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-1506994272-2369309272-3303374795-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1506994272-2369309272-3303374795-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = SearchScopes: HKU\S-1-5-21-1506994272-2369309272-3303374795-1002 -> {5D48B1EE-C9AE-44AA-8E1C-9739F1CAB895} URL = SearchScopes: HKU\S-1-5-21-1506994272-2369309272-3303374795-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-1506994272-2369309272-3303374795-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1506994272-2369309272-3303374795-1002 -> {B88EC6B7-CAD2-47CF-98CD-6F1C52DC6102} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-03] (Avast Software s.r.o.) BHO-x32: Kein Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Keine Datei BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-03] (Avast Software s.r.o.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKU\S-1-5-21-1506994272-2369309272-3303374795-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) FireFox: ======== FF ProfilePath: C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FAOztutdk0003,6de5abd9-4bff-4a3d-b98f-542a02b515ac FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\user.js [2015-10-18] FF SearchPlugin: C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\searchplugins\bing-avast.xml [2015-03-21] FF SearchPlugin: C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\searchplugins\ecosia.xml [2015-10-17] FF SearchPlugin: C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\searchplugins\google-avast.xml [2015-08-06] FF SearchPlugin: C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\searchplugins\google-images.xml [2015-03-21] FF SearchPlugin: C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\searchplugins\google-maps.xml [2015-03-21] FF SearchPlugin: C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\searchplugins\youtube-videosuche.xml [2015-03-01] FF Extension: YouTube Unblocker - C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\Extensions\youtubeunblocker@unblocker.yt [2015-10-16] FF Extension: TextMarker! - C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\Extensions\{1c530060-b0ae-11d9-9669-0800200c9a66} [2015-10-13] FF Extension: Lightbeam - C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-05-27] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2015-10-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-03] [ist nicht signiert] FF HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden FF HKU\S-1-5-21-1506994272-2369309272-3303374795-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\saturn1\AppData\Roaming\Mozilla\Firefox\Profiles\dlbghz7b.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FAOztutdk0003,6de5abd9-4bff-4a3d-b98f-542a02b515ac, CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FAOztutdk0003,6de5abd9-4bff-4a3d-b98f-542a02b515ac, CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} CHR Profile: C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Google Docs) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Google Cast) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-12] CHR Extension: (Google-Suche) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24] CHR Extension: (Google Tabellen) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06] CHR Extension: (Avast Online Security) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-20] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07] CHR Extension: (Google Mail) - C:\Users\saturn1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-03] Opera: ======= OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\saturn1\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-10-24] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-03] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-03] (Avast Software) R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-10-22] () R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-08-31] (Acer Incorporated) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-12] (Dropbox, Inc.) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18064 2015-04-18] () R2 Intel(R) Technology Access Legacy CS Loader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [144128 2015-07-31] (Intel(R) Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [481536 2015-07-31] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.) R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-12] (Autodesk, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] () S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [Datei ist nicht signiert] S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [347176 2013-08-14] (Acer Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-03] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-03] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-03] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-03] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-03] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-03] () S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) U0 brini; C:\Windows\System32\drivers\ykcjs.sys [79064 2015-10-18] (Malwarebytes) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.) U0 cbfj; C:\Windows\System32\drivers\cmsn.sys [79064 2015-10-24] (Malwarebytes) R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies) S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] () R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.) R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation) R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-10-22] (YTDownloader) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [Datei ist nicht signiert] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-03] (Avast Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U0 ybjx; C:\Windows\System32\drivers\tbhmp.sys [79064 2015-10-18] (Malwarebytes) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-24 20:56 - 2015-10-24 20:57 - 00038498 _____ C:\Users\saturn1\Downloads\FRST.txt 2015-10-24 20:56 - 2015-10-24 20:56 - 00380416 _____ C:\Users\saturn1\Downloads\hyvj88ry.exe 2015-10-24 20:56 - 2015-10-24 20:56 - 00000000 ____D C:\FRST 2015-10-24 20:55 - 2015-10-24 20:55 - 02196480 _____ (Farbar) C:\Users\saturn1\Downloads\FRST64.exe 2015-10-24 20:54 - 2015-10-24 20:55 - 01700352 _____ (Farbar) C:\Users\saturn1\Downloads\FRST.exe 2015-10-24 20:51 - 2015-10-24 20:51 - 00000476 _____ C:\Users\saturn1\Downloads\defogger_disable.log 2015-10-24 20:51 - 2015-10-24 20:51 - 00000000 _____ C:\Users\saturn1\defogger_reenable 2015-10-24 20:50 - 2015-10-24 20:50 - 00050477 _____ C:\Users\saturn1\Downloads\Defogger.exe 2015-10-24 20:31 - 2015-10-24 20:31 - 00000000 ____D C:\ProgramData\ShopperPro 2015-10-24 20:25 - 2015-10-24 20:25 - 00003698 _____ C:\Windows\System32\Tasks\Inst_Rep 2015-10-24 20:25 - 2015-10-24 20:25 - 00000000 ____D C:\ProgramData\SearchModule 2015-10-24 20:21 - 2015-10-24 20:21 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\cmsn.sys 2015-10-24 20:16 - 2015-10-24 20:16 - 00602112 _____ (OldTimer Tools) C:\Users\saturn1\Downloads\OTL.exe 2015-10-24 19:40 - 2015-10-24 19:40 - 00000000 ____D C:\Users\saturn1\Downloads\ProcessExplorer_16.5 2015-10-24 19:39 - 2015-10-24 19:39 - 01125626 _____ C:\Users\saturn1\Downloads\ProcessExplorer_16.5.zip 2015-10-24 19:31 - 2015-10-24 20:20 - 00000000 ____D C:\Program Files\Common Files\ShopperPro 2015-10-24 19:24 - 2015-10-24 20:21 - 00001458 _____ C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-10-24 18:25 - 2015-10-24 20:21 - 00001929 _____ C:\Users\saturn1\Desktop\YTDownloader.lnk 2015-10-24 18:25 - 2015-10-24 18:25 - 00004362 _____ C:\Windows\System32\Tasks\Installer_DSKB 2015-10-24 18:25 - 2015-10-24 18:25 - 00003904 _____ C:\Windows\System32\Tasks\YTDownloaderUpd 2015-10-24 18:25 - 2015-10-24 18:25 - 00003582 _____ C:\Windows\System32\Tasks\YTDownloader 2015-10-24 18:25 - 2015-10-24 18:25 - 00000000 ____D C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader 2015-10-24 18:25 - 2015-10-24 18:25 - 00000000 ____D C:\Users\saturn1\AppData\Local\CrashRpt 2015-10-24 18:25 - 2015-10-24 18:25 - 00000000 ____D C:\Program Files\Common Files\Goobzo 2015-10-24 18:25 - 2015-10-24 18:25 - 00000000 ____D C:\Program Files (x86)\YTDownloader 2015-10-24 18:24 - 2015-10-24 20:20 - 00000000 ____D C:\Program Files (x86)\rec_en_77 2015-10-24 18:22 - 2015-10-24 20:21 - 00001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-10-24 18:22 - 2015-10-24 20:21 - 00001085 _____ C:\Users\Public\Desktop\Opera.lnk 2015-10-24 18:22 - 2015-10-24 20:20 - 00000000 ____D C:\Users\saturn1\AppData\Local\gmsd_de_005010123 2015-10-24 18:22 - 2015-10-24 20:20 - 00000000 ____D C:\Program Files (x86)\gmsd_de_005010123 2015-10-24 18:22 - 2015-10-24 19:24 - 00001030 _____ C:\Windows\Tasks\fgQ3SLKo3PQmATQfNa.job 2015-10-24 18:22 - 2015-10-24 19:24 - 00001030 _____ C:\Windows\Tasks\bKowc082jZo3bbUXLv.job 2015-10-24 18:22 - 2015-10-24 18:22 - 00004038 _____ C:\Windows\System32\Tasks\fgQ3SLKo3PQmATQfNa 2015-10-24 18:22 - 2015-10-24 18:22 - 00004038 _____ C:\Windows\System32\Tasks\bKowc082jZo3bbUXLv 2015-10-24 18:22 - 2015-10-24 18:22 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1445703737 2015-10-24 18:22 - 2015-10-24 18:22 - 00000000 ____D C:\Users\saturn1\AppData\Roaming\Opera Software 2015-10-24 18:22 - 2015-10-24 18:22 - 00000000 ____D C:\Users\saturn1\AppData\Local\Opera Software 2015-10-24 18:21 - 2015-10-24 20:20 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV24.10 2015-10-24 18:21 - 2015-10-24 18:22 - 00000000 ____D C:\Program Files (x86)\Opera 2015-10-24 18:20 - 2015-10-24 20:20 - 00000000 ____D C:\Program Files\SpaceSoundPro 2015-10-24 18:20 - 2015-10-24 18:20 - 00000008 _____ C:\END 2015-10-21 14:20 - 2015-10-21 14:20 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud 2015-10-18 21:46 - 2015-10-18 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-10-18 20:07 - 2015-10-18 20:07 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\tbhmp.sys 2015-10-18 20:07 - 2015-10-18 20:07 - 00015266 _____ C:\Windows\Tasks\vvmo 2015-10-18 19:05 - 2015-10-18 19:05 - 00243888 _____ C:\Users\saturn1\Downloads\Firefox Setup Stub 41.0.2.exe 2015-10-18 19:03 - 2015-10-18 19:03 - 00264438 _____ C:\Windows\SysWOW64\llvwypec 2015-10-18 19:03 - 2015-10-18 19:03 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\ykcjs.sys 2015-10-18 18:01 - 2015-10-24 20:21 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-10-18 18:01 - 2015-10-24 19:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-18 18:01 - 2015-10-18 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-10-18 18:01 - 2015-10-18 18:01 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-18 18:01 - 2015-10-18 18:01 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-10-18 18:01 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-18 18:01 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-18 18:01 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-18 18:00 - 2015-10-18 18:00 - 22908888 _____ (Malwarebytes ) C:\Users\saturn1\Downloads\mbam-setup-org-2.2.0.1024.exe 2015-10-18 17:58 - 2015-10-24 19:24 - 00001026 _____ C:\Windows\Tasks\ZRhLK9hrBkOCMase.job 2015-10-18 17:58 - 2015-10-24 19:24 - 00001018 _____ C:\Windows\Tasks\MVCQOKPixtwM.job 2015-10-18 17:58 - 2015-10-18 17:58 - 00004034 _____ C:\Windows\System32\Tasks\ZRhLK9hrBkOCMase 2015-10-18 17:58 - 2015-10-18 17:58 - 00004024 _____ C:\Windows\System32\Tasks\MVCQOKPixtwM 2015-10-18 17:08 - 2015-10-24 19:24 - 00001044 _____ C:\Windows\Tasks\5Cu3LipFija5o17kHXCYuaR9m.job 2015-10-18 17:08 - 2015-10-24 19:24 - 00001024 _____ C:\Windows\Tasks\Y8AUFtKs8KRzdqL.job 2015-10-18 17:08 - 2015-10-18 17:08 - 00004050 _____ C:\Windows\System32\Tasks\5Cu3LipFija5o17kHXCYuaR9m 2015-10-18 17:08 - 2015-10-18 17:08 - 00004032 _____ C:\Windows\System32\Tasks\Y8AUFtKs8KRzdqL 2015-10-18 17:05 - 2015-10-18 17:05 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-10-18 17:05 - 2015-10-18 17:05 - 00000000 ____D C:\Users\saturn1\Tracing 2015-10-18 17:05 - 2015-10-18 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-10-18 17:04 - 2015-10-18 17:04 - 00000000 ____D C:\Users\saturn1\Documents\Autoloader 2015-10-18 16:34 - 2015-10-24 20:21 - 00001952 _____ C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk 2015-10-18 16:34 - 2015-10-24 19:24 - 00001032 _____ C:\Windows\Tasks\n2WsgG5UnMBz2EppfzX.job 2015-10-18 16:34 - 2015-10-24 19:24 - 00001010 _____ C:\Windows\Tasks\GUmJ6Qbd.job 2015-10-18 16:34 - 2015-10-18 16:34 - 00004038 _____ C:\Windows\System32\Tasks\n2WsgG5UnMBz2EppfzX 2015-10-18 16:34 - 2015-10-18 16:34 - 00004018 _____ C:\Windows\System32\Tasks\GUmJ6Qbd 2015-10-18 16:15 - 2015-10-24 19:24 - 00001048 _____ C:\Windows\Tasks\dadePdmwVvTaHhLNvf8hIMcT9IF.job 2015-10-18 16:15 - 2015-10-24 19:24 - 00001030 _____ C:\Windows\Tasks\DEAn2Th92CYuEkPG9n.job 2015-10-18 16:15 - 2015-10-18 16:15 - 00004056 _____ C:\Windows\System32\Tasks\dadePdmwVvTaHhLNvf8hIMcT9IF 2015-10-18 16:15 - 2015-10-18 16:15 - 00004038 _____ C:\Windows\System32\Tasks\DEAn2Th92CYuEkPG9n 2015-10-18 16:13 - 2015-10-24 19:24 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-10-18 16:13 - 2015-10-24 18:21 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-10-18 16:13 - 2015-10-19 18:54 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV18.10 2015-10-18 16:13 - 2015-10-18 16:13 - 00000000 ____D C:\Users\saturn1\AppData\Local\globalUpdate 2015-10-18 16:07 - 2015-10-18 16:07 - 00003130 _____ C:\Windows\System32\Tasks\{BDB0FB31-C5A3-4201-9E0E-C7E3F5F6FE6F} 2015-10-18 16:06 - 2015-10-18 16:06 - 00000000 ____D C:\Program Files (x86)\predm 2015-10-18 16:03 - 2015-10-18 16:21 - 818177352 _____ (Travellers Tales (UK) Ltd) C:\Users\saturn1\Downloads\LEGOHarryPotterDEMO.exe.part 2015-10-18 16:02 - 2015-10-18 16:02 - 00000000 ____D C:\Users\saturn1\AppData\Roaming\dlg 2015-10-18 16:01 - 2015-10-18 19:02 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support 2015-10-18 16:01 - 2015-10-18 19:02 - 00000000 ____D C:\Program Files (x86)\093BD3E7-1445176877-3346-BE18-089E01F42089 2015-10-18 16:01 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-10-18 16:00 - 2015-10-18 16:07 - 00000000 ____D C:\Users\saturn1\AppData\Roaming\SpeedMon 2015-10-18 15:59 - 2015-10-18 15:59 - 00544320 _____ C:\Users\saturn1\Downloads\jetzt_installieren.exe 2015-10-16 11:42 - 2015-10-18 19:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-11 13:40 - 2015-10-11 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-10-11 13:40 - 2015-10-11 13:40 - 00000000 ____D C:\Program Files\iTunes 2015-10-11 13:40 - 2015-10-11 13:40 - 00000000 ____D C:\Program Files\iPod 2015-10-11 13:40 - 2015-10-11 13:40 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-10-11 13:38 - 2015-10-11 13:38 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2015-10-11 13:38 - 2015-10-11 13:38 - 00000000 ____D C:\Program Files\Bonjour 2015-10-11 13:38 - 2015-10-11 13:38 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-10-11 13:38 - 2015-10-11 13:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-10-08 15:59 - 2015-10-08 15:59 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll 2015-10-03 17:54 - 2015-10-03 17:54 - 00143445 _____ C:\Users\saturn1\Downloads\YouTube-Unblocker-056.zip 2015-10-03 17:53 - 2015-10-03 17:53 - 01457952 _____ C:\Users\saturn1\Downloads\YouTube-Unblocker-056 - CHIP-Installer.exe 2015-10-03 16:14 - 2015-10-03 16:14 - 00000000 ____D C:\Users\saturn1\Downloads\youtube_unblocker-0.6.17-fx 2015-10-03 16:08 - 2015-10-03 16:08 - 00201046 _____ C:\Users\saturn1\Downloads\youtube_unblocker-0.6.17-fx.zip 2015-10-02 22:34 - 2015-10-02 22:34 - 00000000 ____D C:\Windows\LastGood 2015-09-27 18:33 - 2015-09-27 18:33 - 00000000 ____D C:\Windows\LastGood.Tmp ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-24 20:52 - 2013-11-11 18:06 - 01185910 _____ C:\Windows\WindowsUpdate.log 2015-10-24 20:51 - 2013-12-22 00:02 - 00000000 ____D C:\Users\saturn1 2015-10-24 20:46 - 2014-10-22 21:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-24 20:45 - 2015-09-12 09:40 - 00001230 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-10-24 20:25 - 2013-12-22 00:08 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506994272-2369309272-3303374795-1002 2015-10-24 20:22 - 2014-10-17 22:17 - 00000000 ____D C:\Users\saturn1\AppData\Local\CrashDumps 2015-10-24 20:21 - 2015-07-07 09:26 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-10-24 20:21 - 2014-10-17 13:25 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-10-24 20:21 - 2014-09-06 15:44 - 00002205 _____ C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk 2015-10-24 20:21 - 2014-09-06 15:44 - 00002105 _____ C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk 2015-10-24 20:21 - 2014-02-18 20:34 - 00002185 _____ C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-10-24 20:21 - 2013-12-22 00:03 - 00001280 _____ C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk 2015-10-24 20:21 - 2013-12-22 00:02 - 00001458 _____ C:\Users\saturn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk 2015-10-24 20:21 - 2013-11-11 18:56 - 00001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-10-24 20:21 - 2013-10-07 13:23 - 00000000 ____D C:\Windows\oem 2015-10-24 20:21 - 2013-07-09 23:24 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk 2015-10-24 20:19 - 2013-10-07 13:21 - 00000000 ____D C:\Program Files (x86)\Acer 2015-10-24 20:12 - 2014-12-13 15:40 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-24 20:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-10-24 19:32 - 2014-10-15 21:06 - 00000000 __RDO C:\Users\saturn1\OneDrive 2015-10-24 19:24 - 2015-09-12 09:40 - 00001226 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-10-24 19:24 - 2014-12-13 15:40 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-24 17:24 - 2014-10-24 12:46 - 00000000 ____D C:\Users\saturn1\AppData\Local\Akamai 2015-10-24 16:27 - 2014-01-03 00:00 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3B5229CA-775F-4B17-B56B-B93A96D118AF} 2015-10-21 14:19 - 2015-08-05 16:16 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent 2015-10-21 14:19 - 2013-10-07 14:04 - 00000000 ___HD C:\OEM 2015-10-21 14:19 - 2013-10-07 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-10-21 14:16 - 2013-12-22 00:04 - 00000000 ____D C:\Users\saturn1\AppData\Local\clear.fi 2015-10-18 21:46 - 2015-09-12 09:40 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-10-18 19:07 - 2014-02-04 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-18 17:51 - 2014-10-16 08:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-10-18 17:49 - 2014-12-06 15:28 - 00000000 ____D C:\Users\saturn1\AppData\Local\HTC MediaHub 2015-10-18 17:49 - 2013-08-22 16:46 - 00083952 _____ C:\Windows\setupact.log 2015-10-18 17:49 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-18 17:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-10-18 17:05 - 2014-11-23 19:21 - 00000000 ____D C:\Users\saturn1\AppData\Roaming\Skype 2015-10-18 17:05 - 2014-11-22 17:28 - 00000000 ____D C:\ProgramData\Skype 2015-10-18 17:04 - 2014-10-24 12:48 - 00000000 ____D C:\Users\saturn1\AppData\Roaming\Autodesk 2015-10-18 16:58 - 2013-10-07 13:08 - 00088236 _____ C:\Windows\PFRO.log 2015-10-18 16:57 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2015-10-17 12:46 - 2014-10-22 21:08 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-16 13:10 - 2014-12-27 22:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-14 12:25 - 2013-11-12 02:51 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-10-14 12:25 - 2013-11-12 02:51 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-10-14 12:25 - 2013-10-07 13:11 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-13 09:58 - 2013-11-11 18:23 - 00000000 ____D C:\Windows\SysWOW64\NV 2015-10-13 09:58 - 2013-11-11 18:23 - 00000000 ____D C:\Windows\system32\NV 2015-10-13 09:58 - 2013-11-11 18:23 - 00000000 ____D C:\ProgramData\NVIDIA 2015-10-11 13:40 - 2015-06-28 13:55 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-10-11 13:40 - 2014-10-17 13:25 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-10-09 16:54 - 2014-12-01 23:43 - 00000000 ____D C:\Users\saturn1\Documents\The Lord of the Rings Online 2015-10-09 16:03 - 2015-09-12 09:42 - 00000000 ___RD C:\Users\saturn1\Dropbox 2015-10-09 16:03 - 2015-09-12 09:40 - 00000000 ____D C:\Users\saturn1\AppData\Local\Dropbox 2015-10-09 15:57 - 2014-12-02 07:56 - 00000000 ____D C:\Users\saturn1\AppData\Local\The Lord of the Rings Online 2015-10-04 20:22 - 2015-02-22 11:36 - 00003722 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2015-10-04 20:22 - 2015-02-22 11:36 - 00003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2015-09-29 20:23 - 2015-09-12 20:29 - 00000000 ____D C:\Users\Gast\AppData\Local\Acer ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-06-15 13:43 - 2015-06-15 13:43 - 12060760 _____ (WindSolutions) C:\Program Files\CopyTransManager.exe 2015-06-23 17:58 - 2015-06-23 17:58 - 11591752 _____ () C:\Program Files\CopyTransManagerDEv1.018.zip 2014-04-17 09:56 - 2014-04-17 09:56 - 0012943 _____ () C:\Program Files\License Agreement.rtf 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\saturn1\AppData\Roaming\5Cu3LipFija5o17kHXCYuaR9m 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\saturn1\AppData\Roaming\bKowc082jZo3bbUXLv 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\saturn1\AppData\Roaming\dadePdmwVvTaHhLNvf8hIMcT9IF 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\saturn1\AppData\Roaming\DEAn2Th92CYuEkPG9n 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\saturn1\AppData\Roaming\fgQ3SLKo3PQmATQfNa 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\saturn1\AppData\Roaming\GUmJ6Qbd 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\saturn1\AppData\Roaming\MVCQOKPixtwM 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\saturn1\AppData\Roaming\n2WsgG5UnMBz2EppfzX 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\saturn1\AppData\Roaming\Y8AUFtKs8KRzdqL 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\saturn1\AppData\Roaming\ZRhLK9hrBkOCMase 2015-03-15 12:01 - 2015-03-15 12:01 - 0007598 _____ () C:\Users\saturn1\AppData\Local\Resmon.ResmonCfg 2013-11-11 18:51 - 2013-11-11 18:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw0vgcx.dll C:\Users\Gast\AppData\Local\Temp\oct6BE3.tmp.exe C:\Users\Gast\AppData\Local\Temp\octCAE2.tmp.exe C:\Users\saturn1\AppData\Local\Temp\AcDeltree.exe C:\Users\saturn1\AppData\Local\Temp\avg3C96.exe C:\Users\saturn1\AppData\Local\Temp\avg4EE9.exe C:\Users\saturn1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsq_due.dll C:\Users\saturn1\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\saturn1\AppData\Local\Temp\Intel_Technology_Access_Software.exe C:\Users\saturn1\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\saturn1\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\saturn1\AppData\Local\Temp\MSETUP4.EXE C:\Users\saturn1\AppData\Local\Temp\oct10A6.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct130D.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct13E4.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct14E3.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct2A21.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct3079.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct336B.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct3402.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct353F.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct3DFA.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct4526.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct4E1.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct4E31.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct5091.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct52A1.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct5481.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct5BFB.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct67D5.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct6836.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct6B6F.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct7FB8.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct81CC.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct8256.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct8E9A.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct9606.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct98B5.tmp.exe C:\Users\saturn1\AppData\Local\Temp\oct99F6.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octA02.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octA84C.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octAD17.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octB077.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octB1F5.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octC1AE.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octCDDB.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octD530.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octD6A1.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octD9B9.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octDD43.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octE337.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octEDB2.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octEF04.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octF0B1.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octF0B7.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octF47.tmp.exe C:\Users\saturn1\AppData\Local\Temp\octFCB.tmp.exe C:\Users\saturn1\AppData\Local\Temp\Quarantine.exe C:\Users\saturn1\AppData\Local\Temp\SkypeSetup.exe C:\Users\saturn1\AppData\Local\Temp\sqlite3.dll C:\Users\saturn1\AppData\Local\Temp\tmpF9C9.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-23 17:18 ==================== Ende von FRST.txt ============================ Vielen Dank für die Hilfe! |
| Themen zu Werbung beim Surfen, unangeforderter Browserstart, neue Programme, die ich nicht installiert habe |
| antivirus, browser mit werbung, canon, dnsapi.dll, downloader, entfernen, flash player, homepage, launch, prozesse, pup.optional.browserhelper, pup.optional.downloaderguide, pup.optional.goobzo, pup.optional.shopperpro, pup.optional.wordshark, registry, software, svchost.exe, symantec, windowsapps |
Baum-Darstellung