|
Plagegeister aller Art und deren Bekämpfung: Verdächtige Startseite www1.online/?w=RD1213Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.06.2016, 19:41 | #1 |
| Verdächtige Startseite www1.online/?w=RD1213 Guten Tag, mir ist aufgefallen, dass bei allen meinen Browsern "www1.online/?w=RD1213" als Startseite hinterlegt ist. Die Seite lädt innerhalb weniger millisecunden und leitet mich sofort auf google um. Der komplette Quellcode der Seite: Code:
ATTFilter <script language="javascript"> window.location="about:blank"; </script> Jedoch wird ein Coockie gespeichert. Gleiche bei einem Kollegen hier im Forum: http://www.trojaner-board.de/179400-...-probleme.html Jemand eine Idee, was das ist, bzw. was die Website macht? Malwarebytes und Antivir liefern keine Ergebnise. Logs sind sauber. Edit: Jetzt wirds Interessant. Bei Chrome wurde nicht einfach die Startseite geändert, sondern die Verknüpfung auf meinem dektop manipuliert. ""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" www1.online/?w=RD1213" LOG: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01 durchgeführt von Max Maier (Administrator) auf DESKTOP-87AU4MC (13-06-2016 19:56:32) Gestartet von C:\Users\Max Maier\Downloads Geladene Profile: Max Maier & (Verfügbare Profile: Max Maier) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe (Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe () C:\Program Files\EslWire\service\WireHelperSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI M-Cloud\MSI_Cloud_Service.exe (MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe (MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (MSI) C:\Windows\syswow64\muachost.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Spotify Ltd) C:\Users\Max Maier\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Max Maier\AppData\Roaming\Spotify\Spotify.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Spotify Ltd) C:\Users\Max Maier\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\Max Maier\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Max Maier\AppData\Roaming\Spotify\Spotify.exe (Forty One Ltd.) C:\Users\Max Maier\Downloads\AudioSwitcher.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe (Micro-Star INT'L CO., LTD.) C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Sharkoon Technologies) C:\Program Files (x86)\Skiller PRO\Monitor.EXE (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Optical Mouse\KoneXTDOpticalMonitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (EJIE Technology) C:\Program Files (x86)\Clover\clover.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-12-08] (ELAN Microelectronics Corp.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor) HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [4131792 2015-09-10] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] () HKLM-x32\...\Run: [MSI Gaming Lan Manager] => C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe [1957328 2015-10-30] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11336656 2016-02-04] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [Skiller PRO] => C:\Program Files (x86)\Skiller PRO\Monitor.exe [475136 2015-07-17] (Sharkoon Technologies) HKLM-x32\...\Run: [RoccatKoneXTDOptical] => C:\Program Files (x86)\ROCCAT\Kone XTD Optical Mouse\KoneXTDOpticalMonitor.EXE [552960 2014-04-14] (ROCCAT GmbH) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835680 2016-04-26] (MSI) HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-10] (Valve Corporation) HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [Spotify Web Helper] => C:\Users\Max Maier\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-06-01] (Spotify Ltd) HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [Spotify] => C:\Users\Max Maier\AppData\Roaming\Spotify\Spotify.exe [6859888 2016-06-01] (Spotify Ltd) HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [ArchiCrypt Shredder 6] => [X] HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [ArchiCrypt Scheduler 6] => [X] HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [ArchiCrypt SecureDZone] => [X] HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [AudioSwitcher] => C:\Users\Max Maier\Downloads\AudioSwitcher.exe [450560 2016-02-22] (Forty One Ltd.) HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3624448 2015-12-07] (Turtle Entertainment GmbH) HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-03-22] (Unified Intents AB) HKU\S-1-5-21-2883899013-1294358711-494336794-1001\...\RunOnce: [Uninstall C:\Users\Max Maier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Max Maier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-10] (Valve Corporation) HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Max Maier\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-06-01] (Spotify Ltd) HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Max Maier\AppData\Roaming\Spotify\Spotify.exe [6859888 2016-06-01] (Spotify Ltd) HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ArchiCrypt Shredder 6] => [X] HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ArchiCrypt Scheduler 6] => [X] HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ArchiCrypt SecureDZone] => [X] HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AudioSwitcher] => C:\Users\Max Maier\Downloads\AudioSwitcher.exe [450560 2016-02-22] (Forty One Ltd.) HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3624448 2015-12-07] (Turtle Entertainment GmbH) HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-03-22] (Unified Intents AB) HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Max Maier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Max Maier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) Startup: C:\Users\Max Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-02-21] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5428290a-8a69-4616-85ff-bec830462d09}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-2883899013-1294358711-494336794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.online/?w=RD1213 HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.online/?w=RD1213 SearchScopes: HKLM -> DefaultScope {C86A8366-F55A-4360-874B-5E3E33545F77} URL = hxxp://www1.online/?w=RD1213&q={searchTerms} SearchScopes: HKLM -> {C86A8366-F55A-4360-874B-5E3E33545F77} URL = hxxp://www1.online/?w=RD1213&q={searchTerms} SearchScopes: HKU\S-1-5-21-2883899013-1294358711-494336794-1001 -> DefaultScope {C86A8366-F55A-4360-874B-5E3E33545F77} URL = hxxp://www1.online/?w=RD1213&q={searchTerms} SearchScopes: HKU\S-1-5-21-2883899013-1294358711-494336794-1001 -> {C86A8366-F55A-4360-874B-5E3E33545F77} URL = hxxp://www1.online/?w=RD1213&q={searchTerms} SearchScopes: HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {C86A8366-F55A-4360-874B-5E3E33545F77} URL = hxxp://www1.online/?w=RD1213&q={searchTerms} SearchScopes: HKU\S-1-5-21-2883899013-1294358711-494336794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C86A8366-F55A-4360-874B-5E3E33545F77} URL = hxxp://www1.online/?w=RD1213&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-03] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-03] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.) FireFox: ======== FF ProfilePath: C:\Users\Max Maier\AppData\Roaming\Mozilla\Firefox\Profiles\0pwn6uth.default FF Homepage: www1.online/?w=RD1213 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-21] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-21] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-21] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Extension: Autofill - C:\Users\Max Maier\AppData\Roaming\Mozilla\Firefox\Profiles\0pwn6uth.default\extensions\firefox-autofill@googlegroups.com.xpi [2016-06-08] FF Extension: Avira Browser Safety - C:\Users\Max Maier\AppData\Roaming\Mozilla\Firefox\Profiles\0pwn6uth.default\Extensions\abs@avira.com [2016-06-13] FF Extension: LastPass - C:\Users\Max Maier\AppData\Roaming\Mozilla\Firefox\Profiles\0pwn6uth.default\Extensions\support@lastpass.com [2016-06-11] FF Extension: Adblock Plus - C:\Users\Max Maier\AppData\Roaming\Mozilla\Firefox\Profiles\0pwn6uth.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] Chrome: ======= CHR Profile: C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-21] CHR Extension: (Google Docs) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-21] CHR Extension: (Google Drive) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-21] CHR Extension: (YouTube) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-21] CHR Extension: (Google-Suche) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-21] CHR Extension: (Google Tabellen) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-21] CHR Extension: (Avira Browserschutz) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-21] CHR Extension: (Google Docs Offline) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05] CHR Extension: (CSGO Market Price to Key Converter) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\koclnidcohbjfehlolgcakogpmgbhffn [2016-04-06] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Google Mail) - C:\Users\Max Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-21] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-24] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-24] (Avira Operations GmbH & Co. KG) R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe [322136 2014-11-27] (Softwareentwicklung Remus - ArchiCrypt) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-05-04] () R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [726952 2015-09-28] (cFos Software GmbH) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-20] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-20] (Dropbox, Inc.) R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-12-05] () S3 Futuremark SystemInfo Service; D:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark) R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [37328 2015-12-16] (Micro-Star Int'l Co., Ltd.) R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2015-10-16] (Micro-Star INT'L CO., LTD.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation) S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4173920 2016-05-24] (MSI) S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2200872 2016-02-01] (MSI) S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4160976 2016-04-18] (MSI) R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2014160 2016-03-04] (MSI) R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2328160 2016-05-19] (MSI) R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [112592 2015-09-10] (Micro-Star INT'L CO., LTD.) S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2076768 2016-05-19] (MSI) S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [598112 2016-05-19] (MSI) R2 MSI_Cloud_Service; C:\Program Files (x86)\MSI\MSI M-Cloud\MSI_Cloud_Service.exe [98640 2015-09-17] (Micro-Star Int'l Co., Ltd.) R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI) R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1787344 2016-02-05] (Micro-Star INT'L CO., LTD.) R2 MSI_RAMDisk_Service; C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe [70096 2016-01-29] (Micro-Star Int'l Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-10] (Electronic Arts) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-10-06] (Intel(R) Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 a016bus; C:\Windows\System32\drivers\a016bus.sys [109096 2008-01-18] (MCCI Corporation) S3 a016mgmt; C:\Windows\System32\drivers\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation) S3 a016obex; C:\Windows\System32\drivers\a016obex.sys [125480 2008-01-18] (MCCI Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-05-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-24] (Avira Operations GmbH & Co. KG) S3 cpuz138; C:\Users\Max Maier\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [43304 2016-03-24] (CPUID) S3 cpuz139; C:\Users\Max Maier\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43312 2016-03-24] (CPUID) S3 dg_ssudbus; C:\Windows\System32\drivers\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [531424 2015-08-13] (Intel Corporation) R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.) R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-07-20] (Intel Corporation) R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-07-20] (Intel Corporation) R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2015-07-20] (Intel Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation) S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (Windows (R) Win 7 DDK provider) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2015-10-08] (Intel Corporation) R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2016-03-24] () S3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-02-05] (Dritek System Inc.) S2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [81912 2012-12-27] (Micro-Star Int'l Co., Ltd.) S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) S3 s0017bus; C:\Windows\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) S3 s1018bus; C:\Windows\System32\drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) S3 s1029bus; C:\Windows\System32\drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation) S3 s1029mgmt; C:\Windows\System32\drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation) S3 s1029obex; C:\Windows\System32\drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation) S3 s1029unic; C:\Windows\System32\drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation) S3 s1039bus; C:\Windows\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) S3 s916bus; C:\Windows\System32\drivers\s916bus.sys [108072 2007-11-02] (MCCI Corporation) S3 s916mgmt; C:\Windows\System32\drivers\s916mgmt.sys [130088 2007-11-02] (MCCI Corporation) S3 s916obex; C:\Windows\System32\drivers\s916obex.sys [124968 2007-11-02] (MCCI Corporation) S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions) S3 se3ebus; C:\Windows\System32\drivers\se3ebus.sys [107784 2007-04-10] (MCCI Corporation) S3 se3emgmt; C:\Windows\System32\drivers\se3emgmt.sys [126216 2007-04-10] (MCCI Corporation) S3 se3eobex; C:\Windows\System32\drivers\se3eobex.sys [123144 2007-04-10] (MCCI Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [27064 2016-03-22] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 MSICDSetup; \??\E:\TREIBER\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\TREIBER\NTIOLib_X64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-02-21 02:49 - 2016-02-21 02:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Max Maier\AppData\Local\Temp\131004344989682154.exe C:\Users\Max Maier\AppData\Local\Temp\avgnt.exe C:\Users\Max Maier\AppData\Local\Temp\Command Center.exe C:\Users\Max Maier\AppData\Local\Temp\EslWireSetup-1.19.0.8185-x64.exe C:\Users\Max Maier\AppData\Local\Temp\jna2084738617161951249.dll C:\Users\Max Maier\AppData\Local\Temp\jna3060422491507399525.dll C:\Users\Max Maier\AppData\Local\Temp\jna92714551632610999.dll C:\Users\Max Maier\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Max Maier\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Max Maier\AppData\Local\Temp\nvStInst.exe C:\Users\Max Maier\AppData\Local\Temp\OpenOffice_4.1.2_Win_x86_install_de.exe C:\Users\Max Maier\AppData\Local\Temp\proxy_vole1686320643333705857.dll C:\Users\Max Maier\AppData\Local\Temp\proxy_vole2430878379049869739.dll C:\Users\Max Maier\AppData\Local\Temp\proxy_vole5834417732464332834.dll C:\Users\Max Maier\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-06-08 18:32 ==================== Ende von FRST.txt ============================ |
13.06.2016, 22:15 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Verdächtige Startseite www1.online/?w=RD1213 Guten Tag,
__________________wenn Du Hilfe möchtest, dann musst Du die Logs schon vollständig posten. Sonst macht das keinen Sinn.
__________________ |
Themen zu Verdächtige Startseite www1.online/?w=RD1213 |
about, about:blank, antivir, besonders, bla, blank, browser, browsern, dnsapi.dll, forum, google, guten, innerhalb, javascript, kollege, komplette, leitet, lädt, quellcode, sauber, script, seite, sofort, startseite, verdächtige, website, windowsapps |