| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WIN10 64bit - unbekannte Aktivität, schwarzer Bildschirm+herunterfahrenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.12.2016, 23:56
| #1 |
 |  WIN10 64bit - unbekannte Aktivität, schwarzer Bildschirm+herunterfahren Moin, leider scheint mein System in irgend einer Form infiziert oder defekt zu sein. In letzter Zeit war häufiger plötzlich der Bildschirm schwarz und das System fuhr auch manchmal von allein runter; ab und zu auch nicht...vvlt auch "nur " eine Treiberproblematik aber das Neueste ist installiert... Der Lüfter läuft fast ständig, obwohl nix an Programmen läuft... Vor 2 Tagen erkannte Norton 360 etwas viel Internetverkehr aber die Meldung finde ich nicht mehr... ein Komplettscan hat nichts ergeben. Dann funktionierte Norton auch nicht mehr einwandfrei und ich musste remove&reinstall ausführen... Vertrauen ist da jetzt nicht mehr so groß... mbam fand auch nix... Vielleicht kann mir da jemand Licht ins Dunkel bringen...? FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016 durchgeführt von USER (Administrator) auf USER-HP (27-12-2016 23:11:55) Gestartet von C:\Users\USER\Desktop Geladene Profile: USER & (Verfügbare Profile: USER & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Opera) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-12] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-12-21] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [978456 2016-08-03] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1773077131-3649358975-729568603-1000\...\Run: [Amazon Music] => C:\Users\USER\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] () HKU\S-1-5-21-1773077131-3649358975-729568603-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [978456 2016-08-03] (BlueStack Systems, Inc.) HKU\S-1-5-21-1773077131-3649358975-729568603-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2094976 2016-09-16] (Sony) HKU\S-1-5-21-1773077131-3649358975-729568603-1000\...\RunOnce: [Uninstall C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" HKU\S-1-5-21-1773077131-3649358975-729568603-1000\...\RunOnce: [Uninstall C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509" HKU\S-1-5-21-1773077131-3649358975-729568603-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1773077131-3649358975-729568603-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1773077131-3649358975-729568603-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\USER\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] () HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [978456 2016-08-03] (BlueStack Systems, Inc.) HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2094976 2016-09-16] (Sony) HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509" HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-20] (EasyBits Software Corp.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\USER\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\USER\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\USER\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{1491a579-74bf-46d2-a369-35fdd43a436c}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1773077131-3649358975-729568603-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1773077131-3649358975-729568603-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {D73A43AE-4635-44F1-826A-90D835547843} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {F0CDD231-0703-4978-AC1D-37B3315BC4ED} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1773077131-3649358975-729568603-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1773077131-3649358975-729568603-1000 -> {51D8F101-A2FE-4F9C-9550-4F67650AF170} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1773077131-3649358975-729568603-1000 -> {62E05E07-B0D5-4721-9A89-EE3A1E4DD450} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {51D8F101-A2FE-4F9C-9550-4F67650AF170} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {62E05E07-B0D5-4721-9A89-EE3A1E4DD450} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2010-04-15] (TerraTec Electronic GmbH) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) DPF: HKLM {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab FireFox: ======== FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2i4mdlek.default [2016-12-20] FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\2i4mdlek.default -> SuchMaschine FF Homepage: Mozilla\Firefox\Profiles\2i4mdlek.default -> chrome://unitedtb/content/newtab/startpage.xhtml FF Extension: (GMX MailCheck) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2i4mdlek.default\Extensions\browser-mailcheck@gmx.net [2016-03-01] FF Extension: (Mailvelope) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2i4mdlek.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2016-03-01] FF SearchPlugin: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2i4mdlek.default\searchplugins\norton-safe-search.xml [2016-03-01] FF SearchPlugin: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2i4mdlek.default\searchplugins\yahoo-avast.xml [2014-06-27] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-10] [ist nicht signiert] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-21] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.8.1.14\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.8.1.14\coFFAddon [2016-12-27] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.8.1.14\coFFAddon FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-20] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-20] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media ) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1773077131-3649358975-729568603-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll [2012-08-30] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-1773077131-3649358975-729568603-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-28] () FF Plugin HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll [2012-08-30] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-1773077131-3649358975-729568603-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.) Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908 CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2016-12-27] CHR Extension: (Google Präsentationen) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07] CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07] CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-17] CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-17] CHR Extension: (Norton Security Toolbar) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-11-20] CHR Extension: (Google-Suche) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-19] CHR Extension: (Google Tabellen) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07] CHR Extension: (Norton Home Page for Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2016-11-04] CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-17] CHR Extension: (Norton Safe) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2016-11-04] CHR Extension: (Norton Identity Safe) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-11-20] CHR Extension: (HP Network Check Launcher) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-11-28] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-17] CHR Extension: (Google Mail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-19] CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-27] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-27] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Foxtrick (Beta)) - C:\Users\USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\gpfggkkkmpaalfemiafhfobkfnadeegj [2016-11-08] OPR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmffjpdmbgflojiohllanjaggdenggdo [2015-10-15] OPR Extension: (Amazon Assistant for Opera) - C:\Users\USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2016-10-17] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-08-03] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-08-03] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-08-03] (BlueStack Systems, Inc.) R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [Datei ist nicht signiert] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-11-24] (Electronic Arts) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-12] (Realtek Semiconductor) R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [Datei ist nicht signiert] S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-12-21] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2085760 2016-09-16] (Sony) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.) S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc) S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-05-17] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-20] (Symantec Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-03] (BlueStack Systems) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. ) R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-11-12] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-09-22] (Symantec Corporation) R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2012-12-03] (GFI Software) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-01] (REALiX(tm)) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\IPSDefs\20161226.001\IDSvia64.sys [1038032 2016-12-26] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-27] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) [Datei ist nicht signiert] S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-05-17] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-04-12] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-12-21] (Synaptics Incorporated) R3 SRTSP; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation) R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation) S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-11-12] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-27] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation) R1 SymNetS; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; kein ImagePath S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\SDSDefs\20161227.007\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\SDSDefs\20161227.007\EX64.SYS [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-12-27 23:11 - 2016-12-27 23:13 - 00033322 _____ C:\Users\USER\Desktop\FRST.txt 2016-12-27 23:02 - 2016-12-27 23:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-27 23:02 - 2016-12-27 23:02 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-12-27 23:02 - 2016-12-27 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-12-27 23:02 - 2016-12-27 23:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-12-27 23:02 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-12-27 23:02 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-12-27 23:02 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-12-27 23:01 - 2016-12-27 23:07 - 02420736 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe 2016-12-27 23:00 - 2016-12-27 23:01 - 22851472 _____ (Malwarebytes ) C:\Users\USER\Desktop\mbam-setup-2.2.1.1043.exe 2016-12-27 21:15 - 2016-12-27 21:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 2016-12-27 21:12 - 2016-12-27 21:12 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2016-12-27 21:12 - 2016-12-27 21:12 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2016-12-27 21:12 - 2016-12-27 21:12 - 00002386 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-12-27 21:11 - 2016-12-27 21:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-12-27 21:11 - 2016-12-27 21:11 - 00000000 ____D C:\Program Files (x86)\Norton 360 2016-12-27 21:10 - 2016-12-27 21:10 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-12-27 20:23 - 2016-12-27 21:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Remove and Reinstall 2016-12-27 20:20 - 2016-12-27 20:20 - 00000000 ____D C:\ProgramData\PCSettings 2016-12-27 20:18 - 2016-12-27 20:18 - 15359160 _____ (Symantec Corporation) C:\Users\USER\Desktop\NRnR.exe 2016-12-27 18:13 - 2016-12-27 18:13 - 00002088 _____ C:\Users\USER\Desktop\message-rfc822-attachment 2016-12-22 22:22 - 2016-12-22 22:22 - 04590795 _____ C:\Users\USER\Documents\Christmas letter 2016 .pages.pdf 2016-12-20 00:29 - 2016-12-20 00:29 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7C003C78.sys 2016-12-19 22:21 - 2016-12-19 22:22 - 03977168 _____ C:\Users\USER\Downloads\AdwCleaner_6.041.exe 2016-12-19 22:13 - 2016-12-19 22:13 - 00002688 _____ C:\Users\USER\Documents\cc_20161219_221351.reg 2016-12-19 22:06 - 2016-12-19 22:08 - 08803648 _____ (Piriform Ltd) C:\Users\USER\Downloads\ccsetup525.exe 2016-12-19 21:16 - 2016-12-19 21:16 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-18 09:08 - 2016-12-18 09:08 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-18 09:08 - 2016-12-18 09:08 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-17 20:39 - 2016-12-17 20:39 - 04701691 _____ C:\Users\USER\Desktop\pepparkakshus-liten-stuga.pdf 2016-12-17 00:23 - 2016-12-17 00:23 - 00100080 ____H C:\WINDOWS\SysWOW64\mlfcache.dat 2016-12-17 00:22 - 2016-12-17 00:22 - 07604435 _____ C:\Users\USER\Desktop\Fotobuchexpress24_4.0 (1).exe 2016-12-17 00:22 - 2016-12-17 00:22 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotobuchexpress24.lnk 2016-12-17 00:22 - 2016-12-17 00:22 - 00001030 _____ C:\Users\Public\Desktop\Fotobuchexpress24.lnk 2016-12-17 00:22 - 2016-12-17 00:22 - 00000000 ____D C:\Program Files (x86)\Fotobuchexpress24 2016-12-17 00:20 - 2016-12-17 00:20 - 00000000 _____ C:\Users\USER\Desktop\Fotobuchexpress24_4.0.exe 2016-12-16 15:42 - 2016-12-21 15:43 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 42.lnk 2016-12-12 22:02 - 2016-12-12 22:02 - 00334939 _____ C:\Users\USER\Desktop\RE1_1212-20122016_fahrplan.pdf 2016-12-12 12:06 - 2016-12-12 12:06 - 00254432 _____ C:\Users\USER\Downloads\streetboccia.pdf 2016-12-11 23:33 - 2016-12-11 23:33 - 00076776 _____ C:\Users\USER\Documents\cc_20161211_233316.reg 2016-12-11 22:56 - 2016-12-11 22:56 - 02409674 _____ C:\Users\USER\Desktop\sony_xperia_m4_aqua.pdf 2016-12-11 22:06 - 2016-12-11 22:06 - 00012978 _____ C:\Users\USER\Downloads\NAS-SERVER_2016-12-10_0221.rom 2016-12-11 20:26 - 2016-12-11 20:26 - 00002234 _____ C:\Users\Public\Desktop\Xperia Companion.lnk 2016-12-11 20:26 - 2016-12-11 20:26 - 00000000 ____D C:\Users\USER\Documents\Sony 2016-12-11 20:26 - 2016-12-11 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2016-12-11 20:26 - 2016-12-11 20:26 - 00000000 ____D C:\Program Files\Sony 2016-12-11 20:26 - 2016-12-11 20:26 - 00000000 ____D C:\Program Files (x86)\Sony 2016-12-11 15:45 - 2016-12-11 15:46 - 47606656 _____ (Sony) C:\Users\USER\Downloads\XperiaCompanion.exe 2016-12-11 15:30 - 2016-12-11 15:30 - 02440207 _____ C:\Users\USER\Downloads\sony_xperia_m4_aqua.pdf 2016-12-10 20:47 - 2016-12-10 20:47 - 08576448 _____ (Piriform Ltd) C:\Users\USER\Desktop\ccsetup524.exe 2016-12-10 16:08 - 2016-12-10 16:08 - 01628760 _____ C:\Users\USER\Desktop\setup_OnlineFotoservice.exe 2016-12-10 15:34 - 2016-12-10 15:34 - 00000000 ____D C:\WINDOWS\Panther 2016-12-09 16:32 - 2016-12-09 16:33 - 51969976 _____ (Malwarebytes ) C:\Users\USER\Desktop\mb3-setup-consumer-3.0.4.1269.exe 2016-12-08 18:11 - 2016-12-08 18:11 - 00039010 _____ C:\Users\USER\Desktop\WA628_User_Manual.pdf (PDF) - TeckNet Türklingel WA638.html 2016-12-08 18:11 - 2016-12-08 18:11 - 00000000 ____D C:\Users\USER\Desktop\WA628_User_Manual.pdf (PDF) - TeckNet Türklingel WA638_files 2016-12-07 21:28 - 2016-12-07 21:28 - 03719935 _____ C:\Users\USER\Desktop\Meine_Rechte.pdf 2016-12-06 07:54 - 2016-12-10 20:45 - 00000000 ____D C:\Users\USER\Desktop\Verknüpfungen-Fotobuch 2016-12-06 00:15 - 2016-12-06 00:15 - 00000000 ____D C:\Users\USER\AppData\Local\Lidl_Fotos 2016-12-06 00:15 - 2016-12-06 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lidl-Fotos 2016-12-06 00:13 - 2016-12-06 00:13 - 00000000 ____D C:\ProgramData\Lidl_Fotos 2016-12-06 00:13 - 2016-12-06 00:13 - 00000000 ____D C:\Program Files (x86)\Lidl_Fotos 2016-11-30 11:06 - 2016-11-30 11:06 - 00000000 ____D C:\Users\USER\Desktop\WDR 5 Feature Serie - welt im kopf 2016-11-29 22:58 - 2016-11-29 22:58 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk 2016-11-29 22:58 - 2016-11-29 22:58 - 00001040 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk 2016-11-29 22:58 - 2016-11-29 22:58 - 00000000 ____D C:\Users\USER\AppData\Roaming\SaalDesignSoftware 2016-11-29 22:58 - 2016-11-29 22:58 - 00000000 ____D C:\Program Files (x86)\SaalDesignSoftware 2016-11-29 17:09 - 2016-12-10 20:29 - 00000000 ____D C:\Program Files\Pixum 2016-11-28 19:13 - 2016-11-28 19:13 - 00002025 _____ C:\Users\Public\Desktop\métier Scan2PDF Professional 18.lnk 2016-11-28 19:12 - 2016-11-28 19:12 - 09079856 _____ (métier 2000 GmbH) C:\Users\USER\Desktop\setup_pdfedit.exe 2016-11-28 19:11 - 2016-11-28 19:12 - 37150808 _____ (métier 2000 GmbH) C:\Users\USER\Desktop\setup_scan2PDF18pro.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-12-27 23:11 - 2014-08-31 22:02 - 00000000 ____D C:\FRST 2016-12-27 22:44 - 2011-04-15 16:52 - 00000000 ____D C:\Users\USER\AppData\Local\NPE 2016-12-27 22:26 - 2016-09-04 15:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-27 21:51 - 2016-09-05 13:49 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{72D328A8-4A53-40B0-B1CF-3A30C42B7B36} 2016-12-27 21:14 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-12-27 21:12 - 2016-11-24 19:54 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2016-12-27 21:12 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-12-27 21:12 - 2015-08-06 00:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-12-27 21:11 - 2010-10-12 09:13 - 00000000 ____D C:\ProgramData\Norton 2016-12-27 20:38 - 2016-09-04 15:28 - 03255650 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-27 20:38 - 2016-07-16 23:51 - 01426334 _____ C:\WINDOWS\system32\perfh007.dat 2016-12-27 20:38 - 2016-07-16 23:51 - 00359130 _____ C:\WINDOWS\system32\perfc007.dat 2016-12-27 20:34 - 2016-11-20 08:45 - 00000396 _____ C:\WINDOWS\Tasks\HPCeeScheduleForUSER.job 2016-12-27 20:34 - 2016-09-04 15:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-27 20:33 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI 2016-12-27 20:32 - 2012-08-25 21:30 - 00000000 ____D C:\Users\USER\AppData\Roaming\TV-Browser 2016-12-27 20:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-27 16:01 - 2014-08-17 07:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-12-25 11:08 - 2016-11-20 20:57 - 00000000 ____D C:\Users\USER\Desktop\BIRTE 2016-12-25 10:50 - 2010-12-09 14:24 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps 2016-12-25 08:36 - 2016-11-20 08:45 - 00003320 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForUSER 2016-12-21 21:50 - 2016-07-17 17:00 - 00000000 ____D C:\Users\USER\MEDION NAS TOOL 2016-12-21 21:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-21 15:43 - 2016-09-08 12:36 - 00003992 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1425561347 2016-12-21 15:43 - 2010-11-28 20:42 - 00000000 ____D C:\Program Files (x86)\Opera 2016-12-20 21:26 - 2012-12-03 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-20 13:25 - 2016-09-04 15:29 - 00000000 ____D C:\Users\USER 2016-12-20 13:25 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2016-12-20 13:24 - 2013-11-20 08:26 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-12-20 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-12-20 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-12-19 22:26 - 2015-06-28 10:31 - 00000000 ____D C:\AdwCleaner 2016-12-19 22:09 - 2016-03-28 18:25 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-18 20:40 - 2014-10-22 11:33 - 00000000 ____D C:\1a-Pitt 2016-12-16 20:49 - 2010-11-29 22:24 - 00000000 ____D C:\Users\USER\ho-hrf 2016-12-15 09:10 - 2015-07-19 21:04 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-11 20:27 - 2014-07-05 09:15 - 00000000 ____D C:\Users\USER\AppData\Roaming\Apple Computer 2016-12-11 20:26 - 2016-09-04 15:23 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-10 16:17 - 2016-01-12 22:54 - 00000000 ____D C:\Program Files\OnlineFotoservice 2016-12-10 15:56 - 2011-01-02 12:36 - 00000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics 2016-12-09 15:14 - 2011-04-25 10:59 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForUSER-HP$.job 2016-12-08 15:58 - 2011-04-16 17:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype 2016-12-07 12:37 - 2016-09-06 17:37 - 00003292 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForUSER-HP$ 2016-11-28 19:26 - 2016-06-30 21:16 - 00000376 _____ C:\Users\USER\metierPDFScan18Pro.INI 2016-11-28 19:13 - 2016-06-30 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanToPDF 18 2016-11-28 19:13 - 2016-06-30 21:16 - 00000000 ____D C:\Program Files (x86)\ScanToPDF 18 2016-11-28 19:11 - 2015-10-22 16:27 - 00000776 _____ C:\Users\USER\metierPDFScan17Pro.INI ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2011-02-27 21:26 - 2011-06-27 17:59 - 0001854 _____ () C:\Users\USER\AppData\Roaming\GhostObjGAFix.xml 2011-01-09 19:51 - 2011-01-09 20:10 - 0003584 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-01 17:20 - 2013-05-01 17:30 - 0000600 _____ () C:\Users\USER\AppData\Local\PUTTY.RND 2014-08-08 21:43 - 2014-08-08 21:43 - 0000218 _____ () C:\Users\USER\AppData\Local\recently-used.xbel 2011-10-21 13:15 - 2014-10-18 11:48 - 0007595 _____ () C:\Users\USER\AppData\Local\resmon.resmoncfg 2010-10-12 09:10 - 2010-10-12 09:10 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-07-20 15:11 - 2010-07-20 15:11 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-10-12 09:10 - 2010-10-12 09:10 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-07-20 15:06 - 2010-07-20 15:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-10-12 09:09 - 2010-10-12 09:09 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-10-12 09:10 - 2010-10-12 09:10 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-07-20 15:06 - 2010-07-20 15:06 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-07-20 15:07 - 2010-07-20 15:10 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-10-12 09:10 - 2010-10-12 09:10 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\USER\AdwCleaner_5.037.exe C:\Users\USER\GMX_Firefox_Setup.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-12-25 08:43 ==================== Ende von FRST.txt ============================ |
| Themen zu WIN10 64bit - unbekannte Aktivität, schwarzer Bildschirm+herunterfahren |
| administrator, bildschirm, ccsetup, defender, explorer, failed, flash player, google analytics, herunterfahren, home, homepage, infiziert, launch, mozilla, opera, pdf, prozesse, realtek, registry, scan, schwarzer bildschirm, security, services.exe, software, symantec, system, windows, winlogon.exe |
Baum-Darstellung