| |
| |||||||
Log-Analyse und Auswertung: Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.05.2017, 17:20
| #1 |
 | ![Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] - Standard](images/icons/icon1.gif){kind=icon} Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Hallo zusammen, ich habe in letzter Zeit mit Malwarebytes immer wieder Funde gehabt. Adware.ChinAd. Habe Sie dann in die Quarantäne verschoben, aber nach ein paar Tagen: das gleiche Spiel von vorn. Avira Antivirus hatte in den letzten Tagen auch Funde mit dem Echtzeitscanner. Hießen aber anders, ('TR/Crypt.XPACK.Gen2 [trojan]') Mein FirefoxBrowser spielt manchmal verrückt:" (Keine Rückmeldung)" wird dann ein paar Sekunden angezeigt und ich kann nichts machen. Im Anschluss läuft alles wieder normal. Außerdem soll ich mein Windows-Konto Passwort erneut eingeben/selbst nach dem Booten und erfolgreicher Anmeldung auf dem Rechner. Habe dies bereits getan, nur leider ändert das nichts an der PC Problem - Meldung unten rechts. Warum das? Ansonsten habe ich keine Einschränkungen, denke auch mein Laptop ist langsam alt. Ich hatte ihn seit 2014 (Erwerb) und seitdem nicht formatiert und schon so einige Virenmeldungen. Damals noch mit Norton. Ich hoffe es sieht nicht allzu schlimm aus!? ;-) beste Grüße Mario hier die Logfiles FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
durchgeführt von h (Administrator) auf NICE (18-05-2017 19:29:37)
Gestartet von C:\Users\h\Downloads
Geladene Profile: h (Verfügbare Profile: h)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
() C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Akamai Technologies, Inc.) C:\Users\h\AppData\Local\Akamai\netsession_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\h\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\h\AppData\Local\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [9571552 2016-07-18] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2567568 2015-08-18] ()
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [912768 2017-05-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2796264 2017-04-10] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\h\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Akamai NetSession Interface] => C:\Users\h\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Spotify Web Helper] => C:\Users\h\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Spotify] => C:\Users\h\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {cc58ae22-e978-11e3-bed3-20689d4f0ac8} - "F:\LGAutoRun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
Startup: C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-22]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{39EF41FA-3C33-47DF-BEAA-29E4E409FEC8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C9F07D4E-D772-4C2B-BB49-7A21E60ADAE6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F319265E-6219-49D9-BDB2-7326C8156DA6}: [NameServer] 192.168.179.1
Tcpip\..\Interfaces\{F319265E-6219-49D9-BDB2-7326C8156DA6}: [DhcpNameServer] 192.168.179.1
Internet Explorer:
==================
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> DefaultScope {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {4B820E7B-4800-4494-9F54-289747922168} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {78E6EE3E-5CEF-4C57-BF21-F12166C15BB0} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {8411043D-2B58-4FEE-A0F1-D74FBFA013B4} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {C88C548B-49E4-4638-8532-8369AE669CDF} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => Keine Datei
BHO-x32: af0.Adblock.BHO -> {90EFF544-3981-4d46-85C9-C0361D0931D6} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.8.0.180\AVG Secure Search_toolbar.dll [2015-08-18] (AVG Secure Search)
BHO-x32: YouProxy.YouProxy.YouProxy -> {bb4c50c9-d7f0-48ef-a67c-daf6a86830e4} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.8.0.180\AVG Secure Search_toolbar.dll [2015-08-18] (AVG Secure Search)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.8.0.180\AVG Secure Search_toolbar.dll [2015-08-18] (AVG Secure Search)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.8.0\ViProtocol.dll [2015-08-18] (AVG Secure Search)
FireFox:
========
FF ProfilePath: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441 [2017-05-18]
FF Homepage: Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441 -> hxxps://annaundarthur.wordpress.com/termine/
FF Extension: (Porn Blocker) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\@porn-blocker.xpi [2016-10-21]
FF Extension: (Anti-Porn Pro - The Best Anti-Porn Addon!) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\azhang@cloudacl.com.xpi [2016-10-21]
FF Extension: (Facebook™ Disconnect) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2016-12-02]
FF Extension: (NoScript) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-16]
FF Extension: (Video DownloadHelper) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-11]
FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2016-10-15]
FF Extension: (Adblock Plus) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: (Kein Name) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-08-20] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-15] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\h\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\h\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx <nicht gefunden>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1119712 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [488920 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [488920 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1520680 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [87088 2017-03-22] (CyberGhost S.R.L)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-24] (Samsung Electronics CO., LTD.)
S3 GMX_MailCheck_Update; C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Update.exe [581352 2017-04-10] (Pixality Computersysteme GmbH)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [732056 2016-07-18] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-03-16] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2017-05-16] ()
R2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1861520 2015-08-18] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 cgnetfilter1521; C:\WINDOWS\System32\drivers\cgnetfilter1521.sys [84768 2017-03-22] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150817.001\IDSvia64.sys [692984 2015-07-10] (Symantec Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-05-18] (Malwarebytes)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-08] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-08] (NVIDIA Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [32168 2015-07-16] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-12] (Windows (R) 2003 DDK 3790 provider)
S1 SRTSP; C:\WINDOWS\System32\Drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NISx64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
S1 SymNetS; C:\WINDOWS\System32\Drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-18 19:29 - 2017-05-18 19:31 - 00032333 _____ C:\Users\h\Downloads\FRST.txt
2017-05-18 19:27 - 2017-05-18 19:29 - 00000000 ____D C:\FRST
2017-05-18 19:19 - 2017-05-18 19:19 - 02429952 _____ (Farbar) C:\Users\h\Downloads\FRST64.exe
2017-05-14 00:13 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-14 00:13 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-13 21:42 - 2017-05-13 21:42 - 01496584 _____ C:\Users\h\Downloads\RansomFree Schutz vor WannaCry - CHIP-Installer.exe
2017-05-10 10:01 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 10:01 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-05-10 10:01 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 10:01 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 10:01 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-10 10:01 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 10:01 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-05-10 10:01 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 10:01 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 10:01 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 10:01 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-05-10 10:01 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 10:01 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 10:01 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 10:01 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 10:01 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 10:01 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 10:01 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 10:01 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 10:01 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 10:01 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 10:01 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 10:01 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 10:01 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 10:01 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-05-10 10:01 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 10:01 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 10:01 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 10:01 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 10:01 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 10:01 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-05-10 10:01 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-05-10 10:01 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 10:01 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 10:01 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 10:01 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 10:01 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-05-10 10:01 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-05-10 10:01 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-05-10 10:01 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-05-10 10:01 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-10 10:01 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-10 10:01 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-05-10 10:01 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-05-10 10:01 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-05-10 10:00 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 10:00 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-05-10 10:00 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 10:00 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 10:00 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 10:00 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 10:00 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-05-10 10:00 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-05-10 10:00 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-05-10 10:00 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 10:00 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 10:00 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 10:00 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 10:00 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 10:00 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 10:00 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 10:00 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-05-10 10:00 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 10:00 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 10:00 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 10:00 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 10:00 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 10:00 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-10 10:00 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-05-10 10:00 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-05-10 10:00 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-05-10 10:00 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-05-10 10:00 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-05-10 10:00 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-05-10 10:00 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-05-10 10:00 - 2017-03-08 04:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-05-09 22:40 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-05-09 22:40 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-05-09 22:39 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-05-09 22:39 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-05-06 21:44 - 2017-05-06 21:48 - 00000000 ____D C:\Users\TEMP.NICE.000\AppData\Local\Packages
2017-05-06 21:44 - 2017-05-06 21:48 - 00000000 ____D C:\Users\TEMP.NICE.000
2017-05-05 21:35 - 2017-05-18 16:59 - 00000000 ____D C:\Users\h\AppData\Roaming\Skype
2017-05-05 21:35 - 2017-05-05 21:35 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ____D C:\Users\h\Tracing
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-05 21:34 - 2017-05-05 21:35 - 00000000 ____D C:\ProgramData\Skype
2017-05-05 21:30 - 2017-05-05 21:31 - 01631704 _____ (Skype Technologies S.A.) C:\Users\h\Downloads\SkypeSetup.exe
2017-05-05 11:46 - 2017-05-05 11:46 - 00001152 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-05-02 23:28 - 2017-05-02 23:28 - 00000000 ____D C:\Users\h\AppData\Local\My Games
2017-05-02 14:37 - 2017-05-02 14:37 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2017-04-30 21:55 - 2017-04-30 21:55 - 00000000 ____D C:\Users\h\Documents\Electronic Arts
2017-04-30 21:19 - 2017-04-30 21:19 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2017-04-30 21:19 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2017-04-30 21:18 - 2017-04-30 21:18 - 00002110 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2017-04-30 19:30 - 2017-04-30 19:30 - 00000000 ____D C:\Users\h\AppData\Roaming\FUEL
2017-04-30 19:22 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-04-30 19:06 - 2017-04-30 19:06 - 00000000 ____D C:\Users\h\AppData\Roaming\InstallShield Installation Information
2017-04-30 19:05 - 2017-04-30 19:05 - 00000000 ____D C:\Program Files (x86)\Codemasters
2017-04-28 19:51 - 2017-04-28 19:51 - 00000000 ____D C:\Users\h\Documents\Eidos
2017-04-27 21:17 - 2017-04-27 21:52 - 521070080 _____ C:\Users\h\Downloads\farcry_spdemo.exe
2017-04-27 21:08 - 2017-04-27 21:24 - 189377784 _____ (Ubisoft ) C:\Users\h\Downloads\far_cry_v1.4_cumulative.exe
2017-04-27 19:06 - 2017-04-27 19:06 - 01496584 _____ C:\Users\h\Downloads\Far Cry 2 Patch - CHIP-Installer.exe
2017-04-25 00:10 - 2017-04-25 00:27 - 265653440 _____ C:\Users\h\Downloads\GTA2INSTALLER.ZIP
2017-04-25 00:05 - 2017-04-25 00:05 - 01496584 _____ C:\Users\h\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer(2).exe
2017-04-24 21:58 - 2017-05-05 12:16 - 00000000 ____D C:\Users\h\AppData\Local\Spotify
2017-04-24 21:58 - 2017-04-24 21:58 - 00001827 _____ C:\Users\h\Desktop\Spotify.lnk
2017-04-24 21:58 - 2017-04-24 21:58 - 00001813 _____ C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-04-24 21:54 - 2017-05-05 12:07 - 00000000 ____D C:\Users\h\AppData\Roaming\Spotify
2017-04-24 21:54 - 2017-04-24 21:54 - 00278224 _____ (Spotify Ltd) C:\Users\h\Downloads\SpotifySetup.exe
2017-04-24 16:46 - 2017-04-24 16:46 - 00002068 _____ C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
2017-04-21 08:17 - 2017-04-21 08:17 - 00000000 ____D C:\Program Files\GMX MailCheck
2017-04-21 08:16 - 2017-04-21 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2017-04-21 08:16 - 2017-04-21 08:16 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2017-04-19 23:00 - 2017-04-19 23:00 - 00000000 ____D C:\ProgramData\UUdb
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-18 19:02 - 2013-04-20 20:26 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774421412-1007907057-219690849-1002
2017-05-18 19:00 - 2012-08-23 06:25 - 00000000 ____D C:\ProgramData\WinClon
2017-05-18 18:59 - 2015-06-02 18:07 - 00003898 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6BC42FF6-E8FF-496F-834E-72144BBBDEE5}
2017-05-18 18:58 - 2016-12-16 20:09 - 00000000 ____D C:\Users\h\AppData\LocalLow\Mozilla
2017-05-18 18:58 - 2016-11-20 14:04 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-18 18:57 - 2013-04-21 19:29 - 00000000 ____D C:\Users\h\AppData\Local\CrashDumps
2017-05-18 18:56 - 2015-02-10 13:45 - 00000000 ___RD C:\Users\h\OneDrive
2017-05-18 18:56 - 2014-08-29 09:18 - 00000394 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2017-05-18 18:56 - 2014-08-29 09:18 - 00000394 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2017-05-18 18:56 - 2012-08-23 06:32 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2017-05-18 18:53 - 2016-12-22 21:43 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-18 18:53 - 2016-01-08 14:28 - 00002352 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2017-05-18 18:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-18 18:52 - 2013-04-21 21:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-18 18:49 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-05-17 11:40 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-17 09:51 - 2016-12-10 22:30 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-17 09:51 - 2012-08-23 05:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-16 22:18 - 2016-09-28 20:38 - 00000000 ____D C:\Users\h\Documents\My Games
2017-05-16 21:37 - 2017-02-28 21:07 - 02250024 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2017-05-16 21:37 - 2017-02-28 21:07 - 00107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-16 21:37 - 2017-02-28 21:07 - 00107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-05-16 10:24 - 2016-01-09 20:56 - 00000000 ____D C:\Users\h\AppData\Roaming\vlc
2017-05-15 21:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-15 21:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-15 21:22 - 2013-08-03 23:24 - 00004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-15 21:18 - 2014-10-15 11:39 - 00000000 ____D C:\ProgramData\Oracle
2017-05-15 21:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-14 22:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2017-05-14 18:09 - 2016-08-29 10:06 - 00000000 ____D C:\Program Files\Java
2017-05-14 18:09 - 2014-10-15 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-14 18:08 - 2016-08-29 10:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-05-14 00:10 - 2013-08-22 16:44 - 00447488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-13 23:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-13 12:39 - 2015-05-19 23:12 - 00000000 ____D C:\Users\h\Desktop\Kunst
2017-05-10 12:58 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-10 10:15 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 05:22 - 2013-08-14 12:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-09 22:42 - 2013-04-22 09:57 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-06 21:44 - 2015-08-21 15:35 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-06 17:23 - 2016-12-15 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-06 17:23 - 2013-08-03 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-05 21:35 - 2015-02-10 12:43 - 00000000 ____D C:\Users\h
2017-05-05 11:46 - 2015-08-21 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-30 20:45 - 2017-02-25 20:33 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2017-04-27 22:14 - 2016-12-13 22:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-26 00:10 - 2013-04-20 20:15 - 00000000 ____D C:\Users\h\AppData\Local\Packages
2017-04-25 21:06 - 2016-12-10 22:30 - 00000000 ____D C:\Users\h\AppData\Local\Ubisoft Game Launcher
2017-04-24 16:47 - 2017-04-07 20:44 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-04-24 16:46 - 2017-04-07 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-04-24 16:46 - 2017-03-13 10:31 - 00000000 ____D C:\Users\h\AppData\Local\JDownloader 2.0
2017-04-19 23:00 - 2014-11-29 11:48 - 00003856 _____ C:\WINDOWS\System32\Tasks\Registration 1und1 Task
2017-04-19 23:00 - 2013-07-31 17:14 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2017-04-19 10:44 - 2016-11-29 18:41 - 00000000 ____D C:\Program Files (x86)\Deep Silver
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-04-11 20:42 - 2015-04-11 20:42 - 0196076 _____ () C:\Users\h\AppData\Local\38C2540F_stp.CIS
2015-04-11 20:42 - 2015-04-11 20:42 - 0000290 _____ () C:\Users\h\AppData\Local\38C2540F_stp.CIS.part
2015-04-11 20:40 - 2015-04-11 20:40 - 0385602 _____ () C:\Users\h\AppData\Local\5D515C96_stp.CIS
2015-04-11 20:40 - 2015-04-11 20:40 - 0000220 _____ () C:\Users\h\AppData\Local\5D515C96_stp.CIS.part
2015-04-11 20:42 - 2015-04-11 20:42 - 1509462 _____ () C:\Users\h\AppData\Local\69DD7379_stp.CIS
2015-04-11 20:42 - 2015-04-11 20:42 - 0000295 _____ () C:\Users\h\AppData\Local\69DD7379_stp.CIS.part
2015-09-14 22:46 - 2015-09-14 22:46 - 0005120 _____ () C:\Users\h\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-10 19:23 - 2017-03-10 19:23 - 0000089 _____ () C:\Users\h\AppData\Local\fusioncache.dat
2016-07-12 10:28 - 2016-07-12 10:28 - 0000844 _____ () C:\Users\h\AppData\Local\recently-used.xbel
2015-01-16 23:33 - 2015-01-16 23:33 - 0000017 _____ () C:\Users\h\AppData\Local\resmon.resmoncfg
2012-08-23 06:42 - 2012-08-08 06:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-08-23 06:42 - 2012-08-07 12:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
Einige Dateien in TEMP:
====================
2015-08-21 15:34 - 2016-10-05 22:24 - 0000000 ____D () C:\Users\h\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-18 17:54
==================== Ende von FRST.txt ============================
|
| Themen zu Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] |
| ad-aware, adware.chinad, akamai, antivirus, avira, booten, desktop, flash player, installation, keine rückmeldung, langsam, malwarebytes anti-malware, mozilla, problem, prozesse, realtek, registry, scan, secure search, security, sekunden, software, svchost.exe, symantec, system, tr/crypt.xpack.gen, trojan, wlan |
![Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan]](iconimages/log-analyse-auswertung/win-8-1-malewarebytes-findet-adware-chinad-immer-letzte-funde-avira-tr-crypt-xpack-gen2-trojan_ltr.gif)
Baum-Darstellung