GiftDackel | 13.03.2017 16:45 | Hallo,
gut ich habe alle Schritte nach der Reihenfolge erledigt.
Eine Sache dir mir aufgefallen bevor der Link mit der Werbung auftaucht wie z.B:https://www.bet-at-home.com/de/landingpage/sportfirst/4?drf=http%3a%2f%2fb2.ijquery11.com%2fcs%3fwsa%3d58b775e778cf6476828786 steht immer ein anderer Link da nämlich vnovostyah.net/hewolsm. Ich wollte es nur mal erwähnen vielleicht hilft das ja weiter. :)
Gut nun zu den ganzen Berichten:
AdwCleaner[S3].txt: Code:
# AdwCleaner v6.044 - Bericht erstellt am 13/03/2017 um 15:45:23
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-12.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : Agando - AGANDO-PC
# Gestartet von : C:\Users\Carlo\Desktop\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
\AdwCleaner\AdwCleaner[C0].txt - [14547 Bytes] - [09/03/2017 19:28:05]
\AdwCleaner\AdwCleaner[S0].txt - [13931 Bytes] - [09/03/2017 19:26:40]
\AdwCleaner\AdwCleaner[S1].txt - [1501 Bytes] - [09/03/2017 19:39:19]
\AdwCleaner\AdwCleaner[S2].txt - [1572 Bytes] - [09/03/2017 20:14:37]
\AdwCleaner\AdwCleaner[S3].txt - [1496 Bytes] - [13/03/2017 15:45:23]
########## EOF - \AdwCleaner\AdwCleaner[S3].txt - [1567 Bytes] ########## ---
AdwCleaner[C2].txt: Code:
# AdwCleaner v6.044 - Bericht erstellt am 13/03/2017 um 15:45:51
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-12.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : Agando - AGANDO-PC
# Gestartet von : C:\Users\Carlo\Desktop\adwcleaner_6.044.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
\AdwCleaner\AdwCleaner[C0].txt - [14547 Bytes] - [09/03/2017 19:28:05]
\AdwCleaner\AdwCleaner[C2].txt - [1021 Bytes] - [13/03/2017 15:45:51]
\AdwCleaner\AdwCleaner[S0].txt - [13931 Bytes] - [09/03/2017 19:26:40]
\AdwCleaner\AdwCleaner[S1].txt - [1501 Bytes] - [09/03/2017 19:39:19]
\AdwCleaner\AdwCleaner[S2].txt - [1572 Bytes] - [09/03/2017 20:14:37]
\AdwCleaner\AdwCleaner[S3].txt - [1644 Bytes] - [13/03/2017 15:45:23]
########## EOF - \AdwCleaner\AdwCleaner[C2].txt - [1377 Bytes] ########## ---
JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Professional x64
Ran by Agando (Administrator) on 13.03.2017 at 15:55:10,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 26
Successfully deleted: C:\Users\Agando\AppData\Roaming\dll-files.com (Folder)
Successfully deleted: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\c3jvfivr.default\user.js (File)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FAI9XPY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DXI7GOX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVUT0IP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4ODXNYM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPPURNRI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHWF1NJZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW26F2YA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5L6A116 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FAI9XPY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DXI7GOX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVUT0IP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4ODXNYM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPPURNRI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHWF1NJZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW26F2YA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5L6A116 (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2017 at 15:57:41,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---
mbam.txt: Code:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 13.03.17
Scan-Zeit: 16:02
Protokolldatei: mbam.txt
Administrator: Nein
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.75
Version des Aktualisierungspakets: 1.0.1491
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Agando-PC\Carlo
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 431345
Abgelaufene Zeit: 13 Min., 38 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 4
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35358444-982F-4C61-A2C1-846F9F884B36}, In Quarantäne, [822], [367412],1.0.1491
Adware.RussAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{895C99B2-119C-4B9F-B91C-45E520DAF586}, In Quarantäne, [2668], [379425],1.0.1491
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\2690q24j25z6833, In Quarantäne, [822], [367417],1.0.1491
Adware.RussAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\vnovostyahnethewolsm, In Quarantäne, [2668], [379424],1.0.1491
Registrierungswert: 3
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35358444-982F-4C61-A2C1-846F9F884B36}|PATH, In Quarantäne, [822], [367412],1.0.1491
Adware.RussAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{895C99B2-119C-4B9F-B91C-45E520DAF586}|PATH, In Quarantäne, [2668], [379425],1.0.1491
Trojan.Agent.JV, HKU\S-1-5-21-1831196838-195402626-1882810342-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FILE, In Quarantäne, [326], [233488],1.0.1491
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 5
PUP.Optional.BrowserSecurity, C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\c3jvfivr.default\jetpack\firefox@browser-security.de\simple-storage, In Quarantäne, [1470], [347817],1.0.1491
PUP.Optional.BrowserSecurity, C:\USERS\AGANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C3JVFIVR.DEFAULT\JETPACK\FIREFOX@BROWSER-SECURITY.DE, In Quarantäne, [1470], [347817],1.0.1491
Adware.ChinAd, C:\USERS\CARLO\APPDATA\LOCAL\TEMP\DMR, In Quarantäne, [1416], [375557],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\USERS\AGANDO\APPDATA\LOCAL\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}, In Quarantäne, [117], [302717],1.0.1491
Datei: 57
HackTool.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.5.1\UNINS000.EXE, In Quarantäne, [476], [332854],1.0.1491
RiskWare.GameHack, C:\PROGRAM FILES (X86)\GRAND THEFT AUTO V\STEAM_API64.DLL, In Quarantäne, [556], [305544],1.0.1491
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\2164248.CFG, In Quarantäne, [1411], [345404],1.0.1491
PUP.Optional.BundleInstaller, C:\USERS\AGANDO\APPDATA\LOCAL\TEMP\BINSIS142.XML, In Quarantäne, [39], [260807],1.0.1491
PUP.Optional.BundleInstaller, C:\USERS\AGANDO\APPDATA\LOCAL\TEMP\BINSISCHECK654.XML, In Quarantäne, [39], [260808],1.0.1491
Adware.ChinAd, C:\USERS\CARLO\APPDATA\LOCAL\TEMP\DMR\EXFKENZBAGXOLRAB.DAT, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\cvswwkgpfpmhnuia.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\dmr_72.exe, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\dmr_78.exe, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\duomkbvztdxvjaty.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\fwipbwtkbalobwdm.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\gpgnopgxdkyksjpg.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\hniylpfsvqtilbuu.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\hwlurhgecayaonqo.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\inxqxczgkhcounyl.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\jnmozjcghhtrpzvt.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\lkwybodlvbzsqlqp.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\mqadpebetbpaofpu.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\ogvtfmiochbjwtuf.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\pargaduqkanwgzru.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\sbrcjgpkfcaxopme.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\ueajdfzczpumzewn.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\uxjeqgpeyhuiscei.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\vbibfemxnzaypktj.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\wjoksowarhlwylrn.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\xkrbapembcmbxajv.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\xzmpssfsgkvetcmp.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.ChinAd, C:\Users\Carlo\AppData\Local\Temp\DMR\zklxzsfmidjxddhf.dat, In Quarantäne, [1416], [375557],1.0.1491
Adware.Elex, C:\WINDOWS\TEMP\G870D.TMP.EXE, In Quarantäne, [305], [377813],1.0.1491
PUP.Optional.WinYahoo, C:\USERS\AGANDO\APPDATA\LOCAL\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HOWTOREMOVE\HOWTOREMOVE.HTML, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\chromium-min.jpg, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\control panel-min-min.JPG, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\down.png, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\ff menu.JPG, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\ff search engine-min.png, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\hp-min ff.png, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\hp-min ie.png, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\search engine.gif, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\setup pages.gif, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\sp-min.png, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\start-min.jpg, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\HowToRemove\up.png, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\bapi16.dat, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\bapi17.dat, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\cesa, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\install.log, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\mine, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\nole, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\note.cfg, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\rota.dat, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\Sqlite3.dll, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\uninst.dat, In Quarantäne, [117], [302717],1.0.1491
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Local\{E18FD7D3-C527-BB6B-A8BF-9E838CD7621B}\uninst.exe, In Quarantäne, [117], [302717],1.0.1491
Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\2690q24j25z6833, In Quarantäne, [822], [367421],1.0.1491
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\2164248.JS, In Quarantäne, [1411], [345398],1.0.1491
Trojan.Agent.JV, C:\PROGRAM FILES\JAVA\JRE1.8.0_111\BIN\JAVAW.EXE, In Quarantäne, [326], [233488],1.0.1491
Adware.RussAd, C:\WINDOWS\SYSTEM32\TASKS\VNOVOSTYAHNETHEWOLSM, In Quarantäne, [2668], [379426],1.0.1491
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end) ---
FRST.txt: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
durchgeführt von Agando (Administrator) auf AGANDO-PC (13-03-2017 16:24:20)
Gestartet von C:\Users\Carlo\Desktop
Geladene Profile: Agando & Carlo (Verfügbare Profile: Agando & Carlo) <==== ACHTUNG (Temporäres Profil?)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamSpeak Systems GmbH) C:\Users\Carlo\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Hammer & Chisel, Inc.) C:\Users\Carlo\AppData\Local\Discord\app-0.0.297\Discord.exe
() C:\Users\Carlo\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Hammer & Chisel, Inc.) C:\Users\Carlo\AppData\Local\Discord\app-0.0.297\Discord.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(Hammer & Chisel, Inc.) C:\Users\Carlo\AppData\Local\Discord\app-0.0.297\Discord.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Agando\AppData\Local\Temp\DeleteOnReboot.bat [1178 2017-03-09] () <===== ACHTUNG
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Run: [NoIPDUCv4] => "C:\Program Files (x86)\No-IP\DUC40.exe" /minimize --restore-last-session
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Run: [IPupdater] => C:\Program Files (x86)\DNSExit IP Updater\ipupdater.exe hide
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C2].txt
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [4013120 2017-03-10] (GOG.com)
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\...\Run: [Discord] => C:\Users\Carlo\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Carlo\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [1912840 2017-03-02] ()
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\...\Run: [mailruhomesearch] => "C:\Users\Carlo\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\...\MountPoints2: {0a23250c-710c-11e6-bdbc-d8cb8a34ef78} - J:\setup.exe
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlo\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlo\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlo\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlo\AppData\Local\MEGAsync\ShellExtX32.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlo\AppData\Local\MEGAsync\ShellExtX32.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlo\AppData\Local\MEGAsync\ShellExtX32.dll -> Keine Datei
Startup: C:\Users\Carlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ts3server - Verknüpfung.lnk [2016-12-15]
ShortcutTarget: ts3server - Verknüpfung.lnk -> C:\Users\TEMP\Desktop\TS3 Server\teamspeak3-server_win64\ts3server.exe (Keine Datei)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{32C79D98-52A4-404C-A053-A248870952D1}: [NameServer] 80.80.80.80,80.80.81.81
Tcpip\..\Interfaces\{32C79D98-52A4-404C-A053-A248870952D1}: [DhcpNameServer] 80.69.96.12 81.210.129.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1831196838-195402626-1882810342-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1831196838-195402626-1882810342-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1831196838-195402626-1882810342-1001 -> {40ECE307-2A8F-486E-AC82-19A6A3D89241} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-24] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-04] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1831196838-195402626-1882810342-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017162015841: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-1831196838-195402626-1882810342-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Carlo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-23] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284736 2017-03-10] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-17] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-01-24] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-01-24] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-02-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 DNSExitService; C:\Program Files (x86)\DNSExit IP Updater\DNSExitService.exe [X]
S2 FileZilla Server; "C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-18] (Avira Operations GmbH & Co. KG)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-03] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-03] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-13] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-13 16:24 - 2017-03-13 16:25 - 00020643 _____ C:\Users\Carlo\Desktop\FRST.txt
2017-03-13 16:23 - 2017-03-13 16:23 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Vorlagen
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Lokale Einstellungen
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Eigene Dateien
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Videos
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Anwendungsdaten
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 _SHDL C:\Users\TEMP\Anwendungsdaten
2017-03-13 16:23 - 2017-03-13 16:23 - 00000000 ____D C:\Users\TEMP
2017-03-13 16:23 - 2016-09-15 21:34 - 00000000 ____D C:\Users\TEMP\AppData\Local\LogMeIn Hamachi
2017-03-13 16:23 - 2011-04-12 08:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2017-03-13 16:22 - 2017-03-13 16:22 - 00010583 _____ C:\Users\Carlo\Desktop\mbam.txt
2017-03-13 16:02 - 2017-03-13 16:20 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-13 16:02 - 2017-03-13 16:20 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-13 16:02 - 2017-03-13 16:20 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-13 16:02 - 2017-03-13 16:20 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-13 16:02 - 2017-03-13 16:20 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-13 16:02 - 2017-03-13 16:02 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-13 16:02 - 2017-03-13 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-13 16:02 - 2017-03-13 16:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-13 16:02 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-13 16:01 - 2017-03-13 16:01 - 00000022 _____ C:\Users\Carlo\Desktop\Herausgefunden.txt
2017-03-13 16:00 - 2017-03-13 16:00 - 57131432 _____ (Malwarebytes ) C:\Users\Carlo\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-13 15:58 - 2017-03-13 15:58 - 00004696 _____ C:\Users\Carlo\Desktop\JRT.txt
2017-03-13 15:57 - 2017-03-13 15:57 - 00004696 _____ C:\Users\Agando\Desktop\JRT.txt
2017-03-13 15:54 - 2017-03-13 15:54 - 01663736 _____ (Malwarebytes) C:\Users\Carlo\Desktop\JRT.exe
2017-03-13 15:45 - 2017-03-13 15:45 - 00001644 _____ C:\Users\Carlo\Desktop\AdwCleaner[S3].txt
2017-03-13 15:45 - 2017-03-13 15:45 - 00001454 _____ C:\Users\Carlo\Desktop\AdwCleaner[C2].txt
2017-03-13 15:33 - 2017-03-13 15:33 - 07097928 _____ (VS Revo Group ) C:\Users\Carlo\Downloads\revo202setup.exe
2017-03-13 15:33 - 2017-03-13 15:33 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-03-13 15:29 - 2017-03-13 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-13 15:29 - 2017-03-13 15:29 - 00000000 ____D C:\Program Files\VS Revo Group
2017-03-12 17:14 - 2017-03-12 17:14 - 02424832 _____ (Farbar) C:\Users\Carlo\Desktop\FRST64.exe
2017-03-09 20:33 - 2017-03-09 20:33 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-09 20:18 - 2017-03-09 20:18 - 01765888 _____ (Farbar) C:\Users\Carlo\Downloads\FRST.exe
2017-03-09 19:17 - 2017-03-13 15:53 - 00000000 ____D C:\AdwCleaner
2017-03-09 19:16 - 2017-03-09 19:16 - 04031440 _____ C:\Users\Carlo\Desktop\adwcleaner_6.044.exe
2017-03-03 17:37 - 2017-03-03 17:40 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-03-03 17:37 - 2017-03-03 17:37 - 02967592 _____ C:\Users\Carlo\Downloads\SecurityTaskManager_Setup.exe
2017-03-03 17:37 - 2017-03-03 17:37 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-03-03 17:37 - 2017-03-03 17:37 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-03-03 17:37 - 2017-03-03 17:37 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2017-03-03 16:18 - 2017-03-13 16:24 - 00000000 ____D C:\FRST
2017-03-03 16:18 - 2017-03-03 16:18 - 02423808 _____ (Farbar) C:\Users\Carlo\Downloads\FRST64.exe
2017-03-02 22:11 - 2017-03-02 22:11 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-03-02 21:57 - 2017-03-02 21:58 - 00000000 ____D C:\Users\Agando\AppData\LocalLow\Mozilla
2017-03-02 21:32 - 2017-03-09 19:35 - 00000000 ____D C:\Users\Carlo\AppData\LocalLow\uTorrent
2017-03-02 20:18 - 2017-03-03 15:12 - 00000000 ____D C:\Users\Agando\AppData\LocalLow\Mastfire Studios
2017-03-02 18:50 - 2017-03-02 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-03-02 18:10 - 2017-03-02 18:10 - 00000000 ____D C:\Users\Carlo\AppData\Local\Gaijin
2017-02-28 15:36 - 2017-02-28 15:36 - 00002161 _____ C:\Users\Carlo\Desktop\Discord.lnk
2017-02-28 15:36 - 2017-02-28 15:36 - 00000000 ____D C:\Users\Carlo\AppData\Local\Discord
2017-02-26 22:47 - 2017-02-26 22:47 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller
2017-02-26 00:37 - 2017-03-03 15:12 - 00000000 ____D C:\Users\Carlo\AppData\LocalLow\Mastfire Studios
2017-02-24 19:59 - 2017-02-25 18:23 - 00000118 _____ C:\Users\Carlo\Desktop\Neues Textdokument.txt
2017-02-23 15:49 - 2017-02-23 15:49 - 00000000 ____D C:\Users\Carlo\AppData\Local\paint.net
2017-02-23 15:48 - 2017-02-23 15:48 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-02-23 15:47 - 2017-02-23 15:48 - 00000000 ____D C:\Program Files\paint.net
2017-02-23 15:47 - 2017-02-23 15:47 - 00000000 ____D C:\Users\Agando\AppData\Local\paint.net
2017-02-23 15:11 - 2017-02-23 15:11 - 00000860 _____ C:\Users\Carlo\AppData\Local\recently-used.xbel
2017-02-20 16:27 - 2017-02-20 16:27 - 02162180 _____ (Neil Jedrzejewski & Ryan Gregg ) C:\Users\Carlo\Downloads\vtfedit133.exe
2017-02-18 21:23 - 2017-02-18 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-18 20:10 - 2017-02-18 20:10 - 00000000 ___SD C:\Users\Carlo\AppData\LocalLow\Temp
2017-02-18 20:04 - 2017-02-18 20:04 - 02400960 _____ (BitTorrent Inc.) C:\Users\Carlo\Downloads\uTorrent.exe
2017-02-18 19:58 - 2017-02-18 19:58 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-02-18 18:56 - 2017-02-18 18:56 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-02-18 15:32 - 2017-02-18 15:32 - 01728735 _____ C:\Users\Carlo\Downloads\OptiFine_1.9.4_HD_U_B6.jar
2017-02-18 15:27 - 2017-02-18 15:27 - 02025801 _____ C:\Users\Carlo\Downloads\OptiFine_1.11.2_HD_U_B7.jar
2017-02-18 15:23 - 2017-02-18 15:23 - 01268363 _____ C:\Users\Carlo\Downloads\LabyMod_v2.7.9_mc1.8.8.jar
2017-02-12 15:16 - 2017-02-12 15:16 - 00000918 _____ C:\Users\Public\Desktop\Overwatch Test.lnk
2017-02-11 19:57 - 2017-02-11 19:57 - 00000000 ____D C:\gmod_server
2017-02-11 17:29 - 2017-03-03 15:40 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\QuickScan
2017-02-11 01:08 - 2017-02-11 01:08 - 00000000 ____D C:\Steam
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-13 16:24 - 2015-06-02 15:01 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\TS3Client
2017-03-13 16:20 - 2015-05-19 21:12 - 00000000 ____D C:\Users\Agando
2017-03-13 16:19 - 2016-11-19 02:15 - 00000000 ____D C:\Users\Carlo\AppData\LocalLow\Mozilla
2017-03-13 16:19 - 2016-11-18 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-13 16:19 - 2015-05-25 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-13 16:19 - 2015-05-20 13:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-13 16:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-13 16:11 - 2015-06-02 19:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-13 15:57 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-13 15:57 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-13 15:45 - 2016-09-03 22:40 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-13 15:45 - 2015-05-25 19:08 - 00000008 __RSH C:\Users\Carlo\ntuser.pol
2017-03-13 15:45 - 2015-05-25 19:08 - 00000000 ____D C:\Users\Carlo
2017-03-13 15:34 - 2015-06-09 19:16 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-13 15:29 - 2015-10-19 17:14 - 00000000 ____D C:\Users\Carlo\AppData\Local\TeamSpeak 3 Client
2017-03-12 20:27 - 2015-12-20 12:33 - 00000000 ____D C:\Users\Carlo\AppData\Local\Battle.net
2017-03-12 19:37 - 2015-12-20 12:33 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-12 17:09 - 2016-04-15 13:52 - 00000000 ____D C:\Users\Carlo\Desktop\Spiele
2017-03-10 19:46 - 2015-05-19 21:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-10 19:27 - 2015-12-20 12:35 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-03-10 14:56 - 2016-11-07 14:11 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2017-03-10 14:47 - 2015-05-27 18:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-10 14:39 - 2015-07-23 16:07 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2017-03-09 20:08 - 2015-06-26 05:54 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\.minecraft
2017-03-09 19:27 - 2016-02-09 21:16 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-03-09 15:33 - 2016-05-05 12:50 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-03-07 18:27 - 2015-08-29 18:02 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\Skype
2017-03-07 15:10 - 2016-11-17 14:15 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-03-06 18:11 - 2016-09-03 22:47 - 00000000 ____D C:\Users\Carlo\Desktop\Programme
2017-03-03 22:49 - 2016-12-15 20:56 - 00000168 _____ C:\Users\Carlo\Documents\ClownfishForTeamspeak.ini
2017-03-03 17:07 - 2015-05-25 18:56 - 00001147 _____ C:\Users\Carlo\Desktop\Mozilla Firefox.lnk
2017-03-03 15:12 - 2016-02-15 20:49 - 00000000 ____D C:\Users\Carlo\AppData\Local\CrashDumps
2017-03-02 21:58 - 2015-05-25 19:09 - 00001631 _____ C:\Users\Carlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-02 21:57 - 2016-09-03 22:41 - 00002473 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-03-02 21:57 - 2016-09-03 22:41 - 00002465 _____ C:\Users\Agando\Desktop\Chromium.lnk
2017-03-02 21:57 - 2015-05-19 21:12 - 00001631 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-02 20:26 - 2015-07-14 11:32 - 00000000 ____D C:\Users\Carlo\AppData\LocalLow\Unity
2017-03-02 20:02 - 2016-12-03 16:03 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\obs-studio
2017-03-02 20:02 - 2016-12-03 15:42 - 00000000 ____D C:\Users\Carlo\Desktop\OBS Aufnahmen
2017-03-02 20:01 - 2016-08-20 11:00 - 00000000 ____D C:\Users\Carlo\Desktop\WOW
2017-03-02 18:17 - 2015-07-13 16:03 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-28 15:36 - 2016-07-31 15:29 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-28 15:36 - 2016-07-31 15:29 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\discord
2017-02-28 15:36 - 2016-07-31 15:29 - 00000000 ____D C:\Users\Carlo\AppData\Local\SquirrelTemp
2017-02-27 03:20 - 2015-12-24 17:32 - 00000000 ____D C:\ProgramData\Origin
2017-02-27 03:17 - 2015-12-24 17:33 - 00000000 ____D C:\Users\Carlo\AppData\Roaming\Origin
2017-02-26 22:47 - 2016-10-21 12:18 - 00001098 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-02-26 22:17 - 2015-12-24 17:31 - 00000000 ____D C:\Program Files (x86)\Origin
2017-02-25 13:32 - 2015-05-30 18:27 - 00000000 ____D C:\Users\Agando\AppData\Roaming\TS3Client
2017-02-23 22:36 - 2015-05-25 20:19 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 22:34 - 2015-05-25 20:19 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 15:31 - 2016-12-14 17:42 - 00000000 ____D C:\Users\Carlo\Desktop\TS§ Icons
2017-02-23 15:25 - 2015-07-13 19:25 - 00000000 ____D C:\Users\Carlo\.gimp-2.8
2017-02-21 22:39 - 2016-11-04 16:09 - 00000000 ____D C:\Users\Carlo\Desktop\server bac
2017-02-21 17:35 - 2016-03-07 14:08 - 00000000 ____D C:\Users\Carlo\Desktop\Hardcore
2017-02-20 16:35 - 2016-05-24 19:55 - 00000000 ____D C:\Users\Carlo\Desktop\Buhhh
2017-02-19 01:53 - 2015-12-24 17:48 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-02-19 01:53 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-18 21:23 - 2015-08-10 22:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-18 20:07 - 2016-09-03 21:56 - 00000000 ____D C:\Users\Agando\AppData\Roaming\uTorrent
2017-02-14 15:12 - 2015-07-17 14:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 15:12 - 2015-06-16 16:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 15:12 - 2015-06-16 16:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 15:12 - 2015-06-16 16:58 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 15:12 - 2015-06-02 19:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-12 22:14 - 2016-02-05 14:54 - 00000000 ____D C:\Users\Carlo\Desktop\garrys mod server
2017-02-11 17:48 - 2015-06-23 16:08 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-02-11 17:34 - 2017-01-29 14:56 - 00000000 ___HD C:\ProgramData\2690q24j25z6833
2017-02-11 03:09 - 2016-02-29 13:50 - 00000000 ____D C:\Users\Carlo\AppData\Local\Ubisoft Game Launcher
2017-02-11 00:33 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-05-19 21:19 - 2015-05-19 21:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Agando\AppData\Local\Temp\DeleteOnReboot.bat
Einige Dateien in TEMP:
====================
2015-05-20 13:22 - 2016-01-24 13:23 - 0000000 ____D () C:\Users\Agando\AppData\Local\Temp\avgnt.exe
2015-05-28 13:44 - 2015-07-26 13:48 - 0000000 ____D () C:\Users\Carlo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-04 00:12
==================== Ende von FRST.txt ============================ ---
*wird in einen weiteren Beitrag fortgesetzt... |