Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   manchmal seltsame Abstürze, Fenster öffnen und schließen sich selbständig... spookie (https://www.trojaner-board.de/200815-manchmal-seltsame-abstuerze-fenster-oeffnen-schliessen-selbstaendig-spookie.html)

simplehelü 18.01.2021 22:28
manchmal seltsame Abstürze, Fenster öffnen und schließen sich selbständig... spookie
 
Wenn ich arbeite, stürzt Open office ab und öffnet selbsttsändig die Wiederherstellung
Seiten gehen auf und zu.
Irgendwas ist hier faul.
Vielleicht auch zu viele Prozesse... Wer kann mir helfen, ob ich hier was fixen kann.

LG
Code:
Running processes:
Number | Path
  1  C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
  1  C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
  1  C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
  1  C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe
  1  C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
  1  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
  1  C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
  1  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
  1  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
  1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  1  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  1  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
  13  C:\Program Files (x86)\Opera\73.0.3856.344\opera.exe
  1  C:\Program Files (x86)\Opera\73.0.3856.344\opera_crashreporter.exe
  2  C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
  1  C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
  1  C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
  1  C:\Program Files\AVAST Software\Avast\AvastSvc.exe
  3  C:\Program Files\AVAST Software\Avast\AvastUI.exe
  1  C:\Program Files\AVAST Software\Avast\aswidsagent.exe
  1  C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
  1  C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
  1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
  1  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
  1  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
  1  C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
  1  C:\Program Files\Sony\VAIO Update\VUAgent.exe
  1  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  1  C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
  1  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
  1  C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
  1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20091.84.0_x64__8wekyb3d8bbwe\YourPhone.exe
  1  C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20032.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe
  1  C:\ProgramData\KMSAutoS\bin\KMSSS.exe
  1  C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\FileCoAuth.exe
  1  C:\Users\Sandra\Desktop\HiJackThis\HiJackThis_v2.8.0.4.exe
  1  C:\Users\Sandra\Desktop\HiJackThis\MemCompression
  1  C:\Users\Sandra\Desktop\HiJackThis\Registry
  1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
  2  C:\Windows\SysWOW64\svchost.exe
  1  C:\Windows\System32\ApplicationFrameHost.exe
  7  C:\Windows\System32\RuntimeBroker.exe
  1  C:\Windows\System32\SearchFilterHost.exe
  1  C:\Windows\System32\SearchIndexer.exe
  1  C:\Windows\System32\SearchProtocolHost.exe
  1  C:\Windows\System32\SecurityHealthService.exe
  1  C:\Windows\System32\SecurityHealthSystray.exe
  1  C:\Windows\System32\SgrmBroker.exe
  1  C:\Windows\System32\WUDFHost.exe
  1  C:\Windows\System32\audiodg.exe
  2  C:\Windows\System32\csrss.exe
  1  C:\Windows\System32\ctfmon.exe
  1  C:\Windows\System32\dasHost.exe
  4  C:\Windows\System32\dllhost.exe
  1  C:\Windows\System32\dwm.exe
  2  C:\Windows\System32\fontdrvhost.exe
  1  C:\Windows\System32\lsass.exe
  1  C:\Windows\System32\msdtc.exe
  2  C:\Windows\System32\nvvsvc.exe
  1  C:\Windows\System32\services.exe
  1  C:\Windows\System32\sihost.exe
  1  C:\Windows\System32\smss.exe
  1  C:\Windows\System32\spoolsv.exe
  79  C:\Windows\System32\svchost.exe
  1  C:\Windows\System32\taskhostw.exe
  1  C:\Windows\System32\wbem\WmiPrvSE.exe
  2  C:\Windows\System32\wbem\unsecapp.exe
  1  C:\Windows\System32\wininit.exe
  1  C:\Windows\System32\winlogon.exe
  1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
  1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
  1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
  1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
  1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  1  C:\Windows\explorer.exe
  1  C:\Windows\splwow64.exe

O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.75\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.75\BHO\ie_to_edge_bho.dll
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] = C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe -update pepperplugin
O4 - HKCU\..\StartupApproved\Run: [OneDrive] (2016/12/20) = C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\StartupApproved\Run: [TomTomHOME.exe] (2017/03/08) = C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk    ->    C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (2016/12/20)
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [NvBackend] = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (1601/01/01) = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [SynTPEnh] (1601/01/01) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk    ->    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (2017/03/06)
O4-32 - HKLM\..\Run: [ConnectionCenter] = C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup
O4-32 - HKLM\..\Run: [InstallHelper] = C:\ProgramData\Citrix\Citrix Workspace 2002\InstallHelper.exe
O4-32 - HKLM\..\Run: [Opera Browser Assistant] = C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
O4-32 - HKLM\..\Run: [Redirector] = C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O17 - DHCP DNS 1: 192.168.178.1
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers: NoPermModule Class - {C701AD67-3DF0-47C9-89CB-DFA6207BE229} - C:\Users\Sandra\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers: ReadOnlyModule Class - {A433C3E0-8B24-40EB-93C3-4B10D9959F58} - C:\Users\Sandra\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers: SyncedModule Class - {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} - C:\Users\Sandra\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers: SyncingModule Class - {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} - C:\Users\Sandra\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers: UnsuppModule Class - {AEB16659-2125-4ADA-A4AB-45EE21E86469} - C:\Users\Sandra\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O22 - Task (Job): Avast Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV24:{} (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV24:{} /AllUsersRun (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV24:{} /CalendarRun (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV24:{} /WakeupRun (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Workplace Join\Automatic-Device-Join - C:\WINDOWS\System32\dsregcmd.exe $(Arg0) $(Arg1) $(Arg2) (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Workplace Join\Device-Sync - {C662D912-E4D6-44A3-89A0-20550514951D},DeviceUpdate - C:\Windows\System32\dsregtask.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WwanSvc\OobeDiscovery - {C93CF9D5-031B-4AAA-AB0B-EF802347B381} - C:\Windows\System32\MBMediaManager.dll (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe -check pepperplugin
O22 - Task: Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task: Avast Secure Browser Heartbeat Task (Hourly) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly
O22 - Task: Avast Secure Browser Heartbeat Task (Logon) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon
O22 - Task: AvastUpdateTaskMachineCore - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c
O22 - Task: AvastUpdateTaskMachineUA - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler
O22 - Task: Driver Booster SkipUAC (Sandra) - C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe /skipuac (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: KMSAutoNet - C:\ProgramData\KMSAutoS\KMSAuto Net.exe /off=act
O22 - Task: MicrosoftEdgeUpdateTaskMachineCore - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
O22 - Task: MicrosoftEdgeUpdateTaskMachineCore1d6ea9847fcf10d - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
O22 - Task: MicrosoftEdgeUpdateTaskMachineUA - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
O22 - Task: Opera scheduled Autoupdate 1459626116 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1553848812 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Microsoft\Office\Office Automatic Updates 2.0 - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=False (Microsoft)
O22 - Task: \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService (Microsoft)
O22 - Task: \Microsoft\Office\Office Feature Updates - C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe (Microsoft)
O22 - Task: \Microsoft\Office\Office Feature Updates Logon - C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe /onlogon (Microsoft)
O22 - Task: \Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerEncryptAllDrives - C:\WINDOWS\System32\edptask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\CUAssistant\CULauncher - C:\Program Files\CUAssistant\culauncher.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Data Integrity Scan\Data Integrity Check And Scan - {DCFD3EA8-D960-4719-8206-490AE315F94F} - C:\Windows\System32\discan.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan - {DCFD3EA8-D960-4719-8206-490AE315F94F},-Manual - C:\Windows\System32\discan.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Device Information\Device - C:\WINDOWS\system32\devicecensus.exe SystemCxt (Microsoft)
O22 - Task: \Microsoft\Windows\Device Information\Device User - C:\WINDOWS\system32\devicecensus.exe UserCxt (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner - {AD08DCC2-4E35-4486-9D49-547CBD30942D} - C:\WINDOWS\System32\MitigationClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DirectXDatabaseUpdater - C:\WINDOWS\system32\directxdatabaseupdater.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures - {59EECBFE-C2F5-4419-9B99-13FE05FF2675} - C:\Windows\System32\fcon.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing - {99EFDAD1-0F11-4A6B-A702-4E1C37D1A3EF} - C:\Windows\System32\fcon.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting - {BBFCD054-8AAC-45DE-A1EB-7B246C9028AF} - C:\Windows\System32\fcon.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Flighting\OneSettings\RefreshCache - {E07647F7-AED2-48D9-9720-939BC24A8A3C} - C:\Windows\System32\wosc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Input\LocalUserSyncDataAvailable - {8E7C2AFB-72B9-415C-9AC2-5037693309B7},LocalUserSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Input\MouseSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},MouseSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Input\PenSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},PenSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Input\TouchpadSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},TouchpadSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\International\Synchronize Language Settings - {10D62541-90D0-42FE-848C-0DBC1AC42EDA},SyncFromCloud - C:\Windows\System32\CoreGlobConfig.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\Shell\UpdateUserPictureTask - {09C5DD34-009D-40FA-BCB9-0165AD0C15D4} - C:\Windows\System32\Windows.UI.Immersive.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\StateRepository\MaintenanceTasks - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Backup Scan - C:\WINDOWS\system32\usoclient.exe StartScan (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Report policies - C:\WINDOWS\system32\usoclient.exe ReportPolicies (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Schedule Scan Static Task - C:\WINDOWS\system32\usoclient.exe StartScan (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Schedule Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateModelTask - C:\WINDOWS\system32\usoclient.exe StartModelUpdates (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\sihpostreboot - C:\WINDOWS\system32\sihclient.exe /PostReboot (Microsoft)
O22 - Task: \Microsoft\Windows\WlanSvc\CDSSync - {B0D2B535-12E1-439F-86B3-BADA289510F0},$(Arg0) - C:\Windows\System32\WiFiCloudStore.dll (Microsoft)
O22 - Task: \Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask - C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Warning (Microsoft)
O22 - Task: \Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask - C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Disable (Microsoft)
O22 - Task: \Sony Corporation\VAIO Update\VAIO Update - C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe /Stationary
O22 - Task: \Sony Corporation\VAIO Update\VAIO Update Self Repair - C:\Program Files\Sony\VAIO Update\VUSR.exe
O22 - Task: {F2674A65-90FA-4F23-88E5-C57D56BBD548} - C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\HP\Digital Imaging\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}\setup\hpzscr40.exe" -c -datfile hposcr19.dat -onestop -forcereboot
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe /runassvc
O23 - Service R2: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R2: Citrix Workspace Updater Service - (CWAUpdaterService) - C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe
O23 - Service R2: Cloud Station Drive VSS Service x64 - C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
O23 - Service R2: HP CUE DeviceDiscovery Service - (hpqddsvc) - C:\WINDOWS\SysWow64\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
O23 - Service R2: HP Network Devices Support - (HPSLPSVC) - C:\WINDOWS\system32\svchost.exe -k HPService; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
O23 - Service R2: KMS-host Service - (KMSEmulator) - C:\ProgramData\KMSAutoS\bin\KMSSS.exe -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -AI 43200 -RI 43200 KillProcessOnPort -Log -IP
O23 - Service R2: Microsoft Office-Klick-und-Los-Dienst - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service R2: NVIDIA Stereoscopic 3D Driver Service - (Stereo Service) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service R2: NitroPDFReaderDriverCreatorReadSpool3 - (NitroReaderDriverReadSpool3) - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TomTomHOMEService - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service R2: Windows 10 Update Facilitation Service - (osrss) - C:\WINDOWS\system32\svchost.exe -k osrss; "ServiceDll" = C:\WINDOWS\system32\osrss.dll
O23 - Service R3: VUAgent - C:\Program Files\Sony\VAIO Update\vuagent.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service R3: hpqcxs08 - C:\WINDOWS\SysWow64\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
O23 - Service S2: Avast Browser Update-Dienst (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc
O23 - Service S2: Google Update-Dienst (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service S2: Microsoft Edge-Update-Dienst (edgeupdate) - (edgeupdate) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /svc
O23 - Service S2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service S2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service S2: TeamViewer 12 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Avast Browser Update-Dienst (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc
O23 - Service S3: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - (AvastSecureBrowserElevationService) - C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6938.199\elevation_service.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\elevation_service.exe
O23 - Service S3: Google Update-Dienst (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Microsoft Defender Antivirus-Dienst - (WinDefend) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe
O23 - Service S3: Microsoft Defender Antivirus-Netzwerkinspektionsdienst - (WdNisSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe
O23 - Service S3: Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - (MicrosoftEdgeElevationService) - C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.75\elevation_service.exe
O23 - Service S3: Microsoft Edge-Update-Dienst (edgeupdatem) - (edgeupdatem) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /medsvc
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Windows Defender Advanced Threat Protection-Dienst - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe


--
End of file - Time spent: 67 sec. - 60232 bytes, CRC32: FFFFFFFF. Sign:

cosinus 18.01.2021 22:35
Bittenicht einfach irgendwelche Logs posten. In den Hinweisen für Hilfesuchende steht was du tun sollst. Bitte künftig beachten!


Logdateien erstellen mit FRST64
  • Bitte lade dir Farbar's Recovery Scan Tool (FRST64.exe) auf deinen Desktop
  • Starte anschließend FRST64.exe per Doppelklick.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und die Addition.txt in deinem Thread in CODE-Tags (#-Symbol im Eingabefenster der Webseite anklicken)

M-K-D-B 21.01.2021 16:06
Fehlende Rückmeldung
Dieses Thema wurde aus unseren Abos gelöscht. Somit bekommen wir keine Benachrichtigung über neue Antworten.
Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131