Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Unsichtbares Mobogenie

Unsichtbares Mobogenie


Log-Analyse und Auswertung: Unsichtbares Mobogenie

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.05.2016, 22:39   #1
suppiluliuma
 
Unsichtbares Mobogenie - Standard

Unsichtbares Mobogenie


Hab ein Problem mit einem Browser Hijack mit dem IE.
Quelle ist wahrscheinlich eine unsichtbare Mobogenie-Installation, die den Link auf Werbung umleitet (get.mirando.de).
Habe die Logs erstellt, siehe unten bzw. nächster Beitrag..
Bitte um Hilfe.

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
durchgeführt von Hasi (Administrator) auf PUPPI (22-05-2016 23:15:19)
Gestartet von D:\Transfer
Geladene Profile: Hasi (Verfügbare Profile: Hasi)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFi GO! Server.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Dropbox, Inc.) C:\Users\Hasi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AsDLNAServerReal.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft) C:\Program Files (x86)\Microsoft Streets & Trips 2013\StreetsOlkShim.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [55656 2013-07-29] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [FontExpertType1Loader] => C:\Program Files (x86)\FontExpert\Type1Loader.exe [294776 2011-10-31] (Proxima Software)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [420200 2013-07-29] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [Amazon Music] => C:\Users\Hasi\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [Dropbox Update] => C:\Users\Hasi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\MountPoints2: {61ede83c-ca48-11e5-83db-d850e6d1c3d0} - "G:\startme.exe"
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\MountPoints2: {d2c082f7-94d1-11e5-83be-d850e6d1c3d0} - "H:\startme.exe"
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\...\MountPoints2: {f1f677e5-892d-11e3-8263-d850e6d1c3d0} - "G:\AutoRun.exe"
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hasi\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hasi\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hasi\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hasi\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hasi\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hasi\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hasi\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2016-05-22]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{F17BA1CA-0FAF-40BF-A5FD-BF1B727D855E}\app_icon.ico ()
Startup: C:\Users\Hasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Hasi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{299F36D3-A249-45F9-9932-A5380360BE40}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{DCC4EB4B-ABCF-4294-B989-5FBA9AAA4558}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.at/
HKU\S-1-5-21-2389217616-984847240-1873245757-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-11] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-20] (IvoSoft)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-11] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-2389217616-984847240-1873245757-1002 -> Kein Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Keine Datei
Toolbar: HKU\S-1-5-21-2389217616-984847240-1873245757-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles\5l77ouq3.default
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxps://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-11] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-11] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-11] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-09-23] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF user.js: detected! => C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles\5l77ouq3.default\user.js [2014-12-09]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-11] [ist nicht signiert]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-11] [ist nicht signiert]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-11] [ist nicht signiert]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-11] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-01-20] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-11] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-08] (ASUSTeK Computer Inc.) [Datei ist nicht signiert]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1656616 2013-12-16] (O&O Software GmbH)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [Datei ist nicht signiert]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-23] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-30] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-11] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MbswMailbox; C:\Program Files (x86)\ASUS\AI Suite III\690b33e1-0462-4e84-9bea-c7552b45432a.sys [17208 2014-01-23] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-20] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-20] (Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-22 23:15 - 2016-05-22 23:15 - 00000000 ____D C:\FRST
2016-05-12 19:41 - 2016-05-12 19:41 - 00000000 ____D C:\Users\Hasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 22:20 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 22:20 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 22:20 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 22:20 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 22:20 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 22:20 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 22:20 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 22:20 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 22:20 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-05-11 22:20 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 22:20 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 22:20 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 22:20 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 22:20 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 22:20 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 22:20 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 22:20 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 22:20 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-05-11 22:20 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 22:20 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 22:20 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 22:20 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 22:20 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 22:20 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 22:20 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 22:20 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 22:20 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 22:20 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 22:20 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 22:20 - 2016-04-11 08:21 - 00074584 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-05-11 22:20 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 22:20 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 22:20 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 22:20 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 22:20 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 22:20 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 22:20 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 22:20 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 22:20 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 22:20 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 22:20 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-05-11 22:20 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 22:20 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 22:20 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 22:20 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 22:20 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 22:20 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 22:20 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 22:20 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 22:20 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 22:20 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 22:20 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 22:20 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 22:20 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 18:46 - 2016-05-11 18:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7135462F.sys
2016-05-07 16:24 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-05-07 16:24 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-07 16:24 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-07 16:24 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-07 16:24 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-05-07 16:24 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-07 16:24 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-07 16:24 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-07 16:24 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-07 16:24 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-05-07 16:23 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-07 16:23 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-07 16:23 - 2016-03-14 18:50 - 00316760 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-05-07 16:23 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-05-07 16:23 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2016-05-07 16:23 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2016-05-07 16:23 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-07 16:23 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-07 16:23 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-05-07 16:23 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsparse.dll
2016-05-07 16:23 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-07 16:23 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-07 16:23 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-05-07 16:23 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsparse.dll
2016-05-07 16:23 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-07 16:23 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-05-07 16:23 - 2016-03-08 16:44 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-05-07 16:23 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-07 16:23 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-07 16:23 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-07 16:23 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-05-07 16:23 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-05-07 16:23 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-05-07 16:23 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-05-07 16:23 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-05-07 16:23 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-05-05 19:49 - 2016-05-22 23:03 - 00000875 _____ C:\Users\Hasi\Desktop\Garten.lnk
2016-04-27 05:49 - 2016-04-27 05:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-22 23:09 - 2014-01-20 11:40 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2389217616-984847240-1873245757-1002
2016-05-22 23:04 - 2016-03-09 17:30 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-05-22 23:04 - 2016-03-09 17:30 - 00001210 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-05-22 23:04 - 2015-11-28 22:22 - 00002043 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2016-05-22 23:04 - 2015-11-28 17:28 - 00000978 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2016-05-22 23:04 - 2015-10-31 18:20 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-22 23:04 - 2015-10-26 15:45 - 00001351 _____ C:\Users\Public\Desktop\EaseUS Partition Master 10.8.lnk
2016-05-22 23:04 - 2015-10-26 15:41 - 00002146 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Workstation 8.8.lnk
2016-05-22 23:04 - 2015-08-19 10:37 - 00001177 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2016-05-22 23:04 - 2015-01-20 16:46 - 00001106 _____ C:\Users\Public\Desktop\Mobi File Reader.lnk
2016-05-22 23:04 - 2014-11-29 14:24 - 00001056 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2016-05-22 23:04 - 2014-10-29 10:50 - 00001565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-22 23:04 - 2014-10-11 10:45 - 00001357 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-05-22 23:04 - 2014-09-07 14:10 - 00002098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2016-05-22 23:04 - 2014-09-07 14:10 - 00002072 _____ C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2016-05-22 23:04 - 2014-07-26 11:54 - 00002923 _____ C:\Users\Public\Desktop\Nero 2014.lnk
2016-05-22 23:04 - 2014-05-11 16:27 - 00002264 _____ C:\Users\Public\Desktop\RouteNavigator Europa.lnk
2016-05-22 23:04 - 2014-04-24 22:00 - 00001796 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-22 23:04 - 2014-04-11 20:29 - 00001361 _____ C:\Users\Public\Desktop\Streaming Audio Recorder.lnk
2016-05-22 23:04 - 2014-04-10 22:05 - 00001173 _____ C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk
2016-05-22 23:04 - 2014-02-13 17:07 - 00001078 _____ C:\Users\Public\Desktop\FontExpert 2011.LNK
2016-05-22 23:04 - 2014-02-13 16:35 - 00002825 _____ C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk
2016-05-22 23:04 - 2014-02-02 12:43 - 00000982 _____ C:\Users\Public\Desktop\VueScan x64.lnk
2016-05-22 23:04 - 2014-01-31 13:51 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-22 23:04 - 2014-01-24 23:26 - 00001139 _____ C:\Users\Public\Desktop\Epubor Ultimate.lnk
2016-05-22 23:04 - 2014-01-24 10:00 - 00000944 _____ C:\Users\Public\Desktop\WinImage.lnk
2016-05-22 23:04 - 2014-01-23 21:30 - 00002753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Streets & Trips 2013.lnk
2016-05-22 23:04 - 2014-01-23 17:16 - 00002759 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft AutoRoute 2013.lnk
2016-05-22 23:04 - 2014-01-23 00:33 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-22 23:04 - 2014-01-23 00:26 - 00001018 _____ C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2016-05-22 23:04 - 2014-01-21 23:06 - 00000932 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-22 23:04 - 2014-01-21 23:04 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-22 23:04 - 2014-01-21 23:04 - 00001160 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-22 23:04 - 2014-01-20 22:57 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-05-22 23:04 - 2014-01-20 22:46 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-05-22 23:04 - 2014-01-20 22:37 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-05-22 23:04 - 2014-01-20 22:37 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2016-05-22 23:04 - 2014-01-20 22:35 - 00001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-05-22 23:04 - 2014-01-20 18:03 - 00002507 _____ C:\Users\Public\Desktop\O&O Defrag.lnk
2016-05-22 23:04 - 2014-01-20 15:24 - 00001011 _____ C:\Users\Public\Desktop\IrfanView.lnk
2016-05-22 23:03 - 2016-03-08 18:54 - 00002171 _____ C:\Users\Hasi\Desktop\Garmin Express.lnk
2016-05-22 23:03 - 2016-03-03 11:03 - 00001092 _____ C:\Users\Hasi\Desktop\KOMPASS Digital Map.lnk
2016-05-22 23:03 - 2016-02-20 11:34 - 00001012 _____ C:\Users\Hasi\Desktop\Kabueem1_3100d.pdf.lnk
2016-05-22 23:03 - 2015-12-30 17:19 - 00002191 _____ C:\Users\Public\Desktop\Arles Image Explorer.lnk
2016-05-22 23:03 - 2014-09-01 18:16 - 00001095 _____ C:\Users\Hasi\Desktop\Adobe Photoshop CC 2014.lnk
2016-05-22 23:03 - 2014-07-15 19:17 - 00001148 _____ C:\Users\Hasi\Desktop\Amazon Music.lnk
2016-05-22 23:03 - 2014-07-09 16:50 - 00002038 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-05-22 23:03 - 2014-07-09 16:45 - 00002359 _____ C:\Users\Public\Desktop\Canon MG7100 series On-Screen-Handbuch.lnk
2016-05-22 23:03 - 2014-05-11 13:20 - 00001069 _____ C:\Users\Hasi\Desktop\Dropbox.lnk
2016-05-22 23:03 - 2014-04-24 22:20 - 00001423 _____ C:\Users\Hasi\Desktop\blackra1n.exe.lnk
2016-05-22 23:03 - 2014-03-02 13:02 - 00000992 _____ C:\Users\Public\Desktop\AllDup.lnk
2016-05-22 23:03 - 2014-02-13 16:35 - 00002833 _____ C:\Users\Public\Desktop\Corel CAPTURE X6 (64-Bit).lnk
2016-05-22 23:03 - 2014-02-13 16:35 - 00002364 _____ C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2016-05-22 23:03 - 2014-02-02 12:43 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2016-05-22 23:03 - 2014-02-01 14:44 - 00000973 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2016-05-22 23:03 - 2014-02-01 14:34 - 00001022 _____ C:\Users\Hasi\Desktop\Hard Disk Sentinel.lnk
2016-05-22 23:03 - 2014-01-23 21:41 - 00001152 _____ C:\Users\Hasi\Desktop\OLYMPUS Viewer 3.lnk
2016-05-22 23:03 - 2014-01-23 21:41 - 00001132 _____ C:\Users\Hasi\Desktop\OLYMPUS Digital Kamera Updater.lnk
2016-05-22 23:03 - 2014-01-23 21:37 - 00002741 _____ C:\Users\Hasi\Desktop\Microsoft Streets & Trips 2013.lnk
2016-05-22 23:03 - 2014-01-23 17:16 - 00002747 _____ C:\Users\Hasi\Desktop\Microsoft AutoRoute 2013.lnk
2016-05-22 23:03 - 2014-01-21 22:50 - 00002281 _____ C:\Users\Hasi\Desktop\Kindle.lnk
2016-05-22 23:03 - 2014-01-21 14:49 - 00001971 _____ C:\Users\Hasi\Desktop\AI Suite 3.lnk
2016-05-22 23:03 - 2014-01-20 22:46 - 00002047 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2016-05-22 23:03 - 2014-01-20 22:40 - 00001269 _____ C:\Users\Hasi\Desktop\Adobe After Effects CS5.5.lnk
2016-05-22 23:03 - 2014-01-20 22:40 - 00001234 _____ C:\Users\Hasi\Desktop\Adobe Photoshop CS5.1.lnk
2016-05-22 23:03 - 2014-01-20 22:40 - 00001222 _____ C:\Users\Hasi\Desktop\Adobe InDesign CS5.5.lnk
2016-05-22 23:03 - 2014-01-20 22:40 - 00001182 _____ C:\Users\Hasi\Desktop\Adobe Flash Professional CS5.5.lnk
2016-05-22 23:03 - 2014-01-20 22:40 - 00001149 _____ C:\Users\Hasi\Desktop\Adobe Premiere Pro CS5.5.lnk
2016-05-22 23:03 - 2014-01-20 22:39 - 00001689 _____ C:\Users\Hasi\Desktop\Adobe Illustrator CS5.1.lnk
2016-05-22 23:03 - 2014-01-20 22:39 - 00001258 _____ C:\Users\Hasi\Desktop\Adobe Dreamweaver CS5.5.lnk
2016-05-22 23:03 - 2014-01-20 22:38 - 00001252 _____ C:\Users\Hasi\Desktop\Adobe Audition CS5.5.lnk
2016-05-22 23:03 - 2014-01-20 22:37 - 00001196 _____ C:\Users\Hasi\Desktop\Adobe Bridge CS5.1.lnk
2016-05-22 23:03 - 2014-01-20 19:42 - 00000901 _____ C:\Users\Hasi\Desktop\µTorrent.lnk
2016-05-22 23:03 - 2014-01-20 19:42 - 00000881 _____ C:\Users\Hasi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-22 23:03 - 2014-01-20 15:51 - 00001024 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2016-05-22 23:03 - 2014-01-20 15:46 - 00001218 _____ C:\Users\Public\Desktop\Acronis True Image 2014.lnk
2016-05-22 23:03 - 2014-01-20 11:58 - 00003229 _____ C:\Users\Hasi\Desktop\Microsoft Outlook 2010.lnk
2016-05-22 23:03 - 2014-01-20 11:58 - 00003093 _____ C:\Users\Hasi\Desktop\Microsoft PowerPoint 2010.lnk
2016-05-22 23:03 - 2014-01-20 11:58 - 00003045 _____ C:\Users\Hasi\Desktop\Microsoft Excel 2010.lnk
2016-05-22 23:03 - 2014-01-20 11:58 - 00003027 _____ C:\Users\Hasi\Desktop\Microsoft Word 2010.lnk
2016-05-22 23:03 - 2014-01-20 11:39 - 00000995 _____ C:\Users\Hasi\Desktop\Atomic Clock Sync.lnk
2016-05-22 23:03 - 2014-01-20 11:29 - 00001427 _____ C:\Users\Hasi\Desktop\Internet Explorer.lnk
2016-05-22 23:03 - 2014-01-20 11:29 - 00001234 _____ C:\Users\Hasi\Desktop\Notepad.lnk
2016-05-22 23:03 - 2014-01-20 11:29 - 00000407 _____ C:\Users\Hasi\Desktop\File Explorer.lnk
2016-05-22 22:57 - 2014-01-20 11:33 - 00000000 ____D C:\Users\Hasi\AppData\Roaming\ClassicShell
2016-05-22 22:52 - 2014-01-20 12:23 - 00000000 ____D C:\Users\Hasi\Documents\Outlook-Dateien
2016-05-22 22:48 - 2014-08-09 21:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-22 22:45 - 2014-08-09 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-05-22 22:45 - 2014-08-09 21:29 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-05-22 22:44 - 2015-06-17 05:34 - 00001232 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2389217616-984847240-1873245757-1002UA.job
2016-05-22 22:23 - 2014-01-20 11:29 - 00000000 ____D C:\Users\Hasi\AppData\Local\VirtualStore
2016-05-22 21:44 - 2014-01-11 12:16 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-22 21:44 - 2013-08-23 01:24 - 00765378 _____ C:\Windows\system32\perfh007.dat
2016-05-22 21:44 - 2013-08-23 01:24 - 00159696 _____ C:\Windows\system32\perfc007.dat
2016-05-22 21:44 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-05-22 21:34 - 2014-01-20 11:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-22 21:21 - 2014-01-21 14:59 - 00000000 _____ C:\Windows\Path.idx
2016-05-22 21:17 - 2014-05-11 13:20 - 00000000 ___RD C:\Users\Hasi\Dropbox
2016-05-22 21:16 - 2014-01-21 14:54 - 01048576 _____ C:\Windows\PE_Rom.dll
2016-05-22 21:15 - 2014-01-22 23:45 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-05-22 10:44 - 2015-06-17 05:34 - 00001180 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2389217616-984847240-1873245757-1002Core.job
2016-05-22 05:25 - 2014-01-20 11:52 - 00000000 ____D C:\Users\Hasi\AppData\Local\Adobe
2016-05-21 19:45 - 2014-01-21 23:06 - 00000000 ____D C:\Users\Hasi\AppData\Roaming\vlc
2016-05-21 17:41 - 2014-01-11 12:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-21 17:41 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 19:11 - 2014-04-30 17:18 - 00007680 _____ C:\Users\Hasi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-19 14:34 - 2014-04-24 08:11 - 00001384 _____ C:\Windows\MB.idx
2016-05-14 17:17 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-05-13 23:31 - 2015-04-20 22:10 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-13 05:30 - 2015-05-15 10:14 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 19:41 - 2014-05-11 13:19 - 00000000 ____D C:\Users\Hasi\AppData\Roaming\Dropbox
2016-05-12 15:40 - 2015-10-08 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-12 05:39 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-05-11 23:21 - 2013-08-22 16:44 - 05234576 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 23:21 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-05-11 22:27 - 2014-01-22 23:45 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 22:27 - 2013-08-23 01:26 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 22:21 - 2014-01-22 23:45 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 22:08 - 2014-12-10 22:52 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:08 - 2014-12-10 22:52 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-07 16:23 - 2016-01-15 11:44 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-05 19:44 - 2014-01-20 18:36 - 00000000 ____D C:\Users\Hasi\AppData\Local\ElevatedDiagnostics
2016-05-05 19:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2016-04-27 05:50 - 2014-09-01 18:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-27 05:49 - 2016-03-08 18:54 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-04-27 05:49 - 2016-03-08 18:54 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-04-23 12:50 - 2015-09-02 10:53 - 00000000 ____D C:\Users\Hasi\.oracle_jre_usage
2016-04-23 12:50 - 2014-10-16 13:26 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-23 12:50 - 2014-10-16 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-23 12:50 - 2014-01-21 23:49 - 00000000 ____D C:\ProgramData\Oracle
2016-04-23 12:50 - 2014-01-21 14:47 - 00000000 ____D C:\Program Files (x86)\Java

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-02-01 16:25 - 2015-07-31 19:54 - 0000132 _____ () C:\Users\Hasi\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-10-14 11:27 - 2014-10-15 10:18 - 0099384 _____ () C:\Users\Hasi\AppData\Roaming\inst.exe
2014-10-14 11:27 - 2014-10-15 10:18 - 0007859 _____ () C:\Users\Hasi\AppData\Roaming\pcouffin.cat
2014-10-14 11:27 - 2014-10-15 10:18 - 0001167 _____ () C:\Users\Hasi\AppData\Roaming\pcouffin.inf
2014-10-14 11:28 - 2014-10-15 10:18 - 0000055 _____ () C:\Users\Hasi\AppData\Roaming\pcouffin.log
2014-10-14 11:27 - 2014-10-15 10:18 - 0082816 _____ (VSO Software) C:\Users\Hasi\AppData\Roaming\pcouffin.sys
2014-04-11 20:33 - 2014-04-11 20:33 - 0551424 ____T (MultiMedia Soft) C:\Users\Hasi\AppData\Roaming\Microsoft\engine_ag.dll
2015-01-05 19:02 - 2015-01-05 19:02 - 181974983 _____ () C:\Users\Hasi\AppData\Local\ACCCx2_8_1_451.zip.aamdownload
2015-01-05 19:02 - 2015-01-05 19:02 - 0002174 _____ () C:\Users\Hasi\AppData\Local\ACCCx2_8_1_451.zip.aamdownload.aamd
2014-04-30 17:18 - 2016-05-20 19:11 - 0007680 _____ () C:\Users\Hasi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-28 22:22 - 2015-11-28 22:22 - 29380776 _____ (Sony Mobile Communications ) C:\Users\Hasi\AppData\Local\pcc.exe
2014-01-11 12:20 - 2014-01-11 12:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Hasi\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Hasi\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Hasi\AppData\Local\Temp\bassmod.dll
C:\Users\Hasi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsopd1f.dll
C:\Users\Hasi\AppData\Local\Temp\GUR2137.exe
C:\Users\Hasi\AppData\Local\Temp\ifgSFCWDuUQCLsWdpWuU.DLL
C:\Users\Hasi\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Hasi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Hasi\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Hasi\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Hasi\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Hasi\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Hasi\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Hasi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Hasi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Hasi\AppData\Local\Temp\nvStInst.exe
C:\Users\Hasi\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-15 05:28

==================== Ende von FRST.txt ============================

 

Themen zu Unsichtbares Mobogenie
adobe, bonjour, browser, canon, computer, defender, desktop, dnsapi.dll, ebanking, epubor, excel, hijack, home, homepage, kaspersky, mozilla, problem, prozesse, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, total commander, werbung, windows


« Chinesisches Programm läst sich nicht mehr deinstallieren | nach www-searching.com Befall Probleme 1. Rechner langsamer 2. Adwcleaner findet immer die gleichen Regestry Schlüssel »


Ähnliche Themen: Unsichtbares Mobogenie


  1. Windows 7: FRST Log (Warten auf unsichtbares Programm beim Shutdown)
    Log-Analyse und Auswertung - 15.12.2015 (3)
  2. Malwarebytes findet Mobogenie. Noch mehr malware?
    Log-Analyse und Auswertung - 11.12.2014 (12)
  3. Unsichtbares Internetexplorerfenster
    Plagegeister aller Art und deren Bekämpfung - 22.09.2014 (11)
  4. Mobogenie+diverse certified-toolbars
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (37)
  5. Mobogenie nicht entfernt, Eset löscht Dateien nicht
    Log-Analyse und Auswertung - 15.03.2014 (4)
  6. Win7: Avast findet Malware Mobogenie und VBS: Malware-gen
    Log-Analyse und Auswertung - 11.03.2014 (7)
  7. Mobogenie Virus entdeckt?
    Log-Analyse und Auswertung - 21.02.2014 (9)
  8. Mobogenie / Reg Clean Pro
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (14)
  9. Mobogenie, Aartemis, Advances System Protector, RegCleanPro, MYPC Backup
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (20)
  10. Nach Flashplayer update Virus (?) auf Tablet (Mobogenie, Nationzoom, Lollipop etc.)
    Log-Analyse und Auswertung - 27.01.2014 (5)
  11. Nationzoom, Mobogenie, Re-Markit Befall
    Log-Analyse und Auswertung - 19.01.2014 (25)
  12. Nach Bereinigung ( Lollipop , Mobogenie , NationZoom ) InternetExplorer: ATI DisplayAdapter Fehler
    Log-Analyse und Auswertung - 16.01.2014 (9)
  13. Mobogenie entfernen
    Anleitungen, FAQs & Links - 23.12.2013 (2)
  14. Unsichtbares Programm im Tabswitch - Suche und Google erfolglos
    Plagegeister aller Art und deren Bekämpfung - 01.02.2007 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Unsichtbares Mobogenie - Hab ein Problem mit einem Browser Hijack mit dem IE. Quelle ist wahrscheinlich eine unsichtbare Mobogenie-Installation, die den Link auf Werbung umleitet (get.mirando.de). Habe die Logs erstellt, siehe unten bzw. - Unsichtbares Mobogenie...
Archiv
Du betrachtest: Unsichtbares Mobogenie auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131