Hallo, trotz laufender Kaspersky Internet Security 2016 wurde von MBAM auf dem Rechner hijack.host gefunden.
Könnte mir jemand den Schaden erklären und bitte bei der Beseitugung helfen?
Vielen Dank.
Code:
Alles auswählen Aufklappen ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
durchgeführt von Andreas (Administrator) auf MYL (22-01-2016 10:57:28)
Gestartet von C:\Users\Andreas\Downloads
Geladene Profile: Andreas (Verfügbare Profile: Andreas)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Malwarebytes) G:\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) G:\ Malwarebytes Anti-Malware \mbam.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Google Inc.) C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(© 2015 Microsoft Corporation) C:\Users\Andreas\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Dominik Reichl) G:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
() C:\Program Files\SpiderOak\windows_dir_watcher.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) G:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-04-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-04-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => g:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2745544 2016-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [PowerPDF Registry Controller] => G:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe [206288 2015-02-06] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [NuanPowerPdf1NPDFLM] => G:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe [3452456 2015-02-06] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance Power PDF Standard-reminder] => "G:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\Power PDF Standard\Ereg\Ereg.ini"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => g:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => G:\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [Google Update] => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [MusicManager] => C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [Amazon Music] => C:\Users\Andreas\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [SpiderOak] => C:\Program Files\SpiderOak\SpiderOak.exe [60416 2015-03-25] (SpiderOak)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [BingSvc] => C:\Users\Andreas\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [KeePass Password Safe 2] => G:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2745544 2016-01-09] (Dominik Reichl)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [Office Timeline Performance Helper] => G:\Program Files (x86)\Office Timeline\Current\OfficeTimelineStartup.exe [15424 2015-09-02] (OfficeTimeline LLC)
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\...\Run: [Boxcryptor.exe] => C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [2494216 2015-12-22] (Secomba GmbH)
SSODL: EldosMountNotificator-cbfs4 - {EBA8D7CF-A7E7-4833-B9D1-1531AB32C2BB} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs5 - {DD23CA0C-7067-4643-A739-D84912A2F2DD} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {EBA8D7CF-A7E7-4833-B9D1-1531AB32C2BB} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {DD23CA0C-7067-4643-A739-D84912A2F2DD} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt0"] -> {3F72D166-F72C-4233-8DFF-C1AE9912EE00} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt1"] -> {2C98CA8D-A52F-45E3-AE6E-2A92C8BAE147} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {2A29B9BC-333E-4476-B063-AA674DD99FEC} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt3"] -> {5793C07F-7534-47F2-B937-FCEA34318D5C} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt8"] -> {997CC261-6729-4956-A09B-818EA137FFE9} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt9"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7951F129-4CA7-4FBA-9B39-588AE2E5B3E0} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {28B22082-F119-42F9-B03F-5A2C61B52164} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-10-04] (EldoS Corporation)
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2014-11-09] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2014-11-09] (Gladinet, INC)
ShellIconOverlayIdentifiers: [SpiderOakOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOak\shell_extension.dll [2015-03-25] (SpiderOak)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt0"] -> {3F72D166-F72C-4233-8DFF-C1AE9912EE00} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt1"] -> {2C98CA8D-A52F-45E3-AE6E-2A92C8BAE147} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {2A29B9BC-333E-4476-B063-AA674DD99FEC} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt3"] -> {5793C07F-7534-47F2-B937-FCEA34318D5C} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt8"] -> {997CC261-6729-4956-A09B-818EA137FFE9} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt9"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-12-22] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {7951F129-4CA7-4FBA-9B39-588AE2E5B3E0} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {28B22082-F119-42F9-B03F-5A2C61B52164} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll [2015-10-04] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll [2014-11-09] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll [2014-11-09] (Gladinet, INC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk [2015-03-24]
ShortcutTarget: Nuance Cloud Connector.lnk -> C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5da22d6c-1516-4fa2-80c6-7c14055ea0c3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c9944795-fb28-4ddb-92b7-4b5c98a2b11d}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=de-de
HKU\S-1-5-21-616740384-3220629695-3887134926-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-616740384-3220629695-3887134926-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-616740384-3220629695-3887134926-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Nuance PDF Toolbar Helper -> {940361F8-7F16-4498-AB43-2EFFE0235AFA} -> G:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-11-18] (Zeon Corporation)
BHO-x32: PlusIEEventHelper Class -> {9D137966-2E29-45C5-9B12-29D5427F8F66} -> G:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll [2014-02-27] (Zeon Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - G:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-11-18] (Zeon Corporation)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\90cbns5n.default-1449569210175
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> G:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll [2015-01-08] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-616740384-3220629695-3887134926-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Andreas\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-616740384-3220629695-3887134926-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-616740384-3220629695-3887134926-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\90cbns5n.default-1449569210175\searchplugins\ixquick-https.xml [2015-12-18]
FF Extension: KeeFox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\90cbns5n.default-1449569210175\extensions\keefox@chris.tomlinson [2015-12-15]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=de-de
CHR StartupUrls: Default -> "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWLniD5Hi5TtMwpB9a8S8zUk_vddOwwwV9MKBnFDr9m9e9RttkoZndkwQ8z8Wli-UfhiVqlXQJX4_vA2hZVMHBzqBlKIyjTzIao0I7S2NtbHVlchCkOqtoFGhSegLs18pwR9mjZA1_D4LEztOdnkvx027Q,,","hxxp://www.google.com/"
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-15]
CHR Extension: (Amazon Music) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkfgcfgfpgmkogcnibdjcckkpdiajgp [2015-11-30]
CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (gMusic) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dodjcoaheahmkpebgeofiajipaiplecc [2015-12-11]
CHR Extension: (Dropbox für Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-04]
CHR Extension: (Kaspersky Protection) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-09-28]
CHR Extension: (Google Play Musik) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-01-18]
CHR Extension: (Music Player for Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2015-09-07]
CHR Extension: (Fiery Music) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon [2015-11-10]
CHR Extension: (Google Play Music) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-01-23]
CHR Extension: (Skype) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-31]
CHR Extension: (Google Play Last.fm Scrobbler) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpepekkleeoeiloijhcafgpjdnhhcbl [2015-12-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Prime Player for Google Play Music™) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\npngaakpdgeaajbnidkkginekmnaejbi [2016-01-20]
CHR Extension: (Lyrics für Google Chrome™) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek [2015-11-10]
CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-616740384-3220629695-3887134926-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-616740384-3220629695-3887134926-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-02] (Kaspersky Lab ZAO)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-10-13] (Digital Wave Ltd.)
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30040 2014-11-09] (Gladinet, INC)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353896 2015-10-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-08-28] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-11-09] (Lavasoft Limited)
S4 MbaeSvc; g:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R2 MBAMScheduler; G:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; G:\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Datei ist nicht signiert]
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-11-09] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [422080 2015-10-04] (EldoS Corporation)
S3 cmntnet; C:\Windows\system32\DRIVERS\cmntnet.sys [141824 2014-12-21] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\system32\DRIVERS\cmnuusbser.sys [123904 2014-12-21] (Wireless Device)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R1 ESProtectionDriver; g:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2014-12-19] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [212992 2014-12-19] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-21] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-28] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-21] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-22] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-08-28] (Intel Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-22 10:57 - 2016-01-22 10:58 - 00037712 _____ C:\Users\Andreas\Downloads\FRST.txt
2016-01-22 10:57 - 2016-01-22 10:57 - 00000000 ____D C:\FRST
2016-01-22 10:56 - 2016-01-22 10:56 - 00001985 _____ C:\Users\Andreas\Desktop\MWAM.txt
2016-01-22 10:55 - 2016-01-22 10:57 - 02370560 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2016-01-22 10:37 - 2016-01-22 10:37 - 00000000 ___HD C:\OneDriveTemp
2016-01-21 11:01 - 2016-01-21 11:01 - 00123413 _____ C:\Users\Andreas\Downloads\sammeldownload_20160121_110145.zip
2016-01-14 12:03 - 2016-01-15 10:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\15F33BC4.sys
2016-01-13 11:40 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 11:40 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 11:40 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 11:40 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 11:40 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 11:40 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 11:40 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 11:40 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 11:40 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 11:40 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 11:40 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 11:40 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 11:40 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 11:40 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 11:40 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 11:40 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 11:40 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 11:40 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 11:40 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 11:40 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 11:40 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 11:40 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 11:40 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 11:40 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 11:40 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 11:40 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 11:40 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 11:40 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 11:40 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 11:40 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 11:40 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 11:40 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 11:40 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 11:40 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 11:40 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 11:40 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 11:40 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 11:40 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 11:40 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 11:40 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 11:40 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 11:40 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 11:40 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 11:40 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 11:40 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 11:40 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 11:40 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 11:40 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 11:40 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 11:40 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 11:40 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 11:40 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 11:40 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 11:40 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 11:40 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 11:40 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 11:40 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 11:40 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 11:40 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 11:40 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 11:40 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 11:40 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 11:40 - 2016-01-05 02:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 11:40 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 11:40 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 11:40 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 11:40 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 11:40 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 11:40 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 11:40 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 11:40 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 11:40 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 11:40 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 11:40 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 11:40 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 11:40 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 11:40 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 11:40 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 11:40 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 11:40 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 11:40 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 11:40 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 11:40 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 11:40 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 11:40 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 11:40 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 11:40 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 11:26 - 2016-01-13 11:26 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-12 12:30 - 2016-01-12 12:30 - 00037003 _____ C:\Users\Andreas\Downloads\fool.com-5 Ways to Save More Money in 2016.pdf
2016-01-12 11:12 - 2016-01-12 11:12 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2016-01-12 11:12 - 2016-01-12 11:12 - 00000712 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2016-01-12 11:08 - 2016-01-12 11:08 - 184194488 _____ (Intel Corporation) C:\Users\Andreas\Downloads\win64_154010.4300.exe
2016-01-08 11:31 - 2016-01-22 10:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-07 10:43 - 2016-01-08 11:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 12:47 - 2016-01-06 12:47 - 00001243 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-01-05 11:04 - 2016-01-12 11:20 - 00019286 _____ C:\WINDOWS\system32\results.xml
2016-01-04 16:35 - 2015-07-06 16:22 - 01767992 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2016-01-04 16:35 - 2015-07-06 16:22 - 01765408 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2016-01-04 16:35 - 2015-07-06 16:22 - 00313888 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2016-01-04 16:35 - 2015-07-06 16:22 - 00183296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4240.dll
2016-01-04 16:35 - 2015-07-06 16:22 - 00143904 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2016-01-04 16:35 - 2015-07-06 16:22 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-01-04 16:35 - 2015-07-06 16:22 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-12-31 11:40 - 2015-12-31 12:02 - 00000000 ____D C:\Users\Andreas\AppData\Local\Boxcryptor
2015-12-31 11:40 - 2015-12-31 11:40 - 00001992 _____ C:\Users\Public\Desktop\Boxcryptor.lnk
2015-12-31 11:40 - 2015-12-31 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxcryptor
2015-12-31 11:40 - 2015-12-31 11:40 - 00000000 ____D C:\Program Files (x86)\Boxcryptor
2015-12-31 11:40 - 2015-10-04 13:23 - 00223528 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsNetRdr5.dll
2015-12-31 11:40 - 2015-10-04 13:23 - 00123688 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsNetRdr5.dll
2015-12-31 11:40 - 2015-10-04 13:22 - 00185640 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf5.dll
2015-12-31 11:40 - 2015-10-04 13:22 - 00159528 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
2015-12-31 11:40 - 2015-10-04 13:17 - 00422080 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs5.sys
2015-12-24 12:20 - 2015-12-28 11:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\74F86057.sys
2015-12-23 11:57 - 2015-12-24 12:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\634F007D.sys
2015-12-23 11:57 - 2015-12-23 11:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\417E0053.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-22 10:57 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-22 10:54 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-22 10:54 - 2015-03-12 15:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-22 10:54 - 2014-10-31 12:36 - 00000000 ____D C:\Users\Andreas\AppData\Local\SpiderOak
2016-01-22 10:54 - 2014-04-17 14:13 - 00112126 _____ C:\Users\Andreas\Documents\LibLap.kdbx
2016-01-22 10:53 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-22 10:48 - 2014-04-17 13:09 - 00000000 ___RD C:\Users\Andreas\Google Drive
2016-01-22 10:43 - 2014-04-16 13:30 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{470D6DEB-5840-4E96-BFE0-B58E28FE2AC6}
2016-01-22 10:39 - 2015-03-25 11:31 - 00000000 ____D C:\Users\Andreas\AppData\Local\gladinet
2016-01-22 10:38 - 2015-12-03 10:34 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Raptr
2016-01-22 10:37 - 2015-10-12 14:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-22 10:37 - 2014-06-05 14:33 - 00000000 __SHD C:\Users\Andreas\IntelGraphicsProfiles
2016-01-22 10:37 - 2014-04-16 13:39 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 10:37 - 2014-04-16 13:01 - 00000000 __RDO C:\Users\Andreas\SkyDrive
2016-01-21 14:11 - 2014-04-17 12:00 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\KeePass
2016-01-21 13:38 - 2014-08-11 11:36 - 00000000 ____D C:\Users\Andreas\AppData\Local\Amazon Music
2016-01-21 13:37 - 2014-04-17 13:02 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-616740384-3220629695-3887134926-1001UA.job
2016-01-21 13:25 - 2015-06-09 10:37 - 00000422 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-01-21 13:25 - 2014-04-17 13:01 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-21 13:20 - 2014-04-16 13:39 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-21 11:37 - 2014-04-17 13:02 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-616740384-3220629695-3887134926-1001Core.job
2016-01-20 14:26 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-19 15:36 - 2014-10-31 12:38 - 00000000 ___RD C:\Users\Andreas\Documents\SpiderOak Hive
2016-01-18 15:39 - 2015-03-24 12:54 - 00000000 ____D C:\ProgramData\TEMP
2016-01-18 11:01 - 2014-09-30 14:39 - 00000000 ____D C:\Temp
2016-01-15 10:38 - 2015-10-30 19:35 - 00777804 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-15 10:38 - 2015-10-30 19:35 - 00156080 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-15 10:38 - 2015-07-30 15:10 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-15 10:34 - 2015-12-11 18:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-14 11:09 - 2014-12-29 13:13 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 11:07 - 2015-11-12 15:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-14 10:48 - 2014-04-23 16:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 10:48 - 2014-04-23 16:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 16:28 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-13 16:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 11:58 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 11:57 - 2014-04-16 13:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 11:47 - 2015-07-30 14:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-13 11:47 - 2014-04-16 13:19 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 11:46 - 2014-04-23 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 11:26 - 2014-04-16 12:45 - 00116224 ____N C:\WINDOWS\Minidump\011316-29984-01.dmp
2016-01-12 11:12 - 2015-12-11 17:44 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-01-12 11:12 - 2014-04-16 13:14 - 00000000 ____D C:\Program Files (x86)\Intel
2016-01-12 11:09 - 2014-04-16 13:14 - 00000000 ____D C:\Intel
2016-01-12 10:36 - 2015-12-11 17:36 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-11 10:54 - 2014-04-17 11:56 - 00000867 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2016-01-11 10:44 - 2015-12-11 17:45 - 00000000 ____D C:\Program Files\AMD
2016-01-08 11:29 - 2015-12-11 17:38 - 00218760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-08 11:29 - 2014-04-16 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 15:18 - 2014-05-02 13:35 - 00000811 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2015-12-30 15:18 - 2014-05-02 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-12-30 15:17 - 2014-05-02 13:35 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\MediaMonkey
2015-12-29 13:25 - 2014-04-17 13:01 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-24 12:39 - 2015-12-11 17:51 - 00000000 ____D C:\Users\Andreas
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-10-13 11:04 - 2015-10-13 11:04 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2014-11-12 14:29 - 2014-11-12 14:29 - 0010103 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2015-02-27 15:07 - 2015-02-27 15:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-28 12:45 - 2014-08-28 12:45 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2015-12-11 17:45 - 2015-12-11 17:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-17 14:33 - 2014-04-17 14:33 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-07-17 10:37 - 2015-03-18 14:41 - 0032737 _____ () C:\ProgramData\lxee.log
2014-05-16 13:34 - 2014-10-22 12:39 - 0000370 _____ () C:\ProgramData\lxeeDiagnostics.log
2014-04-17 14:32 - 2015-02-18 14:45 - 0097042 _____ () C:\ProgramData\lxeeJSW.log
2014-04-17 14:31 - 2015-03-18 14:40 - 0155761 _____ () C:\ProgramData\lxeescan.log
2014-08-28 12:45 - 2014-08-28 12:45 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-04-17 14:30 - 2014-04-17 14:30 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-01-14 11:06
==================== Ende von FRST.txt ============================
22.01.2016, 11:08
Baum-Darstellung