| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spammails an alle Kunden (Onlineshop)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.09.2015, 11:34
| #1 |
| |  Spammails an alle Kunden (Onlineshop) Hallo, von unserem Mailkonto wurden anscheinend Spammails an alle unsere Kunden geschickt. Der Inhalt ist immer gleich (URL ändert sich) Code:
ATTFilter Hey friend!
Check this out hxxp://lozanoim.com/minutes.php?50qd9
FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015 durchgeführt von insaneware (Administrator) auf INSANEWARE-PC (16-09-2015 11:42:22) Gestartet von C:\Users\insaneware\Downloads Geladene Profile: insaneware (Verfügbare Profile: insaneware) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Opera) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\Mein Büro Mobile Connector\Deltra.ERP-Guardian\ErpApiGuardian.exe (OSBASE) C:\Windows\System32\ddmgr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\DelGuard.exe (Firebird Project) C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\delserv.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe () C:\Windows\SysWOW64\srvany.exe (TODO: <公司名>) C:\Windows\SysWOW64\SDIOAssist.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Spotify Ltd) C:\Users\insaneware\AppData\Roaming\Spotify\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe () C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe (Dropbox, Inc.) C:\Users\insaneware\AppData\Roaming\Dropbox\bin\Dropbox.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Savard Software) C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Synology Inc.) C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\bin\cloud-ui.exe (Pushbullet Inc) C:\Users\insaneware\AppData\Local\Pushbullet\bin\pushbullet_client.exe (Pushbullet Inc) C:\Users\insaneware\AppData\Local\Temp\pushbullet_watchdog.exe (Synology Inc.) C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\bin\cloud-connect.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Synology Inc.) C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\bin\cloud-daemon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe () C:\Program Files (x86)\Mein Büro Mobile Connector\deltra.ERP\Deltra.Erp.Host.WinService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe () C:\Program Files (x86)\dreamboxEDIT\dreamboxEDIT.exe (Microsoft Corporation) C:\Windows\System32\calc.exe (deltra Business Software GmbH & Co KG) C:\Program Files (x86)\Buhl\Mein Büro\MB.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe () C:\Program Files (x86)\ImageWriter\Win32DiskImager.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-30] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-08-04] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-04] (NVIDIA Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [217088 2014-06-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8918528 2015-04-22] (Dell Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [HitsBlender] => "C:\Program Files (x86)\HitsBlender\hitsblender.exe" -s HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc) HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [Dropbox Update] => C:\Users\insaneware\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [Spotify Web Helper] => C:\Users\insaneware\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-09] (Spotify Ltd) HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [Spotify] => C:\Users\insaneware\AppData\Roaming\Spotify\Spotify.exe [7535672 2015-09-09] (Spotify Ltd) HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53725200 2015-08-07] (Skype Technologies S.A.) HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-08-04] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [146528 2014-08-04] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-08-04] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-09-10] (TODO: <Company name>) ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-09-10] (TODO: <Company name>) ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-09-10] (TODO: <Company name>) ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-09-10] (TODO: <Company name>) ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\insaneware\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-09-10] (TODO: <Company name>) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\insaneware\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-20] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Status Monitor.lnk [2015-06-12] ShortcutTarget: Status Monitor.lnk -> C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVR Scheduler.lnk [2014-09-05] ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe () Startup: C:\Users\insaneware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-31] ShortcutTarget: Dropbox.lnk -> C:\Users\insaneware\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\insaneware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station.lnk [2014-11-11] ShortcutTarget: Synology Cloud Station.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.) Startup: C:\Users\insaneware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLaunch.lnk [2014-04-01] ShortcutTarget: TurboLaunch.lnk -> C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe (Savard Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5-x64 09 C:\Program Files (x86)\Generic\Network Printer Wizard\NPWprint.dll [195584 2012-03-20] (Elite Silicon Technology Inc.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\..\Interfaces\{315BEFE8-9184-428F-9A69-382A9348CEF9}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{51270CB7-749B-4061-97F2-B8EE1D160E95}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{9025BDAE-72AA-4C2D-9175-8C6F4744B67C}: [NameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {78FC1F27-F807-45BA-9855-E8A83E04B86F} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2176630791-1936397272-1849537872-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2176630791-1936397272-1849537872-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2176630791-1936397272-1849537872-1001 -> {78FC1F27-F807-45BA-9855-E8A83E04B86F} URL = hxxp://www.sm.de/?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-11] (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-11] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\insaneware\AppData\Roaming\Mozilla\Firefox\Profiles\koi5a3w1.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-11] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-11] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-09] () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-09] () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-09] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-08-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-08-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-02] (Apple Inc.) FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\insaneware\AppData\Roaming\Mozilla\Firefox\Profiles\koi5a3w1.default\Extensions\artur.dubovoy@gmail.com [2015-07-01] FF Extension: Bing Search Engine - C:\Users\insaneware\AppData\Roaming\Mozilla\Firefox\Profiles\koi5a3w1.default\Extensions\bingsearch.full@microsoft.com [2015-03-17] FF Extension: Flash and Video Download - C:\Users\insaneware\AppData\Roaming\Mozilla\Firefox\Profiles\koi5a3w1.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-08-26] FF Extension: 1-Click YouTube Video Downloader - C:\Users\insaneware\AppData\Roaming\Mozilla\Firefox\Profiles\koi5a3w1.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-01-14] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-01] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-13] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-24] Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://istart.webssearches.com/web/?type=ds&ts=1413159498&from=cvs&uid=SamsungXSSDX840XPROXSeries_S12RNEAD235274B&q={searchTerms} CHR DefaultSearchKeyword: Default -> webssearches CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\PepperFlash\pepflashplayer.dll => Keine Datei CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\pdf.dll => Keine Datei CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => Keine Datei CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Keine Datei CHR Profile: C:\Users\insaneware\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bing) - C:\Users\insaneware\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-03-18] CHR Extension: (Pushbullet) - C:\Users\insaneware\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-03-31] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\insaneware\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-01] CHR Extension: (Bookmark Manager) - C:\Users\insaneware\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\insaneware\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17] CHR Extension: (Google Wallet) - C:\Users\insaneware\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKU\S-1-5-21-2176630791-1936397272-1849537872-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho Opera: ======= OPR Extension: (Gantt) - C:\Users\insaneware\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-06-04] OPR Extension: (YouTube Unblocker) - C:\Users\insaneware\AppData\Roaming\Opera Software\Opera Stable\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-07-29] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R3 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [43224 2014-07-03] (Realtek Semiconductor Corporation) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94720 2014-04-29] () [Datei ist nicht signiert] R2 BuhlERP; C:\Program Files (x86)\Mein Büro Mobile Connector\Deltra.ERP\Deltra.Erp.Host.WinService.exe [11672 2015-07-08] () R2 BuhlERPGuardian; C:\Program Files (x86)\Mein Büro Mobile Connector\Deltra.ERP-Guardian\ErpApiGuardian.exe [17304 2015-07-20] () R2 ddmgr; C:\Windows\system32\ddmgr.exe [857248 2015-05-14] (OSBASE) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 deltraDBGuard; C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\delguard.exe [1205760 2014-11-25] () [Datei ist nicht signiert] R2 deltraDBServer; C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\delserv.exe [3813376 2015-01-19] (Firebird Project) [Datei ist nicht signiert] R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert] R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [798720 2012-03-20] () [Datei ist nicht signiert] R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2694432 2014-08-04] () R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International) R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [Datei ist nicht signiert] S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-05-02] (The OpenVPN Project) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [50392 2014-07-03] (Realtek Semiconductor Corporation) S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] () R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-20] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6169600 2015-04-22] (Dell Inc.) [Datei ist nicht signiert] R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{F84376D7-BFFC-44D6-B560-4254F1C840E4} ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2015-04-22] (Broadcom Corporation.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems) S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-05-19] (Motorola Solutions, Inc.) S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.) S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com) R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [246432 2015-05-14] (OSBASE) R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [19616 2015-05-14] (OSBASE) S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2014-04-04] () S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-31] (Disc Soft Ltd) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39248 2012-09-13] (Paragon Software Group) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation) R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.) S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation) R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvd.sys [108624 2013-02-15] (Miray) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2015-04-22] (CACE Technologies, Inc.) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299352 2014-08-04] (NVIDIA Corporation) R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro ) S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project) S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [578264 2014-08-05] (Realtek Semiconductor Corporation) S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] () S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek) R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics) S3 UDST7000BDA; C:\Windows\System32\Drivers\UDST7000BDA.sys [527632 2009-06-15] (TechniSat Digital S.A.) S3 UDST7000HID; C:\Windows\System32\drivers\UDST7000HID.sys [27664 2009-06-15] (TechniSat Digital S.A.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-09-13] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-09-13] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-09-13] (Paragon) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-16 11:42 - 2015-09-16 11:42 - 02191360 _____ (Farbar) C:\Users\insaneware\Downloads\FRST64.exe 2015-09-16 11:42 - 2015-09-16 11:42 - 00050586 _____ C:\Users\insaneware\Downloads\FRST.txt 2015-09-16 11:42 - 2015-09-16 11:42 - 00000000 ____D C:\FRST 2015-09-15 15:34 - 2015-09-15 15:34 - 00006570 _____ C:\Users\insaneware\AppData\Local\recently-used.xbel 2015-09-13 01:43 - 2015-09-13 01:43 - 00000000 ____D C:\Users\insaneware\Desktop\Tor Browser 2015-09-13 01:42 - 2015-09-13 01:43 - 43791480 _____ C:\Users\insaneware\Downloads\torbrowser-install-5.0.2_en-US.exe 2015-09-12 20:00 - 2015-09-12 20:00 - 01940382 _____ C:\Users\insaneware\Downloads\Fast.and.Furious.7.EXTENDED.2015.German.DTS.DL.720p.BluRay.x264-EXQUiSiTE.nzb 2015-09-11 20:51 - 2015-09-11 20:52 - 00000000 ____D C:\Users\insaneware\.weasis 2015-09-09 13:21 - 2015-09-09 13:21 - 05185992 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-09 13:21 - 2015-09-09 13:21 - 00001336 _____ C:\Windows\PFRO.log 2015-09-08 15:24 - 2015-09-08 15:24 - 00000000 ____D C:\Users\insaneware\Downloads\ambi60-2-hyperion-safe-rpi15-v03-backup 2015-09-08 12:58 - 2015-09-08 12:59 - 00000000 ____D C:\Program Files (x86)\CandiSoft_Load_0.7.5 2015-09-08 12:57 - 2015-09-08 12:58 - 17592777 _____ C:\Users\insaneware\Downloads\CandiSoft_Load_0.7.5.zip 2015-09-08 12:54 - 2015-09-08 12:54 - 00000000 ____D C:\Users\insaneware\.appwork 2015-09-07 11:23 - 2015-09-15 11:46 - 00002128 _____ C:\Windows\setupact.log 2015-09-07 11:23 - 2015-09-07 11:23 - 00151000 _____ C:\Users\insaneware\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-07 11:23 - 2015-09-07 11:23 - 00000000 _____ C:\Windows\setuperr.log 2015-09-04 15:28 - 2015-09-04 15:28 - 00549484 _____ C:\Users\insaneware\Downloads\BfRLSWuXO3Hgv6yJ5iqPneuBdLJIas.par2.nzb 2015-09-04 15:22 - 2015-09-04 15:22 - 00834712 _____ C:\Users\insaneware\Downloads\GoRdNLjqGS21QbJT8eTXEuhLBzzhX0.par2.nzb 2015-09-04 11:29 - 2015-09-04 11:29 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-09-03 17:07 - 2015-09-12 22:46 - 00005160 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for insaneware-PC-insaneware insaneware-PC 2015-09-03 12:56 - 2015-09-03 12:56 - 24883254 _____ C:\img_001.bmp 2015-09-03 12:55 - 2011-11-04 12:46 - 00733184 _____ (www.rene-zeidler.de) C:\Program Files (x86)\Snipping Tool Plus.exe 2015-09-03 12:53 - 2015-09-11 13:10 - 00000000 ____D C:\Users\insaneware\AppData\Local\www.rene-zeidler.de 2015-09-03 12:53 - 2015-09-03 12:53 - 00437645 _____ C:\Users\insaneware\Downloads\SnippingToolPlusv3-4-1-0.zip 2015-09-03 12:53 - 2015-09-03 12:53 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\www.rene-zeidler.de 2015-09-03 12:53 - 2015-09-03 12:53 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de 2015-09-02 00:29 - 2015-09-02 00:29 - 00000000 ____D C:\Program Files (x86)\Dell Update 2015-09-02 00:23 - 2015-09-02 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-09-02 00:23 - 2015-09-02 00:23 - 00000000 ____D C:\Program Files (x86)\QuickTime 2015-09-02 00:22 - 2015-09-02 00:22 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-09-02 00:22 - 2015-09-02 00:22 - 00000000 ____D C:\Program Files\iTunes 2015-09-02 00:22 - 2015-09-02 00:22 - 00000000 ____D C:\Program Files\iPod 2015-09-02 00:22 - 2015-09-02 00:22 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-09-01 12:42 - 2015-09-01 12:42 - 00000244 _____ C:\Users\insaneware\Downloads\AnyDVDHD_Key_13846091.AnyDVDHD 2015-08-31 11:44 - 2015-08-31 11:44 - 34955883 _____ C:\Users\insaneware\Downloads\AmbiLED HD Installation.mp4 2015-08-27 17:52 - 2015-08-27 17:52 - 01966327 _____ C:\Users\insaneware\Downloads\Unknown.User.2015.German.AC3.Dubbed.1080p.DL.BluRay.x264-MULTiPLEX.nzb 2015-08-27 16:52 - 2015-08-27 16:52 - 02037261 _____ C:\Users\insaneware\Downloads\on3stktevxrkynqoll32ru6.par2.nzb 2015-08-27 16:45 - 2015-08-27 16:45 - 00169799 _____ C:\Users\insaneware\Downloads\Ballermann_6_German_1997_DVDRip_Xvid_INTERNAL-EmdP.nzb 2015-08-27 16:41 - 2015-08-27 16:41 - 00169630 _____ C:\Users\insaneware\Downloads\Ballermann.6.German.1997.DVDRip.Xvid.INTERNAL-EmdP.nzb 2015-08-27 14:58 - 2015-08-27 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-27 13:07 - 2015-08-27 13:07 - 03366084 _____ C:\Users\insaneware\Downloads\86mvwlnstikf31xqtgkko95.par2.nzb 2015-08-27 13:04 - 2015-08-27 13:04 - 02131276 _____ C:\Users\insaneware\Downloads\oadKyHaZKodnUVg_LPud72DvY.par2.nzb 2015-08-27 13:03 - 2015-08-27 13:03 - 02407187 _____ C:\Users\insaneware\Downloads\DR436_20150814_022.par2.nzb 2015-08-27 13:02 - 2015-08-27 13:02 - 01376345 _____ C:\Users\insaneware\Downloads\DR436_20150814_023.par2.nzb 2015-08-27 12:56 - 2015-08-27 12:56 - 01521166 _____ C:\Users\insaneware\Downloads\f4jfbpk95z13naaevy42exp.par2.nzb 2015-08-26 13:54 - 2015-08-26 14:03 - 00000000 ____D C:\Users\insaneware\Downloads\AtmoLight_Demo_All_In_One_HD 2015-08-25 19:44 - 2015-08-25 19:44 - 00061138 _____ C:\Users\insaneware\Downloads\aller.zip 2015-08-18 20:11 - 2015-08-18 20:11 - 00604910 _____ C:\Users\insaneware\Downloads\LD_stable_608_pass_thelastdrakkar.com.zip 2015-08-18 15:24 - 2015-08-18 15:24 - 00175354 _____ C:\Users\insaneware\Downloads\jantzen.tif 2015-08-18 12:41 - 2015-09-12 20:34 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\Spotify 2015-08-18 12:41 - 2015-09-12 20:29 - 00000000 ____D C:\Users\insaneware\AppData\Local\Spotify 2015-08-18 12:41 - 2015-08-18 12:41 - 00146080 _____ (Spotify Ltd) C:\Users\insaneware\Downloads\SpotifySetup.exe 2015-08-18 12:41 - 2015-08-18 12:41 - 00001839 _____ C:\Users\insaneware\Desktop\Spotify.lnk 2015-08-18 12:41 - 2015-08-18 12:41 - 00001825 _____ C:\Users\insaneware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-08-18 12:41 - 2015-08-18 12:41 - 00000000 ____D C:\Users\insaneware\AppData\Local\CEF 2015-08-18 03:04 - 2015-02-24 21:26 - 00970919 _____ C:\Users\insaneware\Documents\oscam.armel 2015-08-18 01:14 - 2015-08-18 01:14 - 00000397 _____ C:\Users\insaneware\Downloads\cables (1).rar 2015-08-18 01:04 - 2015-08-18 01:04 - 00000522 _____ C:\Users\insaneware\Downloads\cables.xml.zip 2015-08-17 19:16 - 2015-08-17 19:16 - 00594032 _____ C:\Users\insaneware\Downloads\LD_beta_625_pass_thelastdrakkar.com.zip 2015-08-17 12:02 - 2015-11-25 01:49 - 00223420 _____ C:\Users\insaneware\Documents\V14-2_unique_emm.log 2015-08-17 11:57 - 2015-09-08 18:08 - 00025456 _____ C:\Users\insaneware\Documents\v14_test_unique_emm.log 2015-08-17 02:20 - 2015-08-17 02:20 - 00053819 _____ C:\Users\insaneware\Desktop\blase-emm.txt.txt 2015-08-17 00:32 - 2015-11-24 20:30 - 00287678 _____ C:\Users\insaneware\Documents\V14_unique_emm.log ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-16 11:42 - 2014-06-06 02:41 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\NetSpeedMonitor 2015-09-16 11:30 - 2014-06-27 12:11 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\Skype 2015-09-16 11:26 - 2014-03-20 19:26 - 01887176 _____ C:\Windows\WindowsUpdate.log 2015-09-16 11:15 - 2014-09-24 18:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-09-16 11:08 - 2014-08-29 01:12 - 00000000 ____D C:\Users\insaneware\AppData\Local\Adobe 2015-09-16 11:07 - 2015-06-16 10:42 - 00001244 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2176630791-1936397272-1849537872-1001UA.job 2015-09-16 11:07 - 2015-04-22 16:58 - 01040054 _____ C:\Users\insaneware\AppData\Local\BTServer.log 2015-09-16 11:07 - 2014-03-31 16:55 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-16 11:06 - 2014-10-16 11:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-15 20:12 - 2015-02-24 13:54 - 00001081 _____ C:\Users\insaneware\Desktop\hypercon.dat 2015-09-15 20:12 - 2014-04-01 14:14 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\vlc 2015-09-15 19:49 - 2014-06-28 11:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-15 18:10 - 2014-04-04 02:15 - 00000600 _____ C:\Users\insaneware\AppData\Local\PUTTY.RND 2015-09-15 18:09 - 2014-04-04 03:12 - 00000600 _____ C:\Users\insaneware\AppData\Roaming\winscp.rnd 2015-09-15 18:09 - 2014-03-31 22:05 - 00000000 ____D C:\Users\insaneware\AppData\Local\CrashDumps 2015-09-15 15:54 - 2014-05-08 22:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-09-15 15:49 - 2014-03-31 22:16 - 00000000 ____D C:\Users\insaneware\Documents\Outlook-Dateien 2015-09-15 15:34 - 2014-04-17 23:25 - 00000000 ____D C:\Users\insaneware\AppData\Local\gtk-2.0 2015-09-15 15:30 - 2014-04-17 23:22 - 00000000 ____D C:\Users\insaneware\.gimp-2.8 2015-09-15 14:36 - 2014-11-04 18:07 - 00000000 ____D C:\ProgramData\firebird 2015-09-15 12:32 - 2014-05-08 20:21 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\TeamViewer 2015-09-15 12:05 - 2015-06-16 10:41 - 00001192 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2176630791-1936397272-1849537872-1001Core.job 2015-09-15 11:57 - 2010-11-21 08:50 - 00704186 _____ C:\Windows\system32\perfh007.dat 2015-09-15 11:57 - 2010-11-21 08:50 - 00151236 _____ C:\Windows\system32\perfc007.dat 2015-09-15 11:57 - 2009-07-14 07:13 - 01632254 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-15 11:52 - 2014-03-31 16:55 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-15 11:47 - 2014-03-31 16:55 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-15 11:47 - 2014-03-31 16:55 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-13 03:12 - 2015-01-15 20:28 - 00000000 ____D C:\gissmo-E2-unitymedia- IPTV 2015-09-12 20:37 - 2014-03-20 19:49 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-09-12 20:37 - 2009-07-14 06:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-12 20:37 - 2009-07-14 06:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-12 20:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration 2015-09-12 20:29 - 2015-01-05 12:05 - 00000000 ____D C:\Users\insaneware\AppData\Local\Pushbullet 2015-09-12 20:29 - 2014-03-31 21:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-09-12 20:29 - 2014-03-31 21:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-09-12 20:29 - 2014-03-31 17:02 - 00000000 ____D C:\Users\insaneware\AppData\Roaming\Dropbox 2015-09-12 20:29 - 2014-03-20 19:30 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-12 20:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-12 20:28 - 2014-04-01 00:26 - 00202602 ____H C:\Users\insaneware\AppData\Roaming\TurboLaunch_IconCache.dat 2015-09-11 20:51 - 2014-03-31 16:00 - 00000000 ____D C:\Users\insaneware 2015-09-11 19:18 - 2014-12-04 20:39 - 01332736 ___SH C:\Users\insaneware\Documents\Thumbs.db 2015-09-11 13:40 - 2014-04-01 01:14 - 00000432 _____ C:\Windows\BRWMARK.INI 2015-09-10 21:59 - 2014-03-31 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-09-10 13:23 - 2014-05-05 22:16 - 00000000 ____D C:\Users\insaneware\AppData\Local\CloudStation 2015-09-09 13:23 - 2014-04-01 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-09-08 20:48 - 2015-03-02 15:54 - 00000000 ____D C:\Program Files (x86)\svnet 2015-09-08 12:54 - 2015-01-20 16:03 - 00000000 ____D C:\Users\insaneware\AppData\Local\JDownloader 2.0 2015-09-04 14:21 - 2015-07-07 13:45 - 00033676 _____ C:\Users\insaneware\Documents\hyperion.config.json 2015-09-04 11:29 - 2014-10-23 12:43 - 00000000 ____D C:\Users\insaneware\Desktop\2 2015-09-02 12:58 - 2015-01-09 17:14 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-09-02 00:29 - 2014-03-20 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-09-02 00:22 - 2014-10-26 15:49 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-09-02 00:22 - 2014-04-04 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-09-02 00:22 - 2014-04-04 00:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-09-02 00:21 - 2014-04-22 11:19 - 00000000 ____D C:\Windows\Minidump 2015-08-27 16:48 - 2014-04-07 14:25 - 00000000 ____D C:\Users\insaneware\AppData\Local\QuickPar 2015-08-27 14:59 - 2014-06-27 12:11 - 00000000 ____D C:\ProgramData\Skype 2015-08-27 14:58 - 2014-09-29 10:46 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-08-27 14:25 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup 2015-08-27 14:15 - 2014-03-20 19:26 - 00000000 ____D C:\Windows\SoftwareDistribution_alt 2015-08-27 12:44 - 2014-10-16 11:11 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-27 12:44 - 2014-03-20 19:25 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-27 12:44 - 2014-03-20 19:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-19 11:59 - 2014-06-03 10:21 - 00003862 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1396479762 2015-08-19 11:59 - 2014-04-03 01:02 - 00000000 ____D C:\Program Files (x86)\Opera 2015-08-18 01:05 - 2014-04-01 13:39 - 00000000 ____D C:\Program Files\Flashfxp 2015-08-17 00:07 - 2014-04-14 16:50 - 00000000 __SHD C:\Users\insaneware\AppData\Local\EmieUserList 2015-08-17 00:07 - 2014-04-14 16:50 - 00000000 __SHD C:\Users\insaneware\AppData\Local\EmieSiteList ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-10-02 15:11 - 2014-10-02 15:11 - 8057403 _____ () C:\Program Files\hyperion.rar 2015-09-03 12:55 - 2011-11-04 12:46 - 0733184 _____ (www.rene-zeidler.de) C:\Program Files (x86)\Snipping Tool Plus.exe 2015-06-11 15:17 - 2015-06-12 17:39 - 0000442 _____ () C:\Users\insaneware\AppData\Roaming\CSharpAnalytics-MeasurementSession 2014-04-04 03:12 - 2015-09-15 18:09 - 0000600 _____ () C:\Users\insaneware\AppData\Roaming\winscp.rnd 2015-04-22 16:58 - 2015-09-16 11:07 - 1040054 _____ () C:\Users\insaneware\AppData\Local\BTServer.log 2014-04-04 02:15 - 2015-09-15 18:10 - 0000600 _____ () C:\Users\insaneware\AppData\Local\PUTTY.RND 2015-09-15 15:34 - 2015-09-15 15:34 - 0006570 _____ () C:\Users\insaneware\AppData\Local\recently-used.xbel 2015-07-30 22:39 - 2015-07-31 11:43 - 0000438 _____ () C:\Users\insaneware\AppData\Local\ReclaiMe.config 2015-07-30 22:39 - 2015-07-31 11:43 - 0000515 _____ () C:\ProgramData\ReclaiMe.config Einige Dateien in TEMP: ==================== C:\Users\insaneware\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlogdt.dll C:\Users\insaneware\AppData\Local\Temp\proxy_vole2313665269802932938.dll C:\Users\insaneware\AppData\Local\Temp\pushbullet_watchdog.exe C:\Users\insaneware\AppData\Local\Temp\Synology-Cloud-Station-Upgrader.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-11 00:30 ==================== Ende von FRST.txt ============================ |
| Themen zu Spammails an alle Kunden (Onlineshop) |
| avast, bluestacks, bonjour, converter, defender, desktop, dnsapi.dll, downloader, ebanking, explorer, flash player, iexplore.exe, mozilla, onlineshop, proxy, prozesse, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, synology, system, temp, windows, winlogon.exe, wlan |
Baum-Darstellung