Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
chinesischer Dienst

chinesischer Dienst


Plagegeister aller Art und deren Bekämpfung: chinesischer Dienst

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.03.2014, 07:04   #1
castraregina
 
chinesischer Dienst - Standard

chinesischer Dienst


Guten Morgen,
zufällig ist mir heute im Taskmanager ein chinesischer Dienst aufgefallen, der dort sicher nicht hingehört.
Wie kann ich ihn entfernen?
Frst64.exe habe ich bereits laufen lassen.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Bernhard (administrator) on BERNHARD-PC on 13-03-2014 06:46:20
Running from C:\Users\Bernhard\Desktop\PC\Trojanerboard
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE
() C:\PROGRAM FILES (X86)\ASHAMPOO\ASHAMPOO CORE TUNER 2\ACT2SERVICE.EXE
() C:\PROGRAM FILES (X86)\ASHAMPOO\ASHAMPOO HDD CONTROL 2\AHDDC2_SERVICE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\PROGRAM FILES (X86)\COBIAN BACKUP 11\CBSERVICE.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\SYSWOW64\SVCHOST.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.4.0.40\CCSVCHST.EXE
() C:\PROGRAM FILES\OCSTER BACKUP\BIN\BACKUPSERVICE-OX.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\system32\PrintDisp.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Windows\SysWOW64\STGRAMDiskHandler64.exe
() C:\PROGRAM FILES (X86)\1&1 SURF-STICK\ASSISTANTSERVICES.EXE
() C:\PROGRAM FILES (X86)\WATCHMI\TVDSERVICE.EXE
() c:\Program Files\Ocster Backup\bin\oxHelper.exe
(Microsoft Corp.) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVC.EXE
(Intel® Corporation) C:\PROGRAM FILES\INTEL\WIFI\BIN\ZEROCONFIGSERVICE.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\OBEXSRV.EXE
(Microsoft Corporation) C:\PROGRAM FILES (X86)\MICROSOFT APPLICATION VIRTUALIZATION CLIENT\SFTLIST.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVHSVC.EXE
(Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.4.0.40\CCSVCHST.EXE
() C:\PROGRAM FILES (X86)\PHOTKEY\PHOTKEY.EXE
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\PROGRAM FILES (X86)\PHOTKEY\PVDAGENT.EXE
() C:\PROGRAM FILES (X86)\PHOTKEY\POSD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\PROGRAM FILES (X86)\CYBERLINK\YOUCAM\YOUCAMSERVICE.EXE
(Intel Corporation) C:\WINDOWS\SYSTEM32\HKCMD.EXE
(Intel Corporation) C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
(Realtek Semiconductor) C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE
(Realtek Semiconductor) C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVBG64.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(TODO: <Company name>) C:\PROGRAM FILES (X86)\PHOTKEY\HCSYNAPI.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Ashampoo Development GmbH & Co. KG) C:\PROGRAM FILES (X86)\ASHAMPOO\ASHAMPOO HDD CONTROL 2\AHDDC2_GUARD.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
(Microsoft Corporation) C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE
(Steganos Software GmbH) C:\PROGRAM FILES (X86)\STEGANOS PRIVACY SUITE 14\STEGANOSBROWSERMONITOR.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) USB 3.0 EXTENSIBLE HOST CONTROLLER DRIVER\APPLICATION\IUSB3MON.EXE
(Dolby Laboratories Inc.) C:\PROGRAM FILES (X86)\DOLBY ADVANCED AUDIO V2\PCEE4.EXE
(CyberLink) C:\PROGRAM FILES (X86)\CYBERLINK\POWER2GO\CLMLSVC.EXE
() C:\PROGRAM FILES (X86)\1&1 SURF-STICK\UIEXEC.EXE
(Hewlett-Packard) C:\PROGRAM FILES (X86)\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
(Steganos Software GmbH) C:\PROGRAM FILES (X86)\STEGANOS PRIVACY SUITE 14\STEGANOSHOTKEYSERVICE.EXE
(Steganos Software GmbH) C:\PROGRAM FILES (X86)\STEGANOS PRIVACY SUITE 14\FREDIRSTARTER.EXE
(Intel(R) Corporation) C:\PROGRAM FILES\INTEL\BLUETOOTHHS\BTHSSECURITYMGR.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE
(Microsoft Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVH.EXE
() C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\OFFICEVIRT.EXE
(Microsoft Corporation) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPSVC.EXE
(RealNetworks, Inc.) C:\PROGRAM FILES (X86)\REAL\REALPLAYER\UPDATE\REALSCHED.EXE
(AnVir Software) C:\PROGRAM FILES (X86)\ANVIR TASK MANAGER\ANVIR.EXE
(AnVir Software) C:\PROGRAM FILES (X86)\ANVIR TASK MANAGER\ANVIR64.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [Ashampoo Core Tuner 2] - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe [5220768 2011-08-22] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [Ashampoo HDD-Control 2 Guard] - C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe [3783592 2012-07-30] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-10-22] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-10-22] (Crawler.com)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AVMFBoxMonitor] - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Steganos HotKeys] - C:\Program Files (x86)\Steganos Privacy Suite 14\SteganosHotKeyService.exe [100864 2013-12-18] (Steganos Software GmbH)
HKLM-x32\...\Run: [SSS14 File Redirection Starter] - C:\Program Files (x86)\Steganos Privacy Suite 14\fredirstarter.exe [17920 2013-12-18] (Steganos Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-01-03] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4070342091-3793343965-3738386277-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-03] (Google Inc.)
HKU\S-1-5-21-4070342091-3793343965-3738386277-1000\...\Run: [SUPERAntiSpyware] - C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE [6563608 2014-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-4070342091-3793343965-3738386277-1000\...\Run: [Google Update] - C:\Users\Bernhard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-21] (Google Inc.)
HKU\S-1-5-21-4070342091-3793343965-3738386277-1000\...\Run: [SSS14 Browser Monitor] - C:\Program Files (x86)\Steganos Privacy Suite 14\SteganosBrowserMonitor.exe [70656 2013-12-18] (Steganos Software GmbH)
HKU\S-1-5-21-4070342091-3793343965-3738386277-1000\...\Run: [] - [X]
HKU\S-1-5-21-4070342091-3793343965-3738386277-1006\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\SCANNERMAP\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 14\SPMIEToolbar64.dll (Steganos Software GmbH)
Toolbar: HKLM - Perfect Print 7 - {F723BF1C-C826-44B0-A8E2-28BBA1C5D201} - C:\Program Files (x86)\soft Xpansion\Perfect Print 7 Express\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 14\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKLM-x32 - Perfect Print 7 - {F723BF1C-C826-44B0-A8E2-28BBA1C5D201} - C:\Program Files (x86)\soft Xpansion\Perfect Print 7 Express\ieagent32.dll (soft Xpansion)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\kr8smgr0.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\soft Xpansion\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Bernhard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Bernhard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Bernhard\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Bernhard\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bernhard\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bernhard\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Bernhard\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Bernhard\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bernhard\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Bernhard\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firefox Synchronisation Extension - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\kr8smgr0.default\Extensions\synchronize@nokia.suite [2014-03-04]
FF Extension: DownloadHelper - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\kr8smgr0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-12]
FF Extension: Ghostery - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\kr8smgr0.default\Extensions\firefox@ghostery.com.xpi [2014-02-12]
FF Extension: NoScript - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\kr8smgr0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-12]
FF Extension: Adblock Plus - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\kr8smgr0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-12]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3 [2013-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{704E31A6-E680-48D0-BDEA-B0FE737AEB4D}] - C:\ProgramData\soft Xpansion\Perfect Print 7 Express\Data\fftb
FF Extension: soft Xpansion Perfect Print 7 Express - C:\ProgramData\soft Xpansion\Perfect Print 7 Express\Data\fftb [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Thunderbird\Extensions: [{704E31A6-E680-48D0-BDEA-B0FE737AEB4D}] - C:\ProgramData\soft Xpansion\Perfect Print 7 Express\Data\fftb
FF Extension: soft Xpansion Perfect Print 7 Express - C:\ProgramData\soft Xpansion\Perfect Print 7 Express\Data\fftb [2013-12-23]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-29]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Bernhard\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bernhard\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bernhard\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DealPlyLive Update) - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Bernhard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\Bernhard\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Bernhard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Bernhard\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Bernhard\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (YouTube) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Adblock Plus) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-27]
CHR Extension: (Google-Suche) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (SpeedTao Download Helper) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eifpflhplblejfpibogcnnepoldboioh [2013-09-27]
CHR Extension: (RealDownloader) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-26]
CHR Extension: (Norton Identity Protection) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-10]
CHR Extension: (Ghostery) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-02]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Bernhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-02]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian)
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2012-12-05] (Luis Cobian, CobianSoft)
S4 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
S4 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2013-05-02] (DATA BECKER GmbH & Co KG)
S3 DfSdkS; C:\PROGRAM FILES (X86)\ASHAMPOO\ASHAMPOO HDD CONTROL 2\DFSDKS64.EXE [544768 2009-08-24] (mst software GmbH, Germany)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [22472 2012-12-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-10-22] (Crawler.com)
R2 Steganos Volatile Disk; C:\Windows\SysWOW64\STGRAMDiskHandler64.exe [450560 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt)
S3 supereasy_backup; c:\Program Files\SuperEasy Software\Backup Pro\bin\backupService-sezbp.exe [24664 2013-11-21] ()
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-12-23] (soft Xpansion)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S2 updatesvca; C:\Windows\system32\updatesvca.dll [209920 2013-03-04] (Digital Dynamic)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S4 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]
S4 楗敳潂瑯獁楳瑳湡tǬ"; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數 [X]

==================== Drivers (Whitelisted) ====================

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
S4 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-04-24] (AnchorFree Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140312.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
S3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140312.025\ENG64.SYS [126040 2014-03-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140312.025\EX64.SYS [2099288 2014-03-05] (Symantec Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2013-11-18] (Softwareentwicklung Remus - ArchiCrypt - )
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-06] (Windows (R) Win 7 DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [32536 2013-01-28] ()
R1 STGMFEngine64; C:\Windows\system32\drivers\STGMFEngine64.sys [28576 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt.com)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation)
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-04 16:26 - 2014-03-04 16:26 - 00176128 _____ () C:\Users\Bernhard\Downloads\aacdec.exe
2014-03-04 16:26 - 2014-03-04 16:26 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\NCH Software
2014-03-04 12:13 - 2014-03-04 12:13 - 00001359 _____ () C:\Users\Public\Desktop\Video Converter 2.lnk
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\SuperEasy Software
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\ProgramData\SuperEasy Software
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\ProgramData\Supereasy
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\Program Files (x86)\SuperEasy Software
2014-03-04 07:32 - 2014-03-04 07:32 - 00002093 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk
2014-03-04 07:29 - 2014-03-04 07:29 - 00018180 _____ () C:\Windows\DPINST.LOG
2014-03-04 07:29 - 2014-03-04 07:29 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2014-03-04 07:29 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2014-02-24 15:05 - 2014-02-24 15:05 - 00000000 ____D () C:\Users\Bernhard\Desktop\SanDisc
2014-02-24 15:05 - 2014-02-24 15:05 - 00000000 ____D () C:\Users\Bernhard\Desktop\Neuer Ordner (2)
2014-02-23 17:08 - 2014-02-23 17:08 - 00001997 _____ () C:\Users\Bernhard\Desktop\K-ML.lnk
2014-02-23 17:08 - 2014-02-23 17:08 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\KC Softwares
2014-02-23 17:08 - 2014-02-23 17:08 - 00000000 ____D () C:\Program Files (x86)\KC Softwares
2014-02-23 17:08 - 2013-03-20 22:36 - 00151552 _____ (KC Softwares) C:\Windows\SysWOW64\kmail.ocx
2014-02-23 17:08 - 2009-04-11 19:17 - 00053248 _____ (Katarn Corp.) C:\Windows\SysWOW64\kvblib.ocx
2014-02-23 17:08 - 2009-04-11 16:45 - 00126976 _____ (KC Softwares) C:\Windows\SysWOW64\kftp.ocx
2014-02-23 17:08 - 2008-04-14 04:31 - 00128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dhtmled.ocx
2014-02-23 17:08 - 2003-04-01 07:36 - 00094208 _____ (vbAccelerator) C:\Windows\SysWOW64\vbalIml6.ocx
2014-02-23 17:08 - 2003-01-26 15:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll
2014-02-23 17:08 - 2002-06-08 19:09 - 00204800 _____ (vbAccelerator) C:\Windows\SysWOW64\KTbar.ocx
2014-02-23 17:08 - 2001-04-05 19:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msstkprp.dll
2014-02-23 17:08 - 2000-10-02 00:00 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.dll
2014-02-23 17:08 - 2000-07-15 00:00 - 00204907 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRIEDIT.DLL
2014-02-22 22:18 - 2014-03-02 23:59 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\Apple Computer
2014-02-22 22:18 - 2014-02-22 22:18 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-22 22:18 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-02-22 22:16 - 2014-02-22 22:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-22 22:16 - 2014-02-22 22:18 - 00000000 ____D () C:\Program Files\iTunes
2014-02-22 22:16 - 2014-02-22 22:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-22 22:16 - 2014-02-22 22:16 - 00000000 ____D () C:\Program Files\iPod
2014-02-22 22:14 - 2014-02-22 22:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-22 22:13 - 2014-02-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-22 22:13 - 2014-02-22 22:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-22 22:03 - 2014-02-22 22:10 - 148896080 _____ (Apple Inc.) C:\Users\Bernhard\Downloads\iTunes64Setup.exe
2014-02-19 14:37 - 2014-03-06 23:26 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4070342091-3793343965-3738386277-1000
2014-02-19 14:37 - 2014-03-06 23:26 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4070342091-3793343965-3738386277-1000
2014-02-19 14:23 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-19 14:23 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-19 14:23 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-19 14:23 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-19 14:23 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-19 14:23 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-19 14:23 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-19 14:23 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-19 14:23 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-19 14:23 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-19 14:23 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-19 14:23 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-19 14:23 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-19 14:23 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-19 14:23 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-19 14:23 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-19 14:23 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-19 14:23 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-19 14:23 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-19 14:23 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-19 14:23 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-19 14:23 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-19 14:23 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-19 14:23 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-19 14:23 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-19 14:23 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-19 14:23 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-19 14:23 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-19 14:23 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-19 14:23 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-19 14:23 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-19 14:23 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-19 14:23 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-19 14:23 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-19 14:23 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-19 14:23 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-19 14:23 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 14:23 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-19 14:23 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-19 14:23 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-19 14:23 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-16 13:38 - 2014-02-16 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 10:06 - 2014-02-12 10:06 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-12 09:52 - 2014-02-12 09:52 - 00770279 _____ () C:\Users\Bernhard\Downloads\video_downloadhelper-4.9.21-fx_sm.zip
2014-02-12 08:32 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:32 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:32 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:32 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:31 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:31 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:31 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:31 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:31 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:31 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:31 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:31 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:31 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:31 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:31 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:31 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:31 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:31 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:31 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:31 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:31 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:31 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:31 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:31 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:31 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:31 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:31 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:31 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 05:25 - 2014-02-11 05:25 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\{C441B55B-0987-47FE-953B-174D02DFCF24}

==================== One Month Modified Files and Folders =======

2014-03-13 06:46 - 2013-09-25 08:44 - 00000000 ____D () C:\FRST
2014-03-13 06:43 - 2012-02-21 19:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-03-13 06:43 - 2012-02-21 19:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-03-13 06:43 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 06:36 - 2012-05-03 08:49 - 01444063 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 06:28 - 2012-10-24 10:53 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070342091-3793343965-3738386277-1000UA.job
2014-03-13 06:25 - 2013-06-04 06:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 06:25 - 2013-06-04 06:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 06:25 - 2013-03-19 21:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 06:25 - 2013-03-19 21:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 06:25 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 06:25 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 06:24 - 2012-05-03 08:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 06:22 - 2012-09-24 18:37 - 00000000 ____D () C:\Users\Bernhard\Desktop\PC
2014-03-13 06:20 - 2012-05-03 09:04 - 00103200 _____ () C:\Users\Bernhard\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-13 06:04 - 2013-01-07 22:01 - 00000000 ____D () C:\Users\Bernhard\Desktop\Linklisten
2014-03-13 05:50 - 2013-12-10 07:58 - 00025221 _____ () C:\Windows\setupact.log
2014-03-13 05:48 - 2013-09-02 15:34 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-03-13 05:43 - 2012-05-03 08:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 05:40 - 2012-08-27 00:20 - 00000000 ____D () C:\Users\Bernhard\Desktop\Coaches
2014-03-12 09:32 - 2012-10-24 10:53 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070342091-3793343965-3738386277-1000Core.job
2014-03-11 20:28 - 2012-10-18 09:48 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\Mozilla
2014-03-11 02:57 - 2014-01-06 23:03 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-03-06 23:29 - 2012-05-03 09:09 - 00000000 ____D () C:\Users\Bernhard\Documents\Youcam
2014-03-06 23:26 - 2014-02-19 14:37 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4070342091-3793343965-3738386277-1000
2014-03-06 23:26 - 2014-02-19 14:37 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4070342091-3793343965-3738386277-1000
2014-03-06 23:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 23:23 - 2013-12-13 06:39 - 00052360 _____ () C:\Windows\PFRO.log
2014-03-06 23:21 - 2012-05-03 09:21 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\SoftGrid Client
2014-03-06 22:50 - 2014-01-09 00:19 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\genienext
2014-03-06 09:42 - 2009-07-14 06:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-06 09:35 - 2013-01-11 09:46 - 00000000 ____D () C:\Users\Bernhard\Desktop\1
2014-03-04 22:16 - 2012-05-03 09:20 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-04 22:11 - 2013-05-29 14:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 22:11 - 2013-05-29 14:02 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 21:02 - 2012-06-04 22:21 - 00000000 ____D () C:\Users\Bernhard\Documents\Gesundheit
2014-03-04 16:26 - 2014-03-04 16:26 - 00176128 _____ () C:\Users\Bernhard\Downloads\aacdec.exe
2014-03-04 16:26 - 2014-03-04 16:26 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\NCH Software
2014-03-04 12:35 - 2013-01-17 18:47 - 00002382 _____ () C:\Users\Bernhard\Desktop\Google Chrome.lnk
2014-03-04 12:13 - 2014-03-04 12:13 - 00001359 _____ () C:\Users\Public\Desktop\Video Converter 2.lnk
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\SuperEasy Software
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\ProgramData\SuperEasy Software
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\ProgramData\Supereasy
2014-03-04 12:13 - 2014-03-04 12:13 - 00000000 ____D () C:\Program Files (x86)\SuperEasy Software
2014-03-04 10:55 - 2012-12-04 23:32 - 00000000 ____D () C:\Users\Bernhard\Documents\My Received Files
2014-03-04 09:13 - 2013-06-25 08:09 - 00000000 ____D () C:\Users\Bernhard\Desktop\Aktenschrank
2014-03-04 08:24 - 2013-05-10 14:06 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\CrashDumps
2014-03-04 07:44 - 2012-11-12 11:08 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\Nokia Suite
2014-03-04 07:32 - 2014-03-04 07:32 - 00002093 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk
2014-03-04 07:29 - 2014-03-04 07:29 - 00018180 _____ () C:\Windows\DPINST.LOG
2014-03-04 07:29 - 2014-03-04 07:29 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2014-03-04 07:29 - 2012-09-03 11:10 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-03-03 18:06 - 2013-04-19 08:55 - 00000000 ____D () C:\Users\Bernhard\Desktop\Lotuscafe
2014-03-03 18:00 - 2012-09-11 19:34 - 00000000 ____D () C:\Users\Bernhard\Desktop\Maria
2014-03-03 17:58 - 2012-06-04 22:18 - 00000000 ____D () C:\Users\Bernhard\Documents\Ulla
2014-03-03 17:46 - 2013-01-06 11:57 - 00000000 ____D () C:\Users\Bernhard\.freemind
2014-03-03 01:19 - 2012-12-01 10:31 - 00000000 ____D () C:\Users\Bernhard\Desktop\P
2014-03-02 23:59 - 2014-02-22 22:18 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\Apple Computer
2014-03-02 21:09 - 2013-03-13 23:29 - 00003394 _____ () C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps deinstallieren - Chrome Web Store-Hilfe.lnk
2014-03-02 21:09 - 2013-03-13 23:29 - 00003386 _____ () C:\Users\Bernhard\Desktop\Apps deinstallieren - Chrome Web Store-Hilfe.lnk
2014-02-26 10:07 - 2013-02-22 19:29 - 00000000 ____D () C:\Users\Bernhard\Desktop\WordPress Homepageerstellung
2014-02-25 10:36 - 2014-01-09 11:35 - 00000959 _____ () C:\Users\Bernhard\Desktop\oCam.lnk
2014-02-25 10:36 - 2014-01-09 11:35 - 00000000 ____D () C:\Program Files (x86)\oCam
2014-02-24 15:05 - 2014-02-24 15:05 - 00000000 ____D () C:\Users\Bernhard\Desktop\SanDisc
2014-02-24 15:05 - 2014-02-24 15:05 - 00000000 ____D () C:\Users\Bernhard\Desktop\Neuer Ordner (2)
2014-02-23 17:08 - 2014-02-23 17:08 - 00001997 _____ () C:\Users\Bernhard\Desktop\K-ML.lnk
2014-02-23 17:08 - 2014-02-23 17:08 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\KC Softwares
2014-02-23 17:08 - 2014-02-23 17:08 - 00000000 ____D () C:\Program Files (x86)\KC Softwares
2014-02-23 17:06 - 2014-02-09 12:06 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\SuperEasy Backup
2014-02-22 22:19 - 2013-01-05 00:31 - 00000000 ____D () C:\Users\Bernhard\AppData\Roaming\Apple Computer
2014-02-22 22:18 - 2014-02-22 22:18 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-22 22:18 - 2014-02-22 22:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-22 22:18 - 2014-02-22 22:16 - 00000000 ____D () C:\Program Files\iTunes
2014-02-22 22:18 - 2014-02-22 22:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-22 22:16 - 2014-02-22 22:16 - 00000000 ____D () C:\Program Files\iPod
2014-02-22 22:16 - 2013-09-01 17:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-22 22:14 - 2014-02-22 22:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-22 22:14 - 2013-01-04 22:14 - 00000000 ____D () C:\ProgramData\Apple
2014-02-22 22:13 - 2014-02-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-22 22:13 - 2014-02-22 22:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-22 22:10 - 2014-02-22 22:03 - 148896080 _____ (Apple Inc.) C:\Users\Bernhard\Downloads\iTunes64Setup.exe
2014-02-19 22:19 - 2012-05-03 08:55 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 22:19 - 2012-05-03 08:55 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-19 15:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-19 14:33 - 2014-02-09 12:06 - 00000000 ____D () C:\Users\_supereasy_backup_
2014-02-19 14:31 - 2013-03-19 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-18 17:08 - 2012-06-04 23:39 - 00000000 ____D () C:\Users\Bernhard\Documents\L
2014-02-16 13:39 - 2014-02-16 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 08:23 - 2012-10-24 10:53 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4070342091-3793343965-3738386277-1000UA
2014-02-16 08:23 - 2012-10-24 10:53 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4070342091-3793343965-3738386277-1000Core
2014-02-13 20:54 - 2012-05-23 23:30 - 00000000 ____D () C:\Users\Bernhard\dwhelper
2014-02-12 10:06 - 2014-02-12 10:06 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-12 09:52 - 2014-02-12 09:52 - 00770279 _____ () C:\Users\Bernhard\Downloads\video_downloadhelper-4.9.21-fx_sm.zip
2014-02-12 09:14 - 2013-04-28 21:15 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\Mozilla Firefox
2014-02-12 09:04 - 2013-12-04 19:10 - 00000000 ____D () C:\Users\Bernhard\Desktop\Alte Firefox-Daten
2014-02-11 05:25 - 2014-02-11 05:25 - 00000000 ____D () C:\Users\Bernhard\AppData\Local\{C441B55B-0987-47FE-953B-174D02DFCF24}

Files to move or delete:
====================
C:\Users\Bernhard\AppData\Roaming\CamLayout.ini
C:\Users\Bernhard\AppData\Roaming\CamShapes.ini
C:\Users\Bernhard\AppData\Roaming\CamStudio.Producer.Data.ini


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Bernhard\AppData\Local\Temp\mp3el.exe
C:\Users\Bernhard\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Bernhard\AppData\Local\Temp\Quarantine.exe
C:\Users\Bernhard\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bernhard\AppData\Local\Temp\tmp770E.tmp.exe
C:\Users\Bernhard\AppData\Local\Temp\tmp881F.tmp.exe
C:\Users\Bernhard\AppData\Local\Temp\tmp8830.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 12:04

==================== End Of Log ============================

 

Themen zu chinesischer Dienst
administrator, adobe, adobe flash player, chinesischer dienst, combofix, converter, desktop, download, entfernen, explorer, flash player, google, home, hotspot, iexplore.exe, mozilla, ordner, realtek, registry, scan, security, symantec, system, taskmanager, temp, usb, winlogon.exe


« Doppelt unterstrichene Wörter mit Werbung bei Google Chrome | mehrere PUP.optional viren »


Ähnliche Themen: chinesischer Dienst


  1. der angegeben dienst ist kein installierter dienst
    Plagegeister aller Art und deren Bekämpfung - 14.11.2015 (11)
  2. Kunden PC Virus *Der angegebene Dienst ist kein Installierter Dienst*
    Plagegeister aller Art und deren Bekämpfung - 11.03.2015 (16)
  3. Probleme mit Bonjour Dienst, Dienst nicht verfügbar
    Diskussionsforum - 29.11.2014 (2)
  4. Win 7: TeamSpeak 3 Installation: "Der angegebene Dienst ist kein installierter Dienst"
    Log-Analyse und Auswertung - 15.04.2014 (17)
  5. Chinesischer Dienst
    Log-Analyse und Auswertung - 08.03.2014 (5)
  6. GVU Trojaner auf Dienst Lap Top
    Plagegeister aller Art und deren Bekämpfung - 24.06.2013 (1)
  7. Google: US-Spionageabwehr war Ziel chinesischer Hacker
    Nachrichten - 21.05.2013 (0)
  8. Der angegebene Dienst ist kein installierter Dienst.
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (29)
  9. Avira Dienst gestoppt
    Antiviren-, Firewall- und andere Schutzprogramme - 17.01.2011 (1)
  10. "Der angegebene Dienst ist kein istallierter Dienst."
    Plagegeister aller Art und deren Bekämpfung - 29.07.2009 (0)
  11. Dienst will nicht gehen.
    Alles rund um Windows - 23.12.2008 (5)
  12. Chinesischer Sound
    Mülltonne - 26.11.2008 (1)
  13. Dienst: Konfigurationsfreie Drahtlosverbindung
    Netzwerk und Hardware - 13.09.2008 (1)
  14. Unbekannter Dienst Aei2iadafs
    Plagegeister aller Art und deren Bekämpfung - 01.04.2007 (21)
  15. Dienst-Abschalt-Tools
    Alles rund um Windows - 08.11.2006 (1)
  16. DHCP Dienst
    Antiviren-, Firewall- und andere Schutzprogramme - 20.02.2005 (3)
  17. eMule als Dienst starten
    Alles rund um Windows - 12.05.2003 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema chinesischer Dienst - Guten Morgen, zufällig ist mir heute im Taskmanager ein chinesischer Dienst aufgefallen, der dort sicher nicht hingehört. Wie kann ich ihn entfernen? Frst64.exe habe ich bereits laufen lassen. Code: Alles - chinesischer Dienst...
Archiv
Du betrachtest: chinesischer Dienst auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131