| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Datendiebstahl - BSI SicherheitstestWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.04.2014, 17:42
| #1 |
 |  Datendiebstahl - BSI Sicherheitstest Hallo ich habe heute den Test meiner E-Mail Adressen gemacht und musste leider festellen das eine meiner E-Mail Adressen befallen ist! Kaspersky, malewarebytes, hitmanpro finden nichts Habe jetzt den Avira Pc cleaner (homepage vom BSI runtergeladen) der findet einen Treffer der zeigt das mein Outlook Account „befallen“ sein dürfte. der Avira Pc Cleaner zeigt mir meine outlook.pst datei an und daneben EXP/RTF.B System reparieren bin ich ich kann jetzt den Haken setzen und auf ausgewählte entfernen. nur weiß ich nicht "wars" das dann mit dem Trojaner, oder welche Schritte kann ich dann noch unternehmen um auf Nummer sicher zu gehen, dass dieser Weg ist? weiß jemand welche Funktionen dieser Trojaner hat, ist sonst etwas von meinem Rechner gefährdet? dankeschön für eure Hilfe lg |
|
07.04.2014, 18:03
| #2 |
| /// the machine /// TB-Ausbilder    | Datendiebstahl - BSI Sicherheitstest hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.04.2014, 19:23
| #3 |
| | Datendiebstahl - BSI Sicherheitstest dankeschön für die schnelle rückinfo.
__________________hier die 2 files vl kannst du mir ja auch sagen, was diese Daten an Infos geben =) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michi (administrator) on MICHAEL-PC on 07-04-2014 20:18:11
Running from C:\Users\Michi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fortinet Inc.) C:\windows\SysWOW64\FortiSSLVPNdaemon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosBrowserMonitor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 15\passwordmanagercom.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 15\fredirstarter.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
() C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera_crashreporter.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Trend Micro Inc.) C:\Users\Michi\Desktop\Links\HiJackThis204.exe
(Avira Operations GmbH & Co. KG) C:\Users\Michi\AppData\Local\Temp\cleaner\pccleaner\setup\Cleaner.exe
(Avira Operations GmbH & Co. KG) C:\Users\Michi\AppData\Local\Temp\cleaner\pccleaner\setup\avscan.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 15\Suite.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-05-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508144 2013-11-14] (QFX Software Corporation)
HKLM-x32\...\Run: [Steganos HotKeys] - C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosHotKeyService.exe [100864 2014-02-21] (Steganos Software GmbH)
HKLM-x32\...\Run: [SSS15 Chrome Autofill Relay] - C:\Program Files (x86)\Steganos Privacy Suite 15\passwordmanagercom.exe [480120 2014-02-21] (Steganos Software GmbH)
HKLM-x32\...\Run: [SSS15 File Redirection Starter] - C:\Program Files (x86)\Steganos Privacy Suite 15\fredirstarter.exe [17920 2014-02-21] (Steganos Software GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2273624540-2494411189-709609350-1000\...\Run: [SOS_Agent] - C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe [4709720 2014-02-24] (Steganos Software GmbH)
HKU\S-1-5-21-2273624540-2494411189-709609350-1000\...\MountPoints2: {969df10f-0a54-11e2-b0a8-fbcffa6d483e} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\Run: [SSS15 Browser Monitor] - C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosBrowserMonitor.exe [71168 2014-02-21] (Steganos Software GmbH)
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\MountPoints2: {96621d8e-0a75-11e2-9502-001e101f79c9} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\MountPoints2: {969df0e5-0a54-11e2-b0a8-fbcffa6d483e} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\MountPoints2: {969df10f-0a54-11e2-b0a8-fbcffa6d483e} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2273624540-2494411189-709609350-1001\...\MountPoints2: {d3b5d76b-e1b7-11e1-9aec-910e370b5d32} - D:\Msetup4.exe
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 15\SPMIEToolbar64.dll (Steganos Software GmbH)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 15\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKCU - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 15\SPMIEToolbar64.dll (Steganos Software GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2273624540-2494411189-709609350-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @FortinetCacheClean - C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx - C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl - C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: LWAPlugin15.8 - C:\Users\Michi\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Michi\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 15\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Privacy Suite 15\spmplugin3 [2013-10-12]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-26]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-19]
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-19]
CHR Extension: (Kaspersky Protection) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-04]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-19]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-19]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-19]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-19]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-01-19]
CHR Extension: (Virtual Keyboard) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-01-19]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2014-01-19]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-19]
CHR Extension: (Anti-Banner) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-19]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-19]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 FortiSslvpnDaemon; C:\windows\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-01-06] (Fortinet Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-07] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2013-10-13] (SurfRight B.V.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [318328 2014-02-24] (Steganos Software GmbH)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 hmpalert; C:\windows\system32\drivers\hmpalert.sys [17416 2013-10-13] ()
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-26] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-23] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-26] (Kaspersky Lab ZAO)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2013-02-08] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-10-08] (Renesas Electronics Corporation)
R1 SLEE_17_DRIVER; C:\windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-09] (TuneUp Software)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-07 20:18 - 2014-04-07 20:18 - 00025934 _____ () C:\Users\Michi\Downloads\FRST.txt
2014-04-07 20:16 - 2014-04-07 20:18 - 00000000 ____D () C:\FRST
2014-04-07 20:15 - 2014-04-07 20:15 - 02157056 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe
2014-04-07 17:42 - 2014-04-07 17:42 - 01862480 _____ (SurfRight B.V.) C:\Users\Michi\Downloads\hmpalert.exe
2014-04-07 17:40 - 2014-04-07 17:40 - 10971424 _____ (SurfRight B.V.) C:\Users\Michi\Downloads\hitmanpro_x64.exe
2014-04-07 16:24 - 2014-04-07 16:24 - 00009966 _____ () C:\Users\Michi\Desktop\hijackthis.log
2014-04-07 16:21 - 2014-04-07 16:21 - 00002027 _____ () C:\Users\Michi\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-04-07 16:21 - 2014-04-07 16:21 - 00001971 _____ () C:\Users\Michi\Desktop\Avira PC Cleaner.lnk
2014-04-07 16:20 - 2014-04-07 16:20 - 02278856 _____ () C:\Users\Michi\Downloads\avira_pc_cleaner_de.exe
2014-04-07 16:20 - 2014-04-07 16:20 - 02278856 _____ () C:\Users\Michi\Downloads\avira_pc_cleaner_de (1).exe
2014-04-07 16:20 - 2014-04-07 16:20 - 02209056 _____ () C:\Users\Michi\Downloads\avira-eu-cleaner_de.exe
2014-04-06 15:02 - 2014-04-06 15:02 - 00000000 ____D () C:\Users\Michi\Desktop\Supply Chain MGT (Skoda)
2014-04-06 14:50 - 2014-04-06 14:50 - 00001115 _____ () C:\Users\Public\Desktop\Steganos Online Shield.lnk
2014-04-05 23:31 - 2014-04-05 23:31 - 00375040 _____ (Kaspersky Lab) C:\Users\Michi\Downloads\setup.exe
2014-04-05 23:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-05 23:25 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-05 23:25 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-05 23:25 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-05 23:25 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-05 23:25 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-05 23:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-05 23:25 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-05 23:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-05 23:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-05 23:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-05 23:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-05 23:25 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-05 23:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-05 23:25 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-05 23:25 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-05 23:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-05 23:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-05 23:25 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-05 23:25 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-05 23:25 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-05 23:25 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-05 23:25 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-05 23:25 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-05 23:25 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-05 23:25 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-05 23:25 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-05 23:25 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-05 23:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-05 23:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-05 23:25 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-05 23:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-05 23:25 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-05 23:25 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-05 23:25 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-05 23:25 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-05 23:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-05 23:25 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-05 23:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-05 23:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-05 23:24 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-04-05 23:24 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-04-05 23:24 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-04-05 23:24 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-04-05 23:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-04-04 22:14 - 2014-04-04 22:14 - 00633804 _____ () C:\Users\Michi\Downloads\Präsentation Semperit AG Holding ohne VideoV2.pptx
2014-03-28 21:38 - 2014-03-28 21:38 - 00017877 ____H () C:\Users\Michi\Desktop\~WRL3677.tmp
2014-03-12 23:48 - 2014-03-12 23:48 - 05777288 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-09 10:53 - 2014-03-09 10:53 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 10:52 - 2014-03-09 10:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-09 10:52 - 2014-03-09 10:53 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 10:52 - 2014-03-09 10:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-09 10:52 - 2014-03-09 10:52 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 10:37 - 2014-04-06 14:50 - 00000000 __SHD () C:\Nsi.pending
==================== One Month Modified Files and Folders =======
2014-04-07 20:18 - 2014-04-07 20:18 - 00025934 _____ () C:\Users\Michi\Downloads\FRST.txt
2014-04-07 20:18 - 2014-04-07 20:16 - 00000000 ____D () C:\FRST
2014-04-07 20:18 - 2012-08-10 00:55 - 00000000 ____D () C:\Users\Michi\Documents\Outlook-Dateien
2014-04-07 20:15 - 2014-04-07 20:15 - 02157056 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe
2014-04-07 20:14 - 2014-01-16 19:05 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 20:14 - 2012-09-23 23:42 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 20:14 - 2012-08-09 03:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-07 20:14 - 2012-05-10 17:09 - 01949352 _____ () C:\windows\WindowsUpdate.log
2014-04-07 17:55 - 2013-03-10 16:48 - 00000000 ____D () C:\Users\Michi\AppData\Local\1A1ED135-6DD1-4725-AB6D-BB768E470054.aplzod
2014-04-07 17:43 - 2013-10-13 21:47 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-04-07 17:42 - 2014-04-07 17:42 - 01862480 _____ (SurfRight B.V.) C:\Users\Michi\Downloads\hmpalert.exe
2014-04-07 17:40 - 2014-04-07 17:40 - 10971424 _____ (SurfRight B.V.) C:\Users\Michi\Downloads\hitmanpro_x64.exe
2014-04-07 17:34 - 2014-01-16 19:05 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 16:24 - 2014-04-07 16:24 - 00009966 _____ () C:\Users\Michi\Desktop\hijackthis.log
2014-04-07 16:21 - 2014-04-07 16:21 - 00002027 _____ () C:\Users\Michi\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-04-07 16:21 - 2014-04-07 16:21 - 00001971 _____ () C:\Users\Michi\Desktop\Avira PC Cleaner.lnk
2014-04-07 16:20 - 2014-04-07 16:20 - 02278856 _____ () C:\Users\Michi\Downloads\avira_pc_cleaner_de.exe
2014-04-07 16:20 - 2014-04-07 16:20 - 02278856 _____ () C:\Users\Michi\Downloads\avira_pc_cleaner_de (1).exe
2014-04-07 16:20 - 2014-04-07 16:20 - 02209056 _____ () C:\Users\Michi\Downloads\avira-eu-cleaner_de.exe
2014-04-07 15:17 - 2012-08-10 23:34 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Dropbox
2014-04-07 14:12 - 2012-08-10 22:34 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Steganos
2014-04-07 14:03 - 2012-09-29 18:46 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\3DataManager
2014-04-07 13:28 - 2012-08-10 23:40 - 00000000 ___RD () C:\Dropbox
2014-04-07 13:26 - 2012-05-10 17:06 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-06 15:02 - 2014-04-06 15:02 - 00000000 ____D () C:\Users\Michi\Desktop\Supply Chain MGT (Skoda)
2014-04-06 15:02 - 2014-01-17 21:49 - 00000000 ____D () C:\Users\Michi\Desktop\FH BFI Wien
2014-04-06 15:02 - 2013-04-07 13:52 - 00000000 ____D () C:\Users\Michi\Desktop\Neuer Ordner
2014-04-06 14:51 - 2013-10-13 19:16 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-04-06 14:50 - 2014-04-06 14:50 - 00001115 _____ () C:\Users\Public\Desktop\Steganos Online Shield.lnk
2014-04-06 14:50 - 2014-03-09 10:37 - 00000000 __SHD () C:\Nsi.pending
2014-04-06 14:46 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 14:46 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 14:44 - 2012-05-11 09:50 - 00703192 _____ () C:\windows\system32\perfh007.dat
2014-04-06 14:44 - 2012-05-11 09:50 - 00150800 _____ () C:\windows\system32\perfc007.dat
2014-04-06 14:44 - 2009-07-14 07:13 - 01629284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-06 14:41 - 2012-05-10 17:06 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-06 14:40 - 2014-01-06 11:53 - 00004961 _____ () C:\windows\setupact.log
2014-04-06 14:40 - 2013-03-17 12:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-06 14:40 - 2013-03-17 12:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 14:40 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-06 14:40 - 2009-07-14 06:45 - 00344312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-05 23:37 - 2012-08-10 00:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-05 23:34 - 2013-08-03 22:27 - 00000000 ____D () C:\windows\system32\MRT
2014-04-05 23:31 - 2014-04-05 23:31 - 00375040 _____ (Kaspersky Lab) C:\Users\Michi\Downloads\setup.exe
2014-04-05 23:30 - 2012-08-09 22:53 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-04 22:14 - 2014-04-04 22:14 - 00633804 _____ () C:\Users\Michi\Downloads\Präsentation Semperit AG Holding ohne VideoV2.pptx
2014-04-04 21:20 - 2013-10-18 22:39 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-03 17:29 - 2014-01-16 19:05 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 17:29 - 2014-01-16 19:05 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-03-28 21:38 - 2014-03-28 21:38 - 00017877 ____H () C:\Users\Michi\Desktop\~WRL3677.tmp
2014-03-23 11:53 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-03-23 10:56 - 2013-12-26 14:22 - 00625248 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-03-23 10:56 - 2013-12-26 14:22 - 00115296 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-03-16 09:37 - 2014-01-16 19:06 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 23:48 - 2014-03-12 23:48 - 05777288 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 23:48 - 2012-09-23 23:42 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 23:48 - 2012-08-10 00:44 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 23:48 - 2012-08-10 00:44 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 12:05 - 2012-08-10 23:33 - 00000000 ___RD () C:\Users\Michi\SkyDrive
2014-03-09 10:53 - 2014-03-09 10:53 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 10:53 - 2014-03-09 10:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-09 10:53 - 2014-03-09 10:52 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 10:53 - 2014-03-09 10:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-09 10:52 - 2014-03-09 10:52 - 00000000 ____D () C:\Program Files\iPod
Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\mfc80.dll
C:\Users\Michi\AppData\Local\Temp\mfc80u.dll
C:\Users\Michi\AppData\Local\Temp\mfcm80.dll
C:\Users\Michi\AppData\Local\Temp\mfcm80u.dll
C:\Users\Michi\AppData\Local\Temp\msvcm80.dll
C:\Users\Michi\AppData\Local\Temp\msvcp80.dll
C:\Users\Michi\AppData\Local\Temp\msvcr80.dll
C:\Users\Michi\AppData\Local\Temp\uninst.exe
C:\Users\Michi\AppData\Local\Temp\Uninstaller.exe
C:\Users\Michi\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Michi\AppData\Local\Temp\WTGXMLUtil.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-23 11:45
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michi at 2014-04-07 20:18:46
Running from C:\Users\Michi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
10-Sekunden-Haushaltsbuch 5 5.18 (HKLM-x32\...\10-Sekunden-Haushaltsbuch 5) (Version: 5.18 - easy softway)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AirParrot (HKLM\...\{D523F3B0-B5FE-43D0-BFE7-62CA0DD598BD}) (Version: 1.1.7 - Squirrels)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arena 12.0 (CPR 9) (HKLM-x32\...\{BD78DE74-95DB-429D-A66F-6306BCEDA640}) (Version: 12.00.00 - Rockwell Automation, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon MG5200 series Benutzerregistrierung (HKLM-x32\...\Canon MG5200 series Benutzerregistrierung) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
Fast Flash Sleep Resume (x32 Version: 1.0.19 - Samsung) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
FortiClient SSLVPN v4.0.2297 (HKLM-x32\...\{A34DCE59-0004-0000-2297-3F8A9926B752}) (Version: 4.0.2297 - Fortinet Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.0.10.45 - SurfRight B.V.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Lync Web App Plug-in (HKLM\...\{17C3AEBF-519D-4FF0-B8D9-4BAD461370A4}) (Version: 15.8.8658.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MovieClip (HKLM-x32\...\{AB777781-AC85-4CE5-B4B8-0F3C68C3974F}) (Version: 1.0.0 - Samsung)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Opera 12.16 (HKCU\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.8.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.8.0 - Renesas Electronics Corporation) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.6 - Samsung Electronics CO., LTD.)
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steganos Online Shield (HKLM-x32\...\{896614ED-00BD-4E0C-99AB-01C76EE416D9}) (Version: 1.3 - Steganos Software GmbH)
Steganos Privacy Suite 12 (HKLM-x32\...\{0F1D1572-9311-4590-A8A6-425224984E54}) (Version: 12.1 - Steganos Software GmbH)
Steganos Privacy Suite 15 (HKLM-x32\...\{704C8372-B1C3-4A76-AA5C-B91021B1DCFA}) (Version: 15.2.1 - Steganos Software GmbH)
Steganos Safe 15 (HKLM-x32\...\{D3FB0B73-11DF-41EE-9B6D-C7198079A88E}) (Version: 15.0.2 - Steganos Software GmbH)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.193 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version: - Christian Taubenheim)
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)
==================== Restore Points =========================
07-04-2014 14:32:10 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-10-13 21:43 - 00450639 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {0786A01F-716E-470A-9BF7-1254ED4A1B31} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {0E11D5A9-9AF3-4230-B820-B7F61F4F8EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {20F54BF5-86B6-4251-85A7-298B73B82BC2} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {2479E688-5184-489A-B2E8-A4C649A202F7} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {28331582-0E30-46CD-890E-59753416C6A4} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-06] (Intel)
Task: {306FA548-0A99-4785-99E5-C0D8092C6391} - System32\Tasks\FileHippo.com-Online-Aktualisierungsprogramm => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
Task: {5855B3D9-11A6-4794-B0B0-62F46CE52CA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {5A9A544C-2A29-4532-9411-7BD381A8B4B4} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {5FF3972F-559B-491B-8FC2-A6D3BEF8CFBD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {69F0DC77-3AE8-4FF7-AB44-DFC61E713F80} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {6A07AFEA-3D23-4383-868F-E237270967D8} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-03-29] (Samsung)
Task: {6A8AB70A-25B0-48E6-A23D-644D5BAE4A56} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {75D46F50-93B3-473D-A8F5-182398EAF1A5} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-09] (Samsung Electronics Co., Ltd.)
Task: {880DEFBA-53F5-40EE-85BC-705A64AB2AEC} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-28] (SEC)
Task: {99657F98-4C86-47EC-BC0B-B56CDF902D77} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {AE9E0746-67C2-4787-B4F8-84A522C3430C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BB59C4DD-C8B1-4639-95F0-9EAEEDDE377A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {DE8E7889-7290-4DCA-97C5-64C81BFD0612} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {DF987E98-F660-4042-9EED-17D80933897C} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-05-10 17:06 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-05-10 17:13 - 2012-02-13 08:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-02-06 06:42 - 2012-01-05 10:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-03 23:55 - 2014-04-02 13:19 - 01380704 _____ () C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\opera_crashreporter.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Michi\AppData\Roaming\Dropbox\bin\libcef.dll
2012-05-10 17:13 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-05-10 17:13 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-05-10 17:06 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-03 23:55 - 2014-04-02 13:19 - 00908640 _____ () C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\libglesv2.dll
2014-04-03 23:55 - 2014-04-02 13:19 - 00108896 _____ () C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\libegl.dll
2014-04-03 23:55 - 2014-04-02 13:19 - 00895328 _____ () C:\Users\Michi\AppData\Local\Programs\Opera\20.0.1387.91\ffmpegsumo.dll
2013-07-20 08:50 - 2014-03-01 20:29 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Agile1pAgent => C:\Program Files (x86)\1Password\Agile1pAgent.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: SSS12 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SSS12 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe"
MSCONFIG\startupreg: SSS12 HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/07/2014 08:13:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avwebloader.exe, Version: 13.6.0.2012, Zeitstempel: 0x51daa866
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0013d169
ID des fehlerhaften Prozesses: 0x1c74
Startzeit der fehlerhaften Anwendung: 0xavwebloader.exe0
Pfad der fehlerhaften Anwendung: avwebloader.exe1
Pfad des fehlerhaften Moduls: avwebloader.exe2
Berichtskennung: avwebloader.exe3
Error: (04/07/2014 08:12:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5275954
Error: (04/07/2014 08:12:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5275954
Error: (04/07/2014 08:12:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 06:45:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41309
Error: (04/07/2014 06:45:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41309
Error: (04/07/2014 06:45:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 06:45:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40295
Error: (04/07/2014 06:45:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40295
Error: (04/07/2014 06:45:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (04/07/2014 05:43:10 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (04/07/2014 05:42:53 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (04/07/2014 02:15:02 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/07/2014 02:15:02 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/07/2014 02:15:02 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/07/2014 02:15:02 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/07/2014 02:14:20 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/07/2014 02:14:20 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/07/2014 02:00:49 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (04/07/2014 01:49:47 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Microsoft Office Sessions:
=========================
Error: (04/07/2014 08:13:58 PM) (Source: Application Error)(User: )
Description: avwebloader.exe13.6.0.201251daa866ole32.dll6.1.7601.175144ce7b96fc00000050013d1691c7401cf526cace69d16C:\Users\Michi\AppData\Local\Temp\cleaner\avwebloader.exeC:\windows\syswow64\ole32.dll6326538c-be80-11e3-9b4d-c48508343130
Error: (04/07/2014 08:12:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5275954
Error: (04/07/2014 08:12:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5275954
Error: (04/07/2014 08:12:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 06:45:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41309
Error: (04/07/2014 06:45:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41309
Error: (04/07/2014 06:45:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 06:45:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40295
Error: (04/07/2014 06:45:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40295
Error: (04/07/2014 06:45:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-04-07 18:43:36.564
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 18:00:59.077
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:39:39.581
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:32:06.594
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 16:47:22.117
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 16:31:56.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 16:23:28.142
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 15:45:50.957
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 14:57:50.428
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 14:57:50.423
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 81%
Total physical RAM: 3797.54 MB
Available physical RAM: 714.58 MB
Total Pagefile: 5927.97 MB
Available Pagefile: 1362.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:91.21 GB) (Free:4.14 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: AB02B4B0)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
08.04.2014, 11:52
| #4 |
| /// the machine /// TB-Ausbilder | Datendiebstahl - BSI Sicherheitstest Eine Übersicht über laufende Prozesse, Dateien, Treiber und so Sachen. Wo sich halt gerne malware versteckt. Rechner ist sauber 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Datendiebstahl - BSI Sicherheitstest |
| account, adresse, adressen, avira, befallen, cleaner, datei, diebstahl, e-mail, entferne, funktionen, gefährdet, haken, heute, homepage, nichts, nummer, outlook, outlook.pst, rechner, reparieren, setzen, test, troja, trojaner, unternehmen |
Linear-Darstellung
