Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: backdoor.Agent Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.03.2014, 20:22   #1
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Ich hab mir einen Trojaner eingefangen und schon ein paar Vorarbeiten gemacht.

Meine Sicherheitssoftware ( McAfee Internet Security Suite ) hat nun schon ein paarmal ein unerwünschtes Programm geblockt, ich vermute da sollte etwas nachgeladen werden.

Defrogger ist durchgelaufen, bei FRST kam folgende Logdatei:


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Eddy (administrator) on ZAUBERKISTE on 06-03-2014 20:08:54
Running from C:\Users\Eddy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Windows\System32\DlProtectSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
() C:\Windows\system32\TRAPI64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 12\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 12\fredirstarter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
() C:\ProgramData\dlprotect.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [NPSStartup] - [X]
HKLM-x32\...\Run: [SAFE12 HotKeys] - C:\Program Files (x86)\Steganos Safe 12\SteganosHotKeyService.exe [83456 2010-10-12] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE12 File Redirection Starter] - C:\Program Files (x86)\Steganos Safe 12\fredirstarter.exe [17408 2010-10-12] (Steganos Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2012-07-03] (Oracle Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-03] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b47b-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b48a-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b4a0-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {631ba6d5-be30-11e2-872c-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {631ba6fe-be30-11e2-872c-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {7b859413-8e91-11e3-9bef-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {c40524bb-64b7-11e2-9bab-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {c40524ca-64b7-11e2-9bab-dc0ea117d7cb} - F:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKLM-x32 - RadioTotal1 Toolbar - {422f7661-9403-4da4-b4ef-cc3e268817b5} - C:\Program Files (x86)\RadioTotal1\prxtbRadi.dll No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope {FE34F891-810A-47E4-BC66-9F148E2C042F} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {FE34F891-810A-47E4-BC66-9F148E2C042F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RadioTotal1 Toolbar - {422f7661-9403-4da4-b4ef-cc3e268817b5} - C:\Program Files (x86)\RadioTotal1\prxtbRadi.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Flagfox - {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} - C:\Users\Eddy\AppData\LocalLow\Flagfox\IE\Flagfox.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - RadioTotal1 Toolbar - {422f7661-9403-4da4-b4ef-cc3e268817b5} - C:\Program Files (x86)\RadioTotal1\prxtbRadi.dll No File
Toolbar: HKCU - No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{65DD6BC1-D7CA-466F-AEEE-5FC13BA9AD0D}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{686C1FE8-7F8B-4CD6-ADF4-8C4E81F1B862}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{E3E33E4B-FD1C-46F7-84D3-66ED461CA85B}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil
FF user.js: detected! => C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\user.js
FF NewTab: about:home
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\amazon-icon@giga.de [2014-01-11]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\sparpilot@sparpilot.com [2014-02-28]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-04]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin
FF HKLM-x32\...\Firefox\Extensions: [{8DB99B22-D5CD-4B26-B286-B54758D99799}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-10-20]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de?hl=de&gl=de
CHR DefaultSearchProvider: Google 
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de
CHR DefaultNewTabURL: hxxp://www.google.de/?hl=de&gl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (FoxyDeal) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan [2013-09-28]
CHR Extension: (YouTube) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
CHR Extension: (Flagfox) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid [2013-05-14]
CHR Extension: (Google-Suche) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
CHR Extension: (SiteAdvisor) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-09]
CHR Extension: (Download Protect) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\himabnlcmnncdpmdhhdmnfecamickegk [2014-01-17]
CHR Extension: (Amazon-Icon) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-01-13]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Lavasoft NewTab) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-10-28]
CHR Extension: (Google Mail) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2012-07-09]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [cfdfamfnacokbbbnmpdfmhonipnhmbid] - C:\Users\Eddy\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Eddy\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-11]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-09-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [245744 2011-05-06] (CyberLink)
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-03] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-05-17] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4518008 2013-05-01] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
R2 wextradt; C:\Windows\system32\TRAPI64.exe [118784 2014-01-03] ()

==================== Drivers (Whitelisted) ====================

S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-04] (GFI Software)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-07-24] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-12] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 20:08 - 2014-03-06 20:08 - 00030403 _____ () C:\Users\Eddy\Desktop\FRST.txt
2014-03-06 20:04 - 2014-03-06 20:05 - 02156544 _____ (Farbar) C:\Users\Eddy\Desktop\FRST64.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00050477 _____ () C:\Users\Eddy\Desktop\Defogger.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00000580 _____ () C:\Users\Eddy\Desktop\defogger_disable.log
2014-03-06 19:54 - 2014-03-06 19:54 - 00000020 _____ () C:\Users\Eddy\defogger_reenable
2014-02-27 14:18 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\DataWork
2014-02-27 12:44 - 2014-02-27 14:34 - 00001027 _____ () C:\Users\Eddy\AppData\Roaming\hst
2014-02-27 09:42 - 2014-02-27 17:45 - 00000000 __SHD () C:\ProgramData\Windows Manager
2014-02-17 06:30 - 2014-02-17 06:30 - 00000408 _____ () C:\Users\Eddy\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-02-16 08:58 - 2014-02-21 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:56 - 2014-02-15 17:56 - 00002546 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-02-14 00:15 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 00:15 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 00:14 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 00:14 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 00:14 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 00:14 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 00:14 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 00:14 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 00:14 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 00:14 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 00:14 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 00:14 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 00:14 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 00:14 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 00:14 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 00:14 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 00:14 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 00:14 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 00:14 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 00:14 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 00:14 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 00:14 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 00:14 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 00:14 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 00:14 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 00:14 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 00:14 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 00:14 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 00:14 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 00:14 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 00:14 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 00:14 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 00:14 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 00:14 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 00:14 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 00:14 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 00:14 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 00:14 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 00:14 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 00:14 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 00:14 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 05:17 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 05:17 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 05:17 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 05:17 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 05:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 05:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 05:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 05:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 05:17 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 05:17 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 05:17 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 05:17 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 05:17 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 05:17 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 05:17 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-07 17:00 - 2014-03-06 20:05 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e.job
2014-02-07 17:00 - 2014-02-07 17:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e
2014-02-05 16:59 - 2014-02-05 16:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-05 16:46 - 2014-02-05 19:14 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2014-02-05 16:46 - 2014-02-05 16:46 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-02-05 16:41 - 2014-02-05 16:41 - 00000000 ____D () C:\Users\Eddy\.android
2014-02-04 23:31 - 2014-02-05 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-06 20:09 - 2014-03-06 20:08 - 00030403 _____ () C:\Users\Eddy\Desktop\FRST.txt
2014-03-06 20:08 - 2013-10-05 09:59 - 00000000 ____D () C:\FRST
2014-03-06 20:05 - 2014-03-06 20:04 - 02156544 _____ (Farbar) C:\Users\Eddy\Desktop\FRST64.exe
2014-03-06 20:05 - 2014-02-07 17:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e.job
2014-03-06 20:03 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 20:03 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 20:00 - 2011-12-26 13:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-03-06 20:00 - 2011-12-26 13:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-03-06 20:00 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 19:59 - 2011-12-26 05:01 - 01718293 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 19:56 - 2012-07-09 18:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 19:56 - 2012-03-08 21:29 - 00000000 ____D () C:\ProgramData\clear.fi
2014-03-06 19:55 - 2013-10-03 06:47 - 00011686 _____ () C:\Windows\setupact.log
2014-03-06 19:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 19:54 - 2014-03-06 19:54 - 00050477 _____ () C:\Users\Eddy\Desktop\Defogger.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00000580 _____ () C:\Users\Eddy\Desktop\defogger_disable.log
2014-03-06 19:54 - 2014-03-06 19:54 - 00000020 _____ () C:\Users\Eddy\defogger_reenable
2014-03-06 19:54 - 2012-03-08 20:00 - 00000000 ____D () C:\Users\Eddy
2014-03-06 19:16 - 2012-04-03 16:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 16:06 - 2012-03-09 17:08 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\UseNeXT
2014-03-05 16:05 - 2011-10-20 10:04 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-05 15:51 - 2013-10-03 06:47 - 00198152 _____ () C:\Windows\PFRO.log
2014-03-04 19:14 - 2011-10-20 10:04 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-04 18:00 - 2013-02-04 13:34 - 00000000 ____D () C:\ProgramData\Origin
2014-03-04 18:00 - 2013-02-04 13:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-04 16:30 - 2012-10-20 09:38 - 00002366 _____ () C:\Windows\Sandboxie.ini
2014-03-04 05:47 - 2012-11-14 08:40 - 00000000 ___RD () C:\Users\Eddy\Desktop\MA
2014-03-03 21:18 - 2014-02-27 14:18 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\DataWork
2014-03-03 18:31 - 2012-03-08 21:20 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\vlc
2014-02-28 19:21 - 2012-03-12 18:20 - 00022186 _____ () C:\Users\Eddy\AppData\Roaming\wklnhst.dat
2014-02-28 19:02 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-27 22:22 - 2012-03-09 05:49 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 21:22 - 2013-10-08 18:16 - 00000000 ___RD () C:\Users\Eddy\Desktop\Systemoptimierung
2014-02-27 17:45 - 2014-02-27 09:42 - 00000000 __SHD () C:\ProgramData\Windows Manager
2014-02-27 14:34 - 2014-02-27 12:44 - 00001027 _____ () C:\Users\Eddy\AppData\Roaming\hst
2014-02-21 17:32 - 2012-03-08 20:01 - 00000000 ____D () C:\Users\Eddy\AppData\Local\VirtualStore
2014-02-21 17:16 - 2012-04-03 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 17:16 - 2012-04-03 16:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 17:16 - 2011-10-20 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 15:55 - 2014-02-16 08:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 07:08 - 2013-05-11 02:58 - 00000000 ____D () C:\Windows\rescache
2014-02-17 06:30 - 2014-02-17 06:30 - 00000408 _____ () C:\Users\Eddy\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-02-17 05:31 - 2013-08-08 05:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 05:29 - 2012-03-13 05:40 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 15:35 - 2012-05-02 14:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 17:56 - 2014-02-15 17:56 - 00002546 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-02-11 08:04 - 2012-09-27 23:00 - 00000000 ____D () C:\Users\Eddy\.gimp-2.8
2014-02-10 16:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-07 17:00 - 2014-02-07 17:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e
2014-02-07 17:00 - 2012-07-09 18:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 13:16 - 2014-02-14 00:14 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-14 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-14 00:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-14 00:14 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-14 00:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-14 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-14 00:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-14 00:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-14 00:14 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-14 00:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-14 00:14 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-14 00:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-14 00:14 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-14 00:14 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-14 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-14 00:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-14 00:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-14 00:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-14 00:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 00:14 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-14 00:14 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-14 00:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 00:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-14 00:14 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-14 00:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-14 00:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-14 00:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-14 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-14 00:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-14 00:14 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-14 00:14 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-14 00:14 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 00:14 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 00:14 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-14 00:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-14 00:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-14 00:14 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-14 00:14 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-14 00:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 22:54 - 2014-02-04 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 19:14 - 2014-02-05 16:46 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2014-02-05 16:59 - 2014-02-05 16:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-05 16:46 - 2014-02-05 16:46 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-02-05 16:41 - 2014-02-05 16:41 - 00000000 ____D () C:\Users\Eddy\.android
2014-02-05 06:15 - 2013-12-02 06:07 - 00000193 _____ () C:\Windows\WORDPAD.INI

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Eddy\AppData\Local\Temp\2949bed4-2a1e-4dff-9381-53fec5dcdc56.exe
C:\Users\Eddy\AppData\Local\Temp\72tuyydl.dll
C:\Users\Eddy\AppData\Local\Temp\8faf27c8-f37e-4e3c-becd-8c21d9764108.exe
C:\Users\Eddy\AppData\Local\Temp\9b092af6-5a05-4f45-9f52-a715e16627ce.exe
C:\Users\Eddy\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Eddy\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eddy\AppData\Local\Temp\czg85jvl.dll
C:\Users\Eddy\AppData\Local\Temp\HardwareCheck.exe
C:\Users\Eddy\AppData\Local\Temp\iao32ldx.dll
C:\Users\Eddy\AppData\Local\Temp\Quarantine.exe
C:\Users\Eddy\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Eddy\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Eddy\AppData\Local\Temp\sdapskill.exe
C:\Users\Eddy\AppData\Local\Temp\Uninstall.exe
C:\Users\Eddy\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eddy\AppData\Local\Temp\wgs3_tzt.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 19:39

==================== End Of Log ============================
         
malwarebytes hab ich auch durchlaufen lassen, folgende Logdatei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.27.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Eddy :: ZAUBERKISTE [Administrator]

06.03.2014 19:59:22
mbam-log-2014-03-06 (19-59-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219542
Laufzeit: 2 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.Agent) -> Daten: C:\ProgramData\Microsoft.com -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Danke im Vorraus für eure Mühe !!!

Alt 06.03.2014, 21:34   #2
mort
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld
__________________


Alt 06.03.2014, 22:21   #3
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Zitat:
Zitat von mort Beitrag anzeigen


Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld
Keine Panik, danke dir schonmal.
__________________

Alt 07.03.2014, 12:00   #4
mort
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Hallo, KaWumm und


Mir fehlt noch die Additions.txt vom ersten Scan.

Alt 07.03.2014, 17:05   #5
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Zitat:
Zitat von mort Beitrag anzeigen
Hallo, KaWumm und


Mir fehlt noch die Additions.txt vom ersten Scan.
Ich weiß jetzt nicht was du meinst sorry. Von welchem Scan?


Alt 07.03.2014, 17:10   #6
mort
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Auf deinem Desktop sollte neben der FRST.txt noch eine Additionals.txt sein.

Alt 09.03.2014, 08:14   #7
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Sorry ich war etwas im Stress die letzten Tage. Ne sorry eine Additionals.txt hab ich nicht auf dem Desktop.

Alt 09.03.2014, 13:27   #8
mort
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\Microsoft.com <===== ATTENTION
R2 wextradt; C:\Windows\system32\TRAPI64.exe [118784 2014-01-03] ()
C:\ProgramData\Microsoft.com
C:\Users\Eddy\AppData\Roaming\hst
C:\Windows\system32\TRAPI64.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 4

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Schritt 5

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Alt 09.03.2014, 16:56   #9
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Okay das ist Schritt 1 hier der dazugehörige Post:

Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by Eddy at 2014-03-09 16:54:18 Run:1
Running from C:\Users\Eddy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\Microsoft.com <===== ATTENTION
R2 wextradt; C:\Windows\system32\TRAPI64.exe [118784 2014-01-03] ()
C:\ProgramData\Microsoft.com
C:\Users\Eddy\AppData\Roaming\hst
C:\Windows\system32\TRAPI64.exe
*****************

HKU\S-1-5-21-3918896019-351383226-3202211127-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
wextradt => Service stopped successfully.
wextradt => Service deleted successfully.
"C:\ProgramData\Microsoft.com" => File/Directory not found.
C:\Users\Eddy\AppData\Roaming\hst => Moved successfully.
C:\Windows\system32\TRAPI64.exe => Moved successfully.

==== End of Fixlog ====
Jetzt weiter mit Schritt 2?

Alt 09.03.2014, 17:28   #10
mort
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



ja, einfach weitermachen

Alt 10.03.2014, 06:42   #11
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Schritt 2:

Zitat:
# AdwCleaner v3.020 - Bericht erstellt am 09/03/2014 um 17:45:17
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Eddy - ZAUBERKISTE
# Gestartet von : C:\Users\Eddy\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.0.2.0.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Toolbar Cleaner
Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Eddy\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Eddy\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Eddy\AppData\LocalLow\FlagFox
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\adawaretb
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_667490\ICQToolbarData
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\zvps7knb.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_667490\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\vw36353t.tarnfox\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\zvps7knb.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_667490\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\vw36353t.tarnfox\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\zvps7knb.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan
Ordner Gelöscht : C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Eddy\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\user.js
Datei Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_667490\user.js
Datei Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\vw36353t.tarnfox\user.js
Datei Gelöscht : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\zvps7knb.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch

***** [ Verknüpfungen ] *****
Schritt 3:
Zitat:
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Datenbank Version: v2014.03.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Eddy :: ZAUBERKISTE [Administrator]

09.03.2014 17:50:21
mbam-log-2014-03-09 (17-50-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221616
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Schritt 4 ( hat mal locker fast 4 Stunden gedauert )

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7152e8b720ae95449f13ccbe07e9efa0
# engine=17373
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-09 09:13:04
# local_time=2014-03-09 10:13:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 86 442672 143182180 0 0
# compatibility_mode=5893 16776573 100 94 188751 146029434 0 0
# scanned=480792
# found=8
# cleaned=1
# scan_time=13454
sh=81BB7B4A8C76E8EE7B62A55240E5418B118E56D4 ft=1 fh=c71c00118eecfdee vn="Variante von MSIL/Injector.CWN Trojaner" ac=I fn="C:\ProgramData\Windows Manager\winmgr.exe"
sh=81BB7B4A8C76E8EE7B62A55240E5418B118E56D4 ft=1 fh=c71c00118eecfdee vn="Variante von MSIL/Injector.CWN Trojaner" ac=I fn="C:\Users\All Users\Windows Manager\winmgr.exe"
sh=81BB7B4A8C76E8EE7B62A55240E5418B118E56D4 ft=1 fh=c71c00118eecfdee vn="Variante von MSIL/Injector.CWN Trojaner" ac=I fn="C:\Users\Eddy\AppData\Local\Temp\1771"
sh=81BB7B4A8C76E8EE7B62A55240E5418B118E56D4 ft=1 fh=c71c00118eecfdee vn="Variante von MSIL/Injector.CWN Trojaner" ac=I fn="C:\Users\Eddy\AppData\Local\Temp\5490"
sh=81BB7B4A8C76E8EE7B62A55240E5418B118E56D4 ft=1 fh=c71c00118eecfdee vn="Variante von MSIL/Injector.CWN Trojaner" ac=I fn="C:\Users\Eddy\AppData\Local\Temp\5854"
sh=81BB7B4A8C76E8EE7B62A55240E5418B118E56D4 ft=1 fh=c71c00118eecfdee vn="Variante von MSIL/Injector.CWN Trojaner" ac=I fn="C:\Users\Eddy\AppData\Local\Temp\8005"
sh=81BB7B4A8C76E8EE7B62A55240E5418B118E56D4 ft=1 fh=c71c00118eecfdee vn="Variante von MSIL/Injector.CWN Trojaner" ac=I fn="C:\Users\Eddy\AppData\Local\Temp\HardwareCheck.exe"
sh=B4E77504D48462108981E32908232AECED550E30 ft=1 fh=8875adce3e5b5647 vn="Variante von Win64/Agent.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\TRAPI64.exe09-03-2014_16-54-20"
Schritt 5:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014
Ran by Eddy (administrator) on ZAUBERKISTE on 09-03-2014 22:27:37
Running from C:\Users\Eddy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Windows\System32\DlProtectSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 12\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 12\fredirstarter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
() C:\ProgramData\dlprotect.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [NPSStartup] - [X]
HKLM-x32\...\Run: [SAFE12 HotKeys] - C:\Program Files (x86)\Steganos Safe 12\SteganosHotKeyService.exe [83456 2010-10-12] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE12 File Redirection Starter] - C:\Program Files (x86)\Steganos Safe 12\fredirstarter.exe [17408 2010-10-12] (Steganos Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2012-07-03] (Oracle Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-03] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b47b-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b48a-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b4a0-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {631ba6d5-be30-11e2-872c-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {631ba6fe-be30-11e2-872c-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {7b859413-8e91-11e3-9bef-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {c40524bb-64b7-11e2-9bab-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {c40524ca-64b7-11e2-9bab-dc0ea117d7cb} - F:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {FE34F891-810A-47E4-BC66-9F148E2C042F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{65DD6BC1-D7CA-466F-AEEE-5FC13BA9AD0D}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{686C1FE8-7F8B-4CD6-ADF4-8C4E81F1B862}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{E3E33E4B-FD1C-46F7-84D3-66ED461CA85B}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil
FF NewTab: about:home
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\amazon-icon@giga.de [2014-01-11]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-04]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin
FF HKLM-x32\...\Firefox\Extensions: [{8DB99B22-D5CD-4B26-B286-B54758D99799}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-10-20]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de?hl=de&gl=de
CHR DefaultSearchProvider: Google 
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de
CHR DefaultNewTabURL: Google
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (YouTube) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
CHR Extension: (Google-Suche) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
CHR Extension: (SiteAdvisor) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-09]
CHR Extension: (Download Protect) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\himabnlcmnncdpmdhhdmnfecamickegk [2014-01-17]
CHR Extension: (Amazon-Icon) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-01-13]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Lavasoft NewTab) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-10-28]
CHR Extension: (Google Mail) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2012-07-09]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Eddy\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-11]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-09-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [245744 2011-05-06] (CyberLink)
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-03] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-05-17] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4518008 2013-05-01] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

==================== Drivers (Whitelisted) ====================

S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-04] (GFI Software)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-07-24] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-12] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-09 22:27 - 2014-03-09 22:27 - 00000000 ____D () C:\Users\Eddy\Desktop\FRST-OlderVersion
2014-03-09 18:07 - 2014-03-09 18:07 - 02347384 _____ (ESET) C:\Users\Eddy\Desktop\esetsmartinstaller_deu.exe
2014-03-09 17:49 - 2014-03-09 17:49 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-09 17:48 - 2014-03-09 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Eddy\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-09 17:42 - 2014-03-09 17:42 - 00613200 _____ (Chip Digital GmbH) C:\Users\Eddy\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-09 12:37 - 2014-03-09 13:05 - 00000000 ____D () C:\Users\Eddy\Desktop\Saison 6
2014-03-06 20:08 - 2014-03-09 22:27 - 00028165 _____ () C:\Users\Eddy\Desktop\FRST.txt
2014-03-06 20:04 - 2014-03-09 22:27 - 02157056 _____ (Farbar) C:\Users\Eddy\Desktop\FRST64.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00050477 _____ () C:\Users\Eddy\Desktop\Defogger.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00000580 _____ () C:\Users\Eddy\Desktop\defogger_disable.log
2014-03-06 19:54 - 2014-03-06 19:54 - 00000020 _____ () C:\Users\Eddy\defogger_reenable
2014-02-27 14:18 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\DataWork
2014-02-27 09:42 - 2014-03-09 22:12 - 00000000 __SHD () C:\ProgramData\Windows Manager
2014-02-17 06:30 - 2014-02-17 06:30 - 00000408 _____ () C:\Users\Eddy\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-02-16 08:58 - 2014-02-21 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:56 - 2014-02-15 17:56 - 00002546 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-02-14 00:15 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 00:15 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 00:14 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 00:14 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 00:14 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 00:14 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 00:14 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 00:14 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 00:14 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 00:14 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 00:14 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 00:14 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 00:14 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 00:14 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 00:14 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 00:14 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 00:14 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 00:14 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 00:14 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 00:14 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 00:14 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 00:14 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 00:14 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 00:14 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 00:14 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 00:14 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 00:14 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 00:14 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 00:14 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 00:14 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 00:14 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 00:14 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 00:14 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 00:14 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 00:14 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 00:14 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 00:14 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 00:14 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 00:14 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 00:14 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 00:14 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 05:17 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 05:17 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 05:17 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 05:17 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 05:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 05:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 05:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 05:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 05:17 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 05:17 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 05:17 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 05:17 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 05:17 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 05:17 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 05:17 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-07 17:00 - 2014-03-09 22:05 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e.job
2014-02-07 17:00 - 2014-02-07 17:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e

==================== One Month Modified Files and Folders =======

2014-03-09 22:27 - 2014-03-09 22:27 - 00000000 ____D () C:\Users\Eddy\Desktop\FRST-OlderVersion
2014-03-09 22:27 - 2014-03-06 20:08 - 00028165 _____ () C:\Users\Eddy\Desktop\FRST.txt
2014-03-09 22:27 - 2014-03-06 20:04 - 02157056 _____ (Farbar) C:\Users\Eddy\Desktop\FRST64.exe
2014-03-09 22:27 - 2013-10-05 09:59 - 00000000 ____D () C:\FRST
2014-03-09 22:16 - 2012-04-03 16:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-09 22:12 - 2014-02-27 09:42 - 00000000 __SHD () C:\ProgramData\Windows Manager
2014-03-09 22:05 - 2014-02-07 17:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e.job
2014-03-09 18:07 - 2014-03-09 18:07 - 02347384 _____ (ESET) C:\Users\Eddy\Desktop\esetsmartinstaller_deu.exe
2014-03-09 17:59 - 2011-12-26 13:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-03-09 17:59 - 2011-12-26 13:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-03-09 17:59 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 17:53 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 17:53 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 17:49 - 2014-03-09 17:49 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-09 17:49 - 2013-05-28 15:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 17:49 - 2011-12-26 05:01 - 01785232 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 17:48 - 2014-03-09 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Eddy\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-09 17:46 - 2013-10-03 06:47 - 00011742 _____ () C:\Windows\setupact.log
2014-03-09 17:46 - 2012-07-09 18:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 17:46 - 2012-03-08 21:29 - 00000000 ____D () C:\ProgramData\clear.fi
2014-03-09 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 17:45 - 2013-10-05 13:04 - 00000000 ____D () C:\AdwCleaner
2014-03-09 17:45 - 2013-09-28 07:22 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-03-09 17:42 - 2014-03-09 17:42 - 00613200 _____ (Chip Digital GmbH) C:\Users\Eddy\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-09 13:05 - 2014-03-09 12:37 - 00000000 ____D () C:\Users\Eddy\Desktop\Saison 6
2014-03-09 12:26 - 2012-11-14 08:40 - 00000000 ___RD () C:\Users\Eddy\Desktop\MA
2014-03-09 08:56 - 2012-03-08 21:20 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\vlc
2014-03-07 17:57 - 2012-03-09 17:08 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\UseNeXT
2014-03-06 19:54 - 2014-03-06 19:54 - 00050477 _____ () C:\Users\Eddy\Desktop\Defogger.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00000580 _____ () C:\Users\Eddy\Desktop\defogger_disable.log
2014-03-06 19:54 - 2014-03-06 19:54 - 00000020 _____ () C:\Users\Eddy\defogger_reenable
2014-03-06 19:54 - 2012-03-08 20:00 - 00000000 ____D () C:\Users\Eddy
2014-03-05 16:05 - 2011-10-20 10:04 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-05 15:51 - 2013-10-03 06:47 - 00198152 _____ () C:\Windows\PFRO.log
2014-03-04 19:14 - 2011-10-20 10:04 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-04 18:00 - 2013-02-04 13:34 - 00000000 ____D () C:\ProgramData\Origin
2014-03-04 18:00 - 2013-02-04 13:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-04 16:30 - 2012-10-20 09:38 - 00002366 _____ () C:\Windows\Sandboxie.ini
2014-03-03 21:18 - 2014-02-27 14:18 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\DataWork
2014-02-28 19:21 - 2012-03-12 18:20 - 00022186 _____ () C:\Users\Eddy\AppData\Roaming\wklnhst.dat
2014-02-28 19:02 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-27 22:22 - 2012-03-09 05:49 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 21:22 - 2013-10-08 18:16 - 00000000 ___RD () C:\Users\Eddy\Desktop\Systemoptimierung
2014-02-21 17:32 - 2012-03-08 20:01 - 00000000 ____D () C:\Users\Eddy\AppData\Local\VirtualStore
2014-02-21 17:16 - 2012-04-03 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 17:16 - 2012-04-03 16:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 17:16 - 2011-10-20 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 15:55 - 2014-02-16 08:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 07:08 - 2013-05-11 02:58 - 00000000 ____D () C:\Windows\rescache
2014-02-17 06:30 - 2014-02-17 06:30 - 00000408 _____ () C:\Users\Eddy\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-02-17 05:31 - 2013-08-08 05:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 05:29 - 2012-03-13 05:40 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 15:35 - 2012-05-02 14:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 17:56 - 2014-02-15 17:56 - 00002546 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-02-11 08:04 - 2012-09-27 23:00 - 00000000 ____D () C:\Users\Eddy\.gimp-2.8
2014-02-10 16:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-07 17:00 - 2014-02-07 17:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e
2014-02-07 17:00 - 2012-07-09 18:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Eddy\AppData\Local\Temp\2949bed4-2a1e-4dff-9381-53fec5dcdc56.exe
C:\Users\Eddy\AppData\Local\Temp\72tuyydl.dll
C:\Users\Eddy\AppData\Local\Temp\8faf27c8-f37e-4e3c-becd-8c21d9764108.exe
C:\Users\Eddy\AppData\Local\Temp\9b092af6-5a05-4f45-9f52-a715e16627ce.exe
C:\Users\Eddy\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Eddy\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eddy\AppData\Local\Temp\czg85jvl.dll
C:\Users\Eddy\AppData\Local\Temp\iao32ldx.dll
C:\Users\Eddy\AppData\Local\Temp\Quarantine.exe
C:\Users\Eddy\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Eddy\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Eddy\AppData\Local\Temp\sdapskill.exe
C:\Users\Eddy\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eddy\AppData\Local\Temp\wgs3_tzt.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 19:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Sind wir dann durch? Wie es aussieht sind ja alle Plagegeister entfernt,oder?

Alt 10.03.2014, 08:32   #12
mort
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Wir sind erst durch, wenn ich dir sage, dass wir fertig sind.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [NPSStartup] - [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [{8DB99B22-D5CD-4B26-B286-B54758D99799}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
CHR Extension: (Download Protect) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\himabnlcmnncdpmdhhdmnfecamickegk [2014-01-17]
CHR Extension: (Amazon-Icon) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-01-13]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2012-07-09]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Eddy\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-03] ()
2014-03-09 17:45 - 2013-09-28 07:22 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
C:\Windows\System32\DlProtectSvc.exe
C:\ProgramData\dlprotect.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Alt 10.03.2014, 16:21   #13
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Schritt 1:
Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014
Ran by Eddy at 2014-03-10 16:16:42 Run:2
Running from C:\Users\Eddy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [NPSStartup] - [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [{8DB99B22-D5CD-4B26-B286-B54758D99799}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} [2014-02-21]
CHR Extension: (Download Protect) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\himabnlcmnncdpmdhhdmnfecamickegk [2014-01-17]
CHR Extension: (Amazon-Icon) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-01-13]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2012-07-09]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Eddy\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-03] ()
2014-03-09 17:45 - 2013-09-28 07:22 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
C:\Windows\System32\DlProtectSvc.exe
C:\ProgramData\dlprotect.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8DB99B22-D5CD-4B26-B286-B54758D99799} => Value deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{8DB99B22-D5CD-4B26-B286-B54758D99799} not found.
C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\himabnlcmnncdpmdhhdmnfecamickegk => Moved successfully.
C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\cfigonhgidedenkkhlilmefgodjpefna => Key deleted successfully.
"C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaokmnpaoippoclepikifeegeknpopea => Key deleted successfully.
"C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bddpogknpjlgfpbboediomaiiaecfajn => Key deleted successfully.
"C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cfigonhgidedenkkhlilmefgodjpefna => Key deleted successfully.
"C:\Users\Eddy\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg => Key deleted successfully.
C:\Users\Eddy\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
DlProtectSvc => Service stopped successfully.
DlProtectSvc => Service deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch => Moved successfully.
C:\Windows\System32\DlProtectSvc.exe => Moved successfully.
C:\ProgramData\dlprotect.exe => Moved successfully.

==== End of Fixlog ====
Schritt 2:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014
Ran by Eddy (administrator) on ZAUBERKISTE on 10-03-2014 16:18:56
Running from C:\Users\Eddy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 12\SteganosHotKeyService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 12\fredirstarter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SAFE12 HotKeys] - C:\Program Files (x86)\Steganos Safe 12\SteganosHotKeyService.exe [83456 2010-10-12] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE12 File Redirection Starter] - C:\Program Files (x86)\Steganos Safe 12\fredirstarter.exe [17408 2010-10-12] (Steganos Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2012-07-03] (Oracle Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b47b-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b48a-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {0697b4a0-bf20-11e2-9943-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {631ba6d5-be30-11e2-872c-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {631ba6fe-be30-11e2-872c-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {7b859413-8e91-11e3-9bef-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {c40524bb-64b7-11e2-9bab-dc0ea117d7cb} - F:\AutoRun.exe
HKU\S-1-5-21-3918896019-351383226-3202211127-1000\...\MountPoints2: {c40524ca-64b7-11e2-9bab-dc0ea117d7cb} - F:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {FE34F891-810A-47E4-BC66-9F148E2C042F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{65DD6BC1-D7CA-466F-AEEE-5FC13BA9AD0D}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{686C1FE8-7F8B-4CD6-ADF4-8C4E81F1B862}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{E3E33E4B-FD1C-46F7-84D3-66ED461CA85B}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil
FF NewTab: about:home
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\amazon-icon@giga.de [2014-01-11]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\i7su4pxk.Eddy Firefox Profil\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-04]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-10-20]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de?hl=de&gl=de
CHR DefaultSearchProvider: Google 
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de
CHR DefaultNewTabURL: hxxp://www.google.de/?hl=de&gl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (YouTube) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
CHR Extension: (Google-Suche) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
CHR Extension: (SiteAdvisor) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-09]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Lavasoft NewTab) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-10-28]
CHR Extension: (Google Mail) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-09-20]

==================== Services (Whitelisted) =================

S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [245744 2011-05-06] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-05-17] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4518008 2013-05-01] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

==================== Drivers (Whitelisted) ====================

S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-04] (GFI Software)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-07-24] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-12] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-09 17:49 - 2014-03-09 17:49 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-09 17:42 - 2014-03-09 17:42 - 00613200 _____ (Chip Digital GmbH) C:\Users\Eddy\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-09 12:37 - 2014-03-09 13:05 - 00000000 ____D () C:\Users\Eddy\Desktop\Saison 6
2014-03-06 20:08 - 2014-03-10 16:18 - 00026062 _____ () C:\Users\Eddy\Desktop\FRST.txt
2014-03-06 20:04 - 2014-03-09 22:27 - 02157056 _____ (Farbar) C:\Users\Eddy\Desktop\FRST64.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00050477 _____ () C:\Users\Eddy\Desktop\Defogger.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00000580 _____ () C:\Users\Eddy\Desktop\defogger_disable.log
2014-03-06 19:54 - 2014-03-06 19:54 - 00000020 _____ () C:\Users\Eddy\defogger_reenable
2014-02-27 14:18 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\DataWork
2014-02-27 09:42 - 2014-03-09 22:12 - 00000000 __SHD () C:\ProgramData\Windows Manager
2014-02-17 06:30 - 2014-02-17 06:30 - 00000408 _____ () C:\Users\Eddy\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-02-16 08:58 - 2014-02-21 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:56 - 2014-02-15 17:56 - 00002546 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-02-14 00:15 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 00:15 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 00:14 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 00:14 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 00:14 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 00:14 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 00:14 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 00:14 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 00:14 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 00:14 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 00:14 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 00:14 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 00:14 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 00:14 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 00:14 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 00:14 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 00:14 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 00:14 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 00:14 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 00:14 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 00:14 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 00:14 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 00:14 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 00:14 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 00:14 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 00:14 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 00:14 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 00:14 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 00:14 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 00:14 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 00:14 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 00:14 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 00:14 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 00:14 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 00:14 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 00:14 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 00:14 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 00:14 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 00:14 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 00:14 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 00:14 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 05:17 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 05:17 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 05:17 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 05:17 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 05:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 05:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 05:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 05:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 05:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 05:17 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 05:17 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 05:17 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 05:17 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 05:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 05:17 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 05:17 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 05:17 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 05:17 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 05:17 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-10 16:19 - 2014-03-06 20:08 - 00026062 _____ () C:\Users\Eddy\Desktop\FRST.txt
2014-03-10 16:18 - 2013-10-05 09:59 - 00000000 ____D () C:\FRST
2014-03-10 16:16 - 2012-04-03 16:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 16:09 - 2014-02-07 17:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf241db6c3750e.job
2014-03-10 07:43 - 2011-12-26 05:01 - 01807191 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 07:12 - 2011-12-26 13:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-03-10 07:12 - 2011-12-26 13:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-03-10 07:12 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 22:38 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 22:38 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 22:32 - 2012-03-08 21:29 - 00000000 ____D () C:\ProgramData\clear.fi
2014-03-09 22:31 - 2013-10-03 06:47 - 00200688 _____ () C:\Windows\PFRO.log
2014-03-09 22:31 - 2013-10-03 06:47 - 00011798 _____ () C:\Windows\setupact.log
2014-03-09 22:31 - 2012-07-09 18:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 22:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 22:27 - 2014-03-06 20:04 - 02157056 _____ (Farbar) C:\Users\Eddy\Desktop\FRST64.exe
2014-03-09 22:12 - 2014-02-27 09:42 - 00000000 __SHD () C:\ProgramData\Windows Manager
2014-03-09 17:49 - 2014-03-09 17:49 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-09 17:49 - 2013-05-28 15:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 17:45 - 2013-10-05 13:04 - 00000000 ____D () C:\AdwCleaner
2014-03-09 17:42 - 2014-03-09 17:42 - 00613200 _____ (Chip Digital GmbH) C:\Users\Eddy\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-09 13:05 - 2014-03-09 12:37 - 00000000 ____D () C:\Users\Eddy\Desktop\Saison 6
2014-03-09 12:26 - 2012-11-14 08:40 - 00000000 ___RD () C:\Users\Eddy\Desktop\MA
2014-03-09 08:56 - 2012-03-08 21:20 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\vlc
2014-03-07 17:57 - 2012-03-09 17:08 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\UseNeXT
2014-03-06 19:54 - 2014-03-06 19:54 - 00050477 _____ () C:\Users\Eddy\Desktop\Defogger.exe
2014-03-06 19:54 - 2014-03-06 19:54 - 00000580 _____ () C:\Users\Eddy\Desktop\defogger_disable.log
2014-03-06 19:54 - 2014-03-06 19:54 - 00000020 _____ () C:\Users\Eddy\defogger_reenable
2014-03-06 19:54 - 2012-03-08 20:00 - 00000000 ____D () C:\Users\Eddy
2014-03-05 16:05 - 2011-10-20 10:04 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-04 19:14 - 2011-10-20 10:04 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-04 18:00 - 2013-02-04 13:34 - 00000000 ____D () C:\ProgramData\Origin
2014-03-04 18:00 - 2013-02-04 13:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-04 16:30 - 2012-10-20 09:38 - 00002366 _____ () C:\Windows\Sandboxie.ini
2014-03-03 21:18 - 2014-02-27 14:18 - 00000000 ____D () C:\Users\Eddy\AppData\Roaming\DataWork
2014-02-28 19:21 - 2012-03-12 18:20 - 00022186 _____ () C:\Users\Eddy\AppData\Roaming\wklnhst.dat
2014-02-28 19:02 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-27 22:22 - 2012-03-09 05:49 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 21:22 - 2013-10-08 18:16 - 00000000 ___RD () C:\Users\Eddy\Desktop\Systemoptimierung
2014-02-21 17:32 - 2012-03-08 20:01 - 00000000 ____D () C:\Users\Eddy\AppData\Local\VirtualStore
2014-02-21 17:16 - 2012-04-03 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 17:16 - 2012-04-03 16:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 17:16 - 2011-10-20 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 15:55 - 2014-02-16 08:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 07:08 - 2013-05-11 02:58 - 00000000 ____D () C:\Windows\rescache
2014-02-17 06:30 - 2014-02-17 06:30 - 00000408 _____ () C:\Users\Eddy\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-02-17 05:31 - 2013-08-08 05:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 05:29 - 2012-03-13 05:40 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 15:35 - 2012-05-02 14:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 17:56 - 2014-02-15 17:56 - 00002546 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-02-11 08:04 - 2012-09-27 23:00 - 00000000 ____D () C:\Users\Eddy\.gimp-2.8
2014-02-10 16:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Eddy\AppData\Local\Temp\2949bed4-2a1e-4dff-9381-53fec5dcdc56.exe
C:\Users\Eddy\AppData\Local\Temp\72tuyydl.dll
C:\Users\Eddy\AppData\Local\Temp\8faf27c8-f37e-4e3c-becd-8c21d9764108.exe
C:\Users\Eddy\AppData\Local\Temp\9b092af6-5a05-4f45-9f52-a715e16627ce.exe
C:\Users\Eddy\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Eddy\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eddy\AppData\Local\Temp\czg85jvl.dll
C:\Users\Eddy\AppData\Local\Temp\iao32ldx.dll
C:\Users\Eddy\AppData\Local\Temp\Quarantine.exe
C:\Users\Eddy\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Eddy\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Eddy\AppData\Local\Temp\sdapskill.exe
C:\Users\Eddy\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eddy\AppData\Local\Temp\wgs3_tzt.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 19:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 10.03.2014, 17:34   #14
mort
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\Users\Eddy\AppData\Local\Temp\72tuyydl.dll
C:\Users\Eddy\AppData\Local\Temp\czg85jvl.dll
C:\Users\Eddy\AppData\Local\Temp\iao32ldx.dll
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Alt 10.03.2014, 17:46   #15
KaWumm
 
Windows 7: backdoor.Agent Trojaner - Standard

Windows 7: backdoor.Agent Trojaner



Schritt 1:

Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014
Ran by Eddy at 2014-03-10 17:43:27 Run:3
Running from C:\Users\Eddy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\Users\Eddy\AppData\Local\Temp\72tuyydl.dll
C:\Users\Eddy\AppData\Local\Temp\czg85jvl.dll
C:\Users\Eddy\AppData\Local\Temp\iao32ldx.dll

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value deleted successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
C:\Users\Eddy\AppData\Local\Temp\72tuyydl.dll => Moved successfully.
C:\Users\Eddy\AppData\Local\Temp\czg85jvl.dll => Moved successfully.
C:\Users\Eddy\AppData\Local\Temp\iao32ldx.dll => Moved successfully.

==== End of Fixlog ====

Antwort

Themen zu Windows 7: backdoor.Agent Trojaner
ad-aware, adobe, amazon-icon, bingbar, download protect, firefox, flash player, giga.de, home, homepage, hotspot, installation, internet, launch, mozilla, mp3, programm, realtek, registry, rundll, scan, security, services.exe, siteadvisor, svchost.exe, symantec, system, temp, trojaner, usb, wildtangent games, windows, wscript.exe



Ähnliche Themen: Windows 7: backdoor.Agent Trojaner


  1. Trojan.Agent und Backdoor.Agent eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (18)
  2. Trojanerproblem : Backdoor.Agent und Trojaner.Agent
    Log-Analyse und Auswertung - 06.06.2013 (8)
  3. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  4. GVU Trojaner windows 7 und backdoor.dorkbot
    Log-Analyse und Auswertung - 14.11.2012 (11)
  5. Backdoor.Agent.TRJ
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (19)
  6. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  7. Gleiches Problem wie Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Sh
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (12)
  8. Backdoor.Agent
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (16)
  9. Trojaner Sirefef und Conedex und Backdoor.Agent
    Log-Analyse und Auswertung - 02.03.2012 (29)
  10. Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
    Plagegeister aller Art und deren Bekämpfung - 28.01.2012 (13)
  11. Verschiedene Trojaner machen ne Party bei mir: Dropper.gen trojan.agent und backdoor.gen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (33)
  12. Trojaner Befall! z.B Backdoor.win32.Agent.ich
    Log-Analyse und Auswertung - 10.01.2010 (18)
  13. Hilfe gegen Trojaner TR\Agent.aec bzw. Backdoor.Win32.Rukap.Gen
    Log-Analyse und Auswertung - 18.09.2007 (3)
  14. Tips, Bypass, Agent: Virus /Trojaner/Backdoor-verseucht Windows ME
    Log-Analyse und Auswertung - 20.01.2007 (6)
  15. Backdoor.Win32.Agent.rw und weitere trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2006 (9)
  16. Backdoor BDS/Agent.AY
    Plagegeister aller Art und deren Bekämpfung - 28.12.2005 (14)
  17. Backdoor.Agent.bg
    Log-Analyse und Auswertung - 13.07.2005 (2)

Zum Thema Windows 7: backdoor.Agent Trojaner - Ich hab mir einen Trojaner eingefangen und schon ein paar Vorarbeiten gemacht. Meine Sicherheitssoftware ( McAfee Internet Security Suite ) hat nun schon ein paarmal ein unerwünschtes Programm geblockt, ich - Windows 7: backdoor.Agent Trojaner...
Archiv
Du betrachtest: Windows 7: backdoor.Agent Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.