Redtube Abmahnvirus Mail geöffnet - Windows7

Malgilu · 12.12.2013, 18:54

Hallo liebe Trojaner,

ich habe diese böse Mail (Abmahnung Redtube) auch bekommen und geöffnet.

Seitdem habe ich mir wohl Malware eingefangen.
Wegen Problemen mit dem Mailpostfach habe ich unglücklicherweise den Virenscanner Mc Affee für den Mailbereich ausgeschaltet und versäumt ihn nach der Behebung wieder zu aktivieren.

Symptome sind.:
McAffee führt keine Scans mehr aus
Email - Programm stürzt ohne Grund ab
Facebook sperrt mich aus mit Hinweis auf Virus
Computer friert ein bzw. bleibt stehen - nur noch Aus-Taste hilft.

Den Anhang habe ich nur mit winzip angekuckt - es war eine .com Datei drin - Die habe ich nicht angeklickt, weil mir da klar war, das ist ein Virus.

Ich bitte Euch um Hilfe.
Vielen dank vorab

schrauber · 12.12.2013, 22:05

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Malgilu · 12.12.2013, 22:40

Hi Schrauber,

danke für's kümmern...

Hab gedacht ich hätte die 8 Gebote des Postens gewissenhaft eingehalten

... Aber gerne nochmal Inline wie folgt:

1.

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:47 on 12/12/2013 (ado01)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

2. addition

Code:

ATTFilter

==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 4095.24 MB
Available physical RAM: 2121.81 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 5908.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.07 GB) (Free:810.14 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.35 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 9165E051)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

3. frst

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by ado01 (administrator) on ADO01-HP on 12-12-2013 17:51:50
Running from C:\Users\ado01\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\System32\GFilterSvc.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(@MAX Software) C:\Program Files (x86)\MaxSyncUp\msusvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Users\ado01\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
() C:\Windows\System32\pxmas64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(@MAX Software) C:\Program Files (x86)\MaxSyncUp\MaxSyncUp.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files\Start Menu XP\StartMenuXP.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
() C:\Users\ado01\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Program Files (x86)\SEC\MT2.5_RAFF\GammaTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Dropbox, Inc.) C:\Users\ado01\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\ProgramData\McAfee\MSC\Updates\Installs\1\vso\McInst.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Casper\installer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Ocs_SM] - C:\Users\ado01\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-02-22] (OCS)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [242192 2008-02-29] (Logicool, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-09-19] (NVIDIA Corporation)
HKLM\...\Run: [McAfeeWrapperApplication] - C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe [453344 2011-05-11] (McAfee, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [StartMenuXP] - C:\Program Files\Start Menu XP\StartMenuXP.exe [4047256 2011-07-15] ()
HKCU\...\Run: [Driver Restore] - C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\ado01\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-01-25] (EasyBits Software AS)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1804240 2013-12-10] (APN)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [MagicTuneLauncher] - C:\Program Files (x86)\MagicTune Premium\MagicTuneLauncher.exe [51712 2011-10-17] ()
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2334384 2013-11-22] ()
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH)
HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [875288 2013-11-21] (Tlapia)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
Startup: C:\Users\ado01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ado01\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119528&babsrc=HP_ss&mntrId=7e5964dd0000000000001cc1de4fd55f
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
URLSearchHook: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin2.dll (Conduit Ltd.)
URLSearchHook: HKCU - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin2.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - DefaultScope {2C4A7C9D-649D-4B2E-A729-7A8EFB196755} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4850445444462670633D485044544446267372633D49452D536561726368426F78&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F713D7B7365617263685465726D737D2661666649443D313139353238266261627372633D53505F7373266D6E747249643D3765353936346464303030303030303030303030316363316465346664353566&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&k=0
SearchScopes: HKCU - {20A375D2-F4A4-474A-B3C7-AE4253133C7F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {256356D6-462D-424A-B287-667902B13E68} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {2C4A7C9D-649D-4B2E-A729-7A8EFB196755} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4850445444462670633D485044544446267372633D49452D536561726368426F78&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&k=0
SearchScopes: HKCU - {3773107E-5E20-43E9-A408-FFFD85A7603C} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {77542EBE-B39C-4510-BB6E-E561DAAC6ADF} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {91497701-CF7B-4485-AD27-3B4BD6962848} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={155FA588-66ED-4CA5-9E37-9F95B7C7B413}&mid=a611c823f8884b8aa7fe798700a80740-3f6f06d673005f88f4cb5210a17c3f0ec7963d43&lang=en&ds=fp011&pr=sa&d=2013-11-22 10:02:14&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A45F014C-8EE8-41DB-B6F5-019A38131B0B} URL = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&k=0
SearchScopes: HKCU - {CA8A7ED8-E748-40A4-B5B1-AC288A54B7E1} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CD640FE1-9E51-4AB5-8CBC-6C297DEFE228} URL = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432343831303230&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&k=0
SearchScopes: HKCU - {DAE502FB-FB2A-42D1-AF38-1A06DE5119A5} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4F524A266F3D313030303030303237267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D55332661706E5F647469643D595959595959595944452661706E5F7569643D35363939313937302D343536412D343238352D394243412D3336394132413646324535302661706E5F73617569643D39454331393046352D303334452D343845332D424544372D434236434439303030324431&st={searchTerms}&clid=daf28c01-606f-4e27-a8ea-1210bc48da15&pid=freewarede&k=0
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -  No File
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin2.dll (Conduit Ltd.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-08-19] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.113.254

FireFox:
========
FF ProfilePath: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default
FF user.js: detected! => C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\user.js
FF NewTab: hxxp://google.com
FF SearchEngineOrder.1: Ask Search
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7Bd7f4056b-d149-4c56-83d4-35fd8f64ee7d%7D&mid=a611c823f8884b8aa7fe798700a80740-3f6f06d673005f88f4cb5210a17c3f0ec7963d43&ds=fp011&v=17.1.3.1&lang=en&pr=sa&d=2013-11-22%2010%3A02%3A14&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\ado01\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\ado01\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\searchplugins\googlede-pws.xml
FF SearchPlugin: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\searchplugins\s-amazon-de.xml
FF SearchPlugin: C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iMacros for Firefox - C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: No Name - C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\Extensions\firejump_1027.zip
FF Extension: googledictionary - C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\Extensions\googledictionary@toptip.ca.xpi
FF Extension: My-Translator - C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\Extensions\My-Translator@eugenche.com.xpi
FF Extension: No Name - C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\Extensions\{aa26583b-4c35-4729-913e-156956078824}.xpi
FF Extension: Adblock Plus - C:\Users\ado01\AppData\Roaming\Mozilla\Firefox\Profiles\9ze80ksw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.1
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.1
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: homepage_is_newtabpage
CHR DefaultSearchURL: hxxp://mysearch.avg.com/search?cid={155FA588-66ED-4CA5-9E37-9F95B7C7B413}&mid=a611c823f8884b8aa7fe798700a80740-3f6f06d673005f88f4cb5210a17c3f0ec7963d43&lang=en&ds=fp011&pr=sa&d=2013-11-22 10:02:14&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Download Protect) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdmeomkgialgjeldmjifpepkiobaddk\2.1_0
CHR Extension: (SiteAdvisor) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Download Protect) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\khapedheeglfallibngdphdedjjpceam\2.1_0
CHR Extension: (BrowseToolE0191) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.3.19.11_0
CHR Extension: (Gmail) - C:\Users\ado01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\ado01\AppData\Local\newhb2.crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\ado01\AppData\Local\newhb2.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.1.3.1\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\ado01\AppData\Local\Temp\tbch.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\ado01\AppData\Local\Temp\YontooLayers.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 0213731386855533mcinstcleanup; C:\Windows\TEMP\021373~1.EXE [834664 2013-07-30] (McAfee, Inc.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-10] (APN LLC.)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG)
R2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [121856 2013-02-22] ()
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 MaxSyncUpService; C:\Program Files (x86)\MaxSyncUp\msusvc.exe [1701280 2012-08-07] (@MAX Software)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-09-19] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-09-12] (Realtek Semiconductor)
R2 SearchAnonymizer; C:\Users\ado01\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-02-22] ()
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [398616 2013-11-21] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [397080 2013-11-21] (Tlapia)
R2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [1643696 2013-11-22] (AVG Secure Search)
R2 wimservd; C:\Windows\system32\pxmas64.exe [114176 2013-02-22] ()

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-22] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-03-24] ()
S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [14216 2011-03-24] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-03-24] ()
S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [8456 2011-03-24] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [54800 2008-02-29] (Logicool, Inc.)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57360 2008-02-29] (Logicool, Inc.)
S1 MagicTune; C:\Windows\SysWow64\drivers\MTictwl.sys [13396 2005-10-21] ()
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 motmodem; system32\DRIVERS\motmodem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 17:51 - 2013-12-12 17:52 - 00036045 _____ C:\Users\ado01\Desktop\FRST.txt
2013-12-12 17:51 - 2013-12-12 17:51 - 01927106 _____ (Farbar) C:\Users\ado01\Desktop\FRST64.exe
2013-12-12 17:51 - 2013-12-12 17:51 - 00000000 ____D C:\FRST
2013-12-12 17:47 - 2013-12-12 17:47 - 00000472 _____ C:\Users\ado01\Desktop\defogger_disable.log
2013-12-12 17:47 - 2013-12-12 17:47 - 00000000 _____ C:\Users\ado01\defogger_reenable
2013-12-12 17:46 - 2013-12-12 17:46 - 00050477 _____ C:\Users\ado01\Desktop\Defogger.exe
2013-12-12 13:39 - 2013-12-12 14:21 - 00002021 _____ C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
2013-12-12 10:17 - 2013-12-12 10:17 - 00000030 _____ C:\Windows\Iedit.INI
2013-12-12 09:44 - 2013-12-12 09:44 - 00000000 ____D C:\Program Files (x86)\enginesysTPL
2013-12-12 09:44 - 2013-12-12 09:44 - 00000000 _____ C:\Windows\SysWOW64\wget-log
2013-12-12 09:43 - 2013-12-12 12:46 - 00000000 ____D C:\Program Files (x86)\sysTPL
2013-12-12 09:43 - 2013-12-12 10:10 - 00000000 ____D C:\Users\ado01\AppData\Roaming\Tlapia
2013-12-12 09:43 - 2013-12-12 09:43 - 05650336 _____ (Tlapia) C:\Users\ado01\Downloads\thunderbird.exe
2013-12-12 09:43 - 2013-12-12 09:43 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-08 12:51 - 2013-12-08 12:51 - 00001041 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2013-12-08 12:51 - 2013-12-08 12:51 - 00001021 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-11-26 22:00 - 2013-12-11 03:07 - 00181544 _____ C:\Windows\IE11_main.log
2013-11-22 10:41 - 2013-11-22 10:41 - 00000000 ____D C:\Program Files (x86)\Artisteer 4 (4)
2013-11-22 10:23 - 2013-11-22 10:26 - 123768816 _____ C:\Users\ado01\Downloads\Artisteer.4.2.0.60623.exe
2013-11-22 10:02 - 2013-11-22 10:05 - 00000000 ____D C:\Users\ado01\AppData\Local\AVG SafeGuard toolbar
2013-11-22 10:02 - 2013-11-22 10:02 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-11-22 10:02 - 2013-11-22 10:01 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-22 10:01 - 2013-11-22 10:02 - 00003725 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-22 10:01 - 2013-11-22 10:01 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-11-22 10:00 - 2013-11-22 10:01 - 00000000 ____D C:\Users\ado01\AppData\Roaming\DivX
2013-11-22 10:00 - 2013-11-22 10:00 - 00000000 ____D C:\Program Files\DivX
2013-11-22 09:59 - 2013-11-22 09:59 - 00425488 _____ (FontPark) C:\Users\ado01\Downloads\dear-sarah.exe
2013-11-22 09:58 - 2013-11-22 10:01 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-22 09:58 - 2013-11-22 09:58 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-22 09:58 - 2011-05-30 14:42 - 00255488 _____ C:\Windows\system32\xvidvfw.dll
2013-11-22 09:58 - 2011-05-30 14:42 - 00240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2013-11-22 09:58 - 2011-05-23 10:52 - 00153088 _____ C:\Windows\SysWOW64\xvid.ax
2013-11-22 09:58 - 2011-05-23 08:49 - 00173568 _____ C:\Windows\system32\xvid.ax
2013-11-22 09:58 - 2011-05-23 08:46 - 00645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2013-11-22 09:58 - 2011-05-23 08:45 - 00696832 _____ C:\Windows\system32\xvidcore.dll
2013-11-22 09:57 - 2013-11-22 10:01 - 00000000 ____D C:\ProgramData\DivX
2013-11-22 09:57 - 2013-11-22 09:58 - 00000000 ____D C:\Users\ado01\AppData\Roaming\LavFilters
2013-11-22 09:57 - 2013-11-22 09:58 - 00000000 ____D C:\Users\ado01\AppData\Roaming\CDXReader
2013-11-22 09:57 - 2013-11-22 09:58 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-22 09:57 - 2013-11-22 09:57 - 00715038 _____ C:\Windows\unins000.exe
2013-11-22 09:57 - 2013-11-22 09:57 - 00001990 _____ C:\Windows\unins000.dat
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Users\ado01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-22 09:57 - 2012-02-26 16:47 - 00079360 _____ C:\Windows\SysWOW64\ff_vfw.dll
2013-11-22 09:57 - 2012-01-09 20:45 - 00178688 _____ C:\Windows\SysWOW64\unrar.dll
2013-11-22 09:57 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2013-11-22 09:57 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-11-22 09:56 - 2013-11-22 09:56 - 00680352 _____ C:\Users\ado01\Downloads\UltimateCodec.exe
2013-11-22 09:33 - 2013-11-22 09:33 - 00000000 ____D C:\Program Files (x86)\SEC
2013-11-22 09:33 - 2004-10-01 18:37 - 00036864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi9x.dll
2013-11-22 09:33 - 2004-09-28 18:05 - 00040960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvgpio.dll
2013-11-22 09:25 - 2013-11-22 09:25 - 00680560 _____ C:\Users\ado01\Downloads\ZipExtractorSetup.exe
2013-11-22 09:25 - 2013-11-22 09:25 - 00001159 _____ C:\Users\UpdatusUser\Desktop\Continue Zip Extractor Installation.lnk
2013-11-22 09:12 - 2013-11-22 09:13 - 26904740 _____ C:\Users\ado01\Downloads\MT2.5_RAFF_31.zip
2013-11-20 10:05 - 2013-11-20 10:05 - 00000000 ____D C:\Program Files (x86)\MagicTune Premium
2013-11-20 10:05 - 2005-10-21 07:25 - 00013396 _____ C:\Windows\SysWOW64\Drivers\MTictwl.sys
2013-11-20 10:05 - 2003-07-14 22:57 - 00102968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMEKR70.IME
2013-11-20 10:01 - 2013-11-20 10:02 - 00000000 ____D C:\Program Files (x86)\MonitorDriver
2013-11-20 10:01 - 2013-11-20 10:01 - 00000000 ____D C:\Users\ado01\AppData\Roaming\InstallShield
2013-11-20 09:58 - 2013-11-20 10:00 - 00000000 ____D C:\Samsung
2013-11-16 10:16 - 2013-11-22 10:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 18:37 - 2013-11-15 18:37 - 00002053 _____ C:\Users\Public\Desktop\250.000 ClipArts.lnk
2013-11-15 18:27 - 2013-11-15 18:27 - 00000000 ____D C:\Program Files (x86)\Sybex
2013-11-14 21:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 21:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 21:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 21:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 21:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 21:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 21:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 21:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 21:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 21:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 21:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 21:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 21:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 21:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 21:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 21:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 21:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 21:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 21:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 21:56 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 21:56 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 21:56 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 21:56 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 21:56 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 21:56 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 21:56 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 21:56 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 21:56 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 21:56 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 21:56 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 21:56 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 21:53 - 2013-11-14 21:56 - 00000000 ____D C:\96cfc42e8e91a789ca6594731da764
2013-11-14 06:57 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 06:57 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 06:57 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 06:57 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 06:57 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 06:57 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 06:57 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 06:57 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 06:57 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 06:57 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 06:57 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 06:57 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 06:57 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 06:57 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 06:57 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 06:56 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 06:56 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 06:56 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 06:56 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 06:56 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 06:56 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 06:56 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 06:56 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 06:56 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 06:56 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 06:56 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 06:56 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 06:56 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 06:56 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 06:56 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

==================== One Month Modified Files and Folders =======

2013-12-12 17:52 - 2013-12-12 17:51 - 00036045 _____ C:\Users\ado01\Desktop\FRST.txt
2013-12-12 17:51 - 2013-12-12 17:51 - 01927106 _____ (Farbar) C:\Users\ado01\Desktop\FRST64.exe
2013-12-12 17:51 - 2013-12-12 17:51 - 00000000 ____D C:\FRST
2013-12-12 17:51 - 2013-03-20 12:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-12 17:47 - 2013-12-12 17:47 - 00000472 _____ C:\Users\ado01\Desktop\defogger_disable.log
2013-12-12 17:47 - 2013-12-12 17:47 - 00000000 _____ C:\Users\ado01\defogger_reenable
2013-12-12 17:47 - 2011-01-02 16:46 - 00000000 ____D C:\Users\ado01
2013-12-12 17:46 - 2013-12-12 17:46 - 00050477 _____ C:\Users\ado01\Desktop\Defogger.exe
2013-12-12 17:19 - 2010-08-19 10:03 - 01078353 _____ C:\Windows\WindowsUpdate.log
2013-12-12 17:08 - 2013-07-25 13:08 - 00000286 _____ C:\Windows\Tasks\DSite.job
2013-12-12 17:00 - 2013-02-08 12:01 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 16:56 - 2013-01-26 15:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 16:52 - 2013-10-12 09:37 - 00000000 ____D C:\Users\ado01\AppData\Local\McAfee File Lock
2013-12-12 16:32 - 2011-07-03 13:21 - 00000000 ____D C:\Users\ado01\AppData\Local\CrashDumps
2013-12-12 16:30 - 2011-07-06 15:07 - 00000000 ____D C:\Users\ado01\AppData\Roaming\CoreFTP
2013-12-12 15:01 - 2013-07-25 13:35 - 00000276 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-12-12 14:38 - 2013-03-20 12:19 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-12 14:31 - 2013-10-28 21:03 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-12-12 14:31 - 2009-07-14 05:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 14:31 - 2009-07-14 05:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 14:30 - 2013-03-20 12:21 - 00000000 __RSD C:\Users\ado01\Documents\McAfee-Tresore
2013-12-12 14:29 - 2010-08-19 10:43 - 00768344 _____ C:\Windows\system32\perfh007.dat
2013-12-12 14:29 - 2010-08-19 10:43 - 00176292 _____ C:\Windows\system32\perfc007.dat
2013-12-12 14:29 - 2009-07-14 06:13 - 01789076 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 14:28 - 2013-08-26 10:51 - 00000000 ___RD C:\Users\ado01\Dropbox
2013-12-12 14:28 - 2013-08-26 10:44 - 00000000 ____D C:\Users\ado01\AppData\Roaming\Dropbox
2013-12-12 14:27 - 2013-02-08 12:01 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 14:24 - 2013-10-15 17:24 - 00014365 _____ C:\Windows\setupact.log
2013-12-12 14:23 - 2013-10-15 17:39 - 00023908 _____ C:\Windows\PFRO.log
2013-12-12 14:23 - 2010-08-19 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 14:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 14:21 - 2013-12-12 13:39 - 00002021 _____ C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
2013-12-12 12:46 - 2013-12-12 09:43 - 00000000 ____D C:\Program Files (x86)\sysTPL
2013-12-12 12:04 - 2013-07-27 10:08 - 00000117 _____ C:\Users\ado01\AppData\Roaming\WB.CFG
2013-12-12 12:04 - 2013-07-25 14:08 - 00000006 _____ C:\Users\ado01\AppData\Roaming\WBPU-TTL.DAT
2013-12-12 10:32 - 2013-05-11 16:05 - 00000000 ___RD C:\Users\ado01\Desktop\Browser
2013-12-12 10:29 - 2012-05-02 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-12 10:19 - 2013-04-03 13:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 10:19 - 2011-02-06 14:28 - 00000000 ____D C:\Users\ado01\AppData\Local\Thunderbird
2013-12-12 10:17 - 2013-12-12 10:17 - 00000030 _____ C:\Windows\Iedit.INI
2013-12-12 10:17 - 2011-07-12 12:50 - 00000570 _____ C:\Windows\ulead32.ini
2013-12-12 10:10 - 2013-12-12 09:43 - 00000000 ____D C:\Users\ado01\AppData\Roaming\Tlapia
2013-12-12 09:56 - 2013-01-26 15:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 09:56 - 2013-01-26 15:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 09:56 - 2011-05-17 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 09:44 - 2013-12-12 09:44 - 00000000 ____D C:\Program Files (x86)\enginesysTPL
2013-12-12 09:44 - 2013-12-12 09:44 - 00000000 _____ C:\Windows\SysWOW64\wget-log
2013-12-12 09:43 - 2013-12-12 09:43 - 05650336 _____ (Tlapia) C:\Users\ado01\Downloads\thunderbird.exe
2013-12-12 09:43 - 2013-12-12 09:43 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-12 09:41 - 2011-04-06 10:19 - 00000000 ____D C:\Users\ado01\freeware
2013-12-11 03:07 - 2013-11-26 22:00 - 00181544 _____ C:\Windows\IE11_main.log
2013-12-10 17:12 - 2011-04-06 15:52 - 00000000 ____D C:\Users\ado01\ado
2013-12-10 08:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-09 13:07 - 2011-06-11 12:45 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForado01
2013-12-09 13:07 - 2011-06-11 12:45 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForado01.job
2013-12-08 13:46 - 2011-06-11 12:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-08 13:45 - 2011-12-04 12:15 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-08 13:43 - 2011-06-11 12:44 - 00000000 ____D C:\Users\ado01\AppData\Roaming\HP Support Assistant
2013-12-08 13:43 - 2011-02-06 13:37 - 00000000 ____D C:\Users\ado01\AppData\Roaming\HpUpdate
2013-12-08 12:51 - 2013-12-08 12:51 - 00001041 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2013-12-08 12:51 - 2013-12-08 12:51 - 00001021 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-12-08 12:51 - 2011-09-10 15:07 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-12-04 14:35 - 2013-07-25 13:35 - 00000284 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-12-04 13:09 - 2011-09-27 15:04 - 00226928 _____ C:\Users\ado01\AppData\Roaming\GDIPFONTCACHEV1.DAT
2013-11-30 22:55 - 2013-02-08 12:01 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-30 22:55 - 2013-02-08 12:01 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-30 10:29 - 2011-01-02 16:47 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-11-22 13:46 - 2011-02-06 14:47 - 00000000 ___RD C:\Users\ado01\Desktop\Websites
2013-11-22 10:45 - 2010-08-19 10:28 - 00000000 ____D C:\Program Files (x86)\EasyBits For Kids
2013-11-22 10:41 - 2013-11-22 10:41 - 00000000 ____D C:\Program Files (x86)\Artisteer 4 (4)
2013-11-22 10:37 - 2009-07-14 05:45 - 00654280 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 10:31 - 2013-10-31 11:03 - 00000000 ____D C:\Program Files (x86)\Artisteer 4 (3)
2013-11-22 10:26 - 2013-11-22 10:23 - 123768816 _____ C:\Users\ado01\Downloads\Artisteer.4.2.0.60623.exe
2013-11-22 10:07 - 2011-01-02 16:47 - 00226928 _____ C:\Users\ado01\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 10:05 - 2013-11-22 10:02 - 00000000 ____D C:\Users\ado01\AppData\Local\AVG SafeGuard toolbar
2013-11-22 10:02 - 2013-11-22 10:02 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-11-22 10:02 - 2013-11-22 10:01 - 00003725 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-22 10:02 - 2013-11-16 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-22 10:01 - 2013-11-22 10:02 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-22 10:01 - 2013-11-22 10:01 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-11-22 10:01 - 2013-11-22 10:00 - 00000000 ____D C:\Users\ado01\AppData\Roaming\DivX
2013-11-22 10:01 - 2013-11-22 09:58 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-22 10:01 - 2013-11-22 09:57 - 00000000 ____D C:\ProgramData\DivX
2013-11-22 10:00 - 2013-11-22 10:00 - 00000000 ____D C:\Program Files\DivX
2013-11-22 09:59 - 2013-11-22 09:59 - 00425488 _____ (FontPark) C:\Users\ado01\Downloads\dear-sarah.exe
2013-11-22 09:58 - 2013-11-22 09:58 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-22 09:58 - 2013-11-22 09:57 - 00000000 ____D C:\Users\ado01\AppData\Roaming\LavFilters
2013-11-22 09:58 - 2013-11-22 09:57 - 00000000 ____D C:\Users\ado01\AppData\Roaming\CDXReader
2013-11-22 09:58 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-22 09:57 - 2013-11-22 09:57 - 00715038 _____ C:\Windows\unins000.exe
2013-11-22 09:57 - 2013-11-22 09:57 - 00001990 _____ C:\Windows\unins000.dat
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Users\ado01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-22 09:57 - 2013-11-22 09:57 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-22 09:56 - 2013-11-22 09:56 - 00680352 _____ C:\Users\ado01\Downloads\UltimateCodec.exe
2013-11-22 09:33 - 2013-11-22 09:33 - 00000000 ____D C:\Program Files (x86)\SEC
2013-11-22 09:33 - 2010-08-19 10:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-22 09:25 - 2013-11-22 09:25 - 00680560 _____ C:\Users\ado01\Downloads\ZipExtractorSetup.exe
2013-11-22 09:25 - 2013-11-22 09:25 - 00001159 _____ C:\Users\UpdatusUser\Desktop\Continue Zip Extractor Installation.lnk
2013-11-22 09:13 - 2013-11-22 09:12 - 26904740 _____ C:\Users\ado01\Downloads\MT2.5_RAFF_31.zip
2013-11-21 00:17 - 2011-06-20 10:43 - 00000000 ____D C:\Users\ado01\AppData\Local\Adobe
2013-11-20 10:05 - 2013-11-20 10:05 - 00000000 ____D C:\Program Files (x86)\MagicTune Premium
2013-11-20 10:02 - 2013-11-20 10:01 - 00000000 ____D C:\Program Files (x86)\MonitorDriver
2013-11-20 10:01 - 2013-11-20 10:01 - 00000000 ____D C:\Users\ado01\AppData\Roaming\InstallShield
2013-11-20 10:00 - 2013-11-20 09:58 - 00000000 ____D C:\Samsung
2013-11-18 15:04 - 2013-10-21 17:53 - 00001933 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-18 15:04 - 2013-10-21 17:53 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-15 19:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-15 18:37 - 2013-11-15 18:37 - 00002053 _____ C:\Users\Public\Desktop\250.000 ClipArts.lnk
2013-11-15 18:27 - 2013-11-15 18:27 - 00000000 ____D C:\Program Files (x86)\Sybex
2013-11-15 18:13 - 2011-10-11 13:23 - 00291328 ___SH C:\Users\ado01\Downloads\Thumbs.db
2013-11-15 09:44 - 2009-07-24 20:22 - 00000000 ____D C:\Windows\Panther
2013-11-14 21:56 - 2013-11-14 21:53 - 00000000 ____D C:\96cfc42e8e91a789ca6594731da764
2013-11-14 21:56 - 2013-08-14 21:24 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:53 - 2011-04-16 09:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 12:28 - 2012-03-21 14:54 - 00020250 _____ C:\Users\ado01\AppData\Local\internal.grp

ZeroAccess:
C:\Users\ado01\AppData\Local\{7cd8b7ad-8a4b-801d-456b-174195f436f0}
C:\Users\ado01\AppData\Local\{7cd8b7ad-8a4b-801d-456b-174195f436f0}\@

Files to move or delete:
====================
C:\Users\ado01\AmazonMP3DownloaderInstall.exe


Some content of TEMP:
====================
C:\Users\ado01\AppData\Local\Temp\381.6618494251329_Update.exe
C:\Users\ado01\AppData\Local\Temp\aiw8080804.DLL
C:\Users\ado01\AppData\Local\Temp\aiw8081054.EXE
C:\Users\ado01\AppData\Local\Temp\EasyLogin_setup_DE.exe
C:\Users\ado01\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\ado01\AppData\Local\Temp\jtrxf0c6.dll
C:\Users\ado01\AppData\Local\Temp\oi_{4F8FFD01-1AAA-494E-8EC8-1031F51BEA05}.exe
C:\Users\ado01\AppData\Local\Temp\PagePlus-X7-de-DE_17.0.2.26_64-Bit_Patch-Setup.exe
C:\Users\ado01\AppData\Local\Temp\pdf24-creator-update.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 16:59

==================== End Of Log ============================

--- --- ---

4.gmer

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-12 18:26:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST31000528AS rev.HP35 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ado01\AppData\Local\Temp\pgtirpog.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable      fffff960000d4100 7 bytes [C0, 92, F3, FF, 01, 9C, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 9  fffff960000d4109 2 bytes [06, 02]

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                unknown MBR code

---- EOF - GMER 2.1 ----

Vielen Dank
Karin

schrauber · 13.12.2013, 20:07

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Redtube Abmahnvirus Mail geöffnet - Windows7

Plagegeister aller Art und deren Bekämpfung: Redtube Abmahnvirus Mail geöffnet - Windows7