Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mapsgalaxy-Toolbar und /-Service

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.05.2014, 19:30   #1
polonez
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Hallo,

mein Sohn hat im Affekt leider eine falsche Datei runter geladen (hxxp://flvrunner.com/d/fileconverter.php) und gleich ausgeführt.

Es hat sich jede Menge installiert: unter anderem Integration in Firefox und IE11. Auf der Systempartition unter "C:\Program Files\" entstand ein Verzeichnis "MapsGalaxy_39" mit mehreren Unterverzeichnissen.

Folgende Änderungen/neue Einträge:
- unter Diensten ist ein neuer Eintrag: "MapsGalaxy_39Service" (habe deaktiviert)
- im Taskmanager: "39barsvc.exe" (gekillt)
- msconfig: unter Dienste -> "MapsGalaxyService" UND unter Systemstart -> "t8MedInt"
beide Einträge unter msconfig habe ich deaktiviert

Im Firefox und IE habe ich die AddOns deaktiviert. Soll ich zusätzlich einfach das gesamte Verzeichnis "MapsGalaxy_39" unter C löschen?

Und ich habe noch ein ungutes Gefühl. Ich möchte vor allem diese SW komplett deinstallieren und ich weiß nicht, wo sich das Zeug noch eingenistet hat.

Gruss
Chris

Alt 22.05.2014, 20:01   #2
Warlord711
/// TB-Ausbilder
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service





Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________


Alt 23.05.2014, 08:38   #3
polonez
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Hallo,

danke für Deine Antwort.

Hier sind die Logs:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by chris (administrator) on DESKTOP on 23-05-2014 07:16:32
Running from C:\Users\chris\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(BitDefender S.R.L.) C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
(Dialogic) C:\Program Files\Diva Client\DiTask.exe
(Dialogic) C:\Program Files\Diva Client\cgserver.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BitDefender Antiphishing Helper] => C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [71152 2010-01-12] (BitDefender S.R.L.)
HKLM\...\Run: [BDAgent] => C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [1202440 2012-11-02] (BitDefender S.R.L.)
HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [PC Monitor Operations] => C:\Program Files\PC Monitor\pcmontask.exe [518104 2014-05-16] (MMSOFT Design Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {66613c78-da38-11df-a85a-40002c765c04} - G:\AutoRun.exe
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {a095d499-0e8a-11e0-8114-400068d7f60e} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\WISO\Steuersoftware 2014\mshaktuell.exe ()
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm080^LADEDE^de&si=CKbE9sG-vb4CFUn4wgodb2kAGg&ptb=F8CE7C71-C5E9-4E3B-AEA0-8D72CCDDBED4&ind=2014052112&n=780bff10&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF NetworkProxy: "backup.ftp", "72.52.96.51"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.gopher", "72.52.96.51"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "72.52.96.51"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "72.52.96.51"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "69.10.32.154"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "gopher", "69.10.32.154"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "69.10.32.154"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "69.10.32.154"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "69.10.32.154"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @MapsGalaxy_39.com/Plugin - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (Mindspark)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 - d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat - D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: FlashGot - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2) [2010-01-13]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]
FF HKLM\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF Extension: BitDefender Antiphishing Toolbar - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ []
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdtbext\
FF Extension: bdToolbar - C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ []

========================== Services (Whitelisted) =================

S3 Arrakis3; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [183880 2010-01-12] (BitDefender S.R.L. hxxp://www.bitdefender.com)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 LIVESRV; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [310856 2011-03-08] (BitDefender S.R.L.)
S4 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [88648 2014-05-21] (COMPANYVERS_NAME)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [733144 2014-05-16] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [315392 2010-04-01] (S.C. BitDefender S.R.L)
R2 VSSERV; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [1615688 2010-05-05] (BitDefender S.R.L.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 BDFM; C:\Windows\System32\DRIVERS\bdfm.sys [153448 2010-02-10] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 BdfNdisf; C:\Windows\System32\DRIVERS\BdfNdisf6.sys [72784 2010-05-05] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [291352 2010-04-01] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [79952 2010-05-05] (BitDefender LLC)
S3 BDSelfPr; C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys [55936 2010-01-12] (BitDefender)
R2 BDVEDISK; C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [85128 2010-05-05] (BitDefender)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-02-11] (CACE Technologies)
S3 Profos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [14720 2010-01-12] (BitDefender S.R.L.)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] ()
S3 Trufos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [39808 2009-05-07] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 ammgpo41; C:\Windows\system32\Drivers\ammgpo41.sys [0 ] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 07:16 - 2014-05-23 07:16 - 00020002 _____ () C:\Users\chris\Desktop\FRST.txt
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\FRST
2014-05-22 20:31 - 2014-05-22 20:30 - 01056768 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-05-21 21:14 - 2014-05-22 14:32 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ___HD () C:\Program Files\Zero G Registry
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ___HD () C:\Users\chris\InstallAnywhere
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ____D () C:\Program Files\IHMC CmapTools
2014-05-21 18:59 - 2014-05-21 18:59 - 00000000 ____D () C:\Users\chris\AppData\Local\MapsGalaxy_39
2014-05-21 18:59 - 2014-05-21 18:59 - 00000000 ____D () C:\Program Files\MapsGalaxy_39
2014-05-21 18:49 - 2014-05-21 18:49 - 00000021 ____H () C:\Users\chris\Desktop\NewFileTime.ini
2014-05-14 10:53 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:27 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:27 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:27 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:27 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:27 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:27 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:27 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:27 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:27 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:27 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 10:27 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:27 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:27 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 12:10 - 2014-05-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-13 09:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-13 09:35 - 2014-05-13 09:35 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-13 09:35 - 2014-05-13 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 09:35 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-13 09:35 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-13 09:35 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-05 10:14 - 2014-05-05 10:14 - 00199576 _____ () C:\Windows\Minidump\050514-17409-01.dmp
2014-04-29 15:36 - 2014-05-11 21:22 - 00000000 ____D () C:\Users\chris\Desktop\2014-04-29
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieUserList
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieSiteList
2014-04-25 02:16 - 2014-04-25 02:16 - 01070232 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX

==================== One Month Modified Files and Folders =======

2014-05-23 07:16 - 2014-05-23 07:16 - 00020002 _____ () C:\Users\chris\Desktop\FRST.txt
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\FRST
2014-05-23 07:09 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 07:07 - 2009-07-14 06:39 - 00364458 _____ () C:\Windows\setupact.log
2014-05-22 20:46 - 2010-01-11 22:38 - 02045117 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 20:30 - 2014-05-22 20:31 - 01056768 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-05-22 19:15 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 19:06 - 2009-07-14 06:34 - 00016192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 19:06 - 2009-07-14 06:34 - 00016192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 18:59 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 18:59 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-05-22 18:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 14:32 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-05-21 21:26 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-05-21 21:15 - 2010-01-12 00:07 - 01335390 _____ () C:\Windows\PFRO.log
2014-05-21 21:14 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ___HD () C:\Program Files\Zero G Registry
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ___HD () C:\Users\chris\InstallAnywhere
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ____D () C:\Program Files\IHMC CmapTools
2014-05-21 18:59 - 2014-05-21 18:59 - 00000000 ____D () C:\Users\chris\AppData\Local\MapsGalaxy_39
2014-05-21 18:59 - 2014-05-21 18:59 - 00000000 ____D () C:\Program Files\MapsGalaxy_39
2014-05-21 18:49 - 2014-05-21 18:49 - 00000021 ____H () C:\Users\chris\Desktop\NewFileTime.ini
2014-05-18 11:57 - 2010-01-12 21:55 - 00000376 _____ () C:\Users\chris\AppData\Roamingprivacy.xml
2014-05-16 11:51 - 2010-02-01 20:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Canon
2014-05-16 11:15 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-05-14 11:38 - 2010-04-30 13:16 - 00000680 __RSH () C:\Users\chris\ntuser.pol
2014-05-14 11:38 - 2010-01-14 12:31 - 00000000 ___RD () C:\Users\chris\Virtual Machines
2014-05-14 11:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-14 11:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 10:53 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 10:44 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-14 10:44 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 10:39 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 10:36 - 2010-01-11 22:47 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 12:22 - 2011-06-02 22:56 - 00000000 ____D () C:\Users\chris\Documents\Steuer-Sparbuch
2014-05-13 12:13 - 2010-07-21 21:52 - 00001066 _____ () C:\Windows\wiso.ini
2014-05-13 12:10 - 2014-05-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-13 12:10 - 2010-07-21 21:50 - 00000000 ____D () C:\Users\chris\AppData\Local\Buhl
2014-05-13 12:09 - 2010-01-14 09:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-13 09:36 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-13 09:35 - 2014-05-13 09:35 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-13 09:35 - 2014-05-13 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 09:35 - 2013-03-08 08:40 - 00000000 ____D () C:\Program Files\Java
2014-05-12 17:34 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-11 21:22 - 2014-04-29 15:36 - 00000000 ____D () C:\Users\chris\Desktop\2014-04-29
2014-05-11 20:20 - 2014-03-18 19:35 - 00000000 ____D () C:\Users\chris\Documents\Bewerbung
2014-05-10 12:49 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-14 10:27 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 10:27 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:25 - 2014-05-14 10:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 10:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 10:14 - 2014-05-05 10:14 - 00199576 _____ () C:\Windows\Minidump\050514-17409-01.dmp
2014-05-05 10:14 - 2012-12-27 22:15 - 280804184 _____ () C:\Windows\MEMORY.DMP
2014-05-05 10:14 - 2010-02-06 14:10 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 00:55 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieUserList
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieSiteList
2014-04-25 02:16 - 2014-04-25 02:16 - 01070232 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 10:27] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:04

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by chris at 2014-05-23 07:17:07
Running from C:\Users\chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: BitDefender Antivirus (Enabled - Up to date) {982ADE23-275B-0766-37C5-DE01A484098E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BitDefender AntiSpyware (Enabled - Up to date) {234B3FC7-0161-08E8-0D75-E573DF034333}
FW: BitDefender Firewall (Enabled) {A0115F06-6D34-063E-1C9A-77345A574EF5}

==================== Installed Programs ======================

7-Zip 9.13 beta (HKLM\...\7-Zip) (Version:  - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3680FA2A-985F-C55C-36A2-7A4EB281F128}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.4.8696 - )
BitDefender Total Security 2010 (HKLM\...\{8131C63A-3BAF-4522-99B3-37D6CFFF9777}) (Version: 13.0.15 - BitDefender)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0614.2131.36800 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Czech (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Danish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Dutch (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help English (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Finnish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help French (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help German (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Greek (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Italian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Japanese (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Korean (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Polish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Russian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Spanish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Swedish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Thai (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Turkish (Version: 2009.0614.2130.36800 - ATI) Hidden
ccc-core-static (Version: 2009.0614.2131.36800 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0614.2131.36800 - ATI) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
ClipGrab 3.0.7 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder)
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version:  - )
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{341FFD7F-3127-466D-88F7-CE4DE78A48F1}) (Version:  - Microsoft)
devolo Cockpit (HKLM\...\dlancockpit) (Version: 4.2.1.0 - devolo AG)
dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fotobuchexpress24 Bestellsoftware (HKLM\...\Fotobuchexpress24) (Version: 3.2.24 - SSW Software GmbH)
Fotobuchexpress24 Bestellsoftware (Version: 3.2.24 - SSW Software GmbH) Hidden
Freemake Video Converter Version 4.0.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HydraVision (Version: 4.2.108.0 - ATI Technologies Inc.) Hidden
IHMC CmapTools v5.06 (HKLM\...\IHMC CmapTools v5.06) (Version: 5.0.6.0 - Institute for Human & Machine Cognition)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LightScribe System Software (HKLM\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
LiveAdvisor (Symantec Corporation) (HKLM\...\LiveAdvisor) (Version: 1.0.0.691 - Symantec Corporation)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MediaInfo 0.7.29 (HKLM\...\MediaInfo) (Version: 0.7.29 - MediaArea.net)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Mp3tag v2.45a (HKLM\...\Mp3tag) (Version: v2.45a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{b9b1660b-9b41-4d0b-b380-f430397c848d}) (Version:  - Nero AG)
Nero Burning ROM Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.9.100 - Nero AG) Hidden
Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.12.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Vision (Version: 6.4.10.205 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.8.100 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.17.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PC Monitor (HKLM\...\{BB24E9AE-C68B-41E1-B409-810512EFF5EF}) (Version: 2.7.0 - MMSOFT Design)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.75 - ASUSTek)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PQ DVD to iPod Video Suite (remove only) (HKLM\...\PQ_DVD_to_iPod_Video_Suite) (Version:  - )
R-Studio 5.2 (HKLM\...\R-Studio 5.2NSIS) (Version: 5.2.130721 - R-Tools Technology Inc.)
Sandboxie 3.42 (HKLM\...\Sandboxie) (Version:  - )
ScreenManager Pro for LCD (HKLM\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.9.0.1 - EIZO NANAO CORPORATION)
Secure Download Manager (HKLM\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6.0 - Texas Instruments Incorporated)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F6F7CA32-F651-4545-846B-68F5D4F9CA5D}) (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition (HKLM\...\{90150000-0015-0407-0000-0000000FF1CE}_Office15.PROPLUS_{21FB567F-3837-41F1-93CA-EC630A39F5B1}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2760512) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{735F95E9-FA93-4B9D-9FD8-1E70BA41C432}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2760556) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4E4070FA-FD57-4525-B386-654E72B17AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4F307363-49DA-4AE7-9D9D-DAA1FF59274F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6E6B2968-B9D7-40C9-9FC2-8E729DDBB39C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{49893259-C896-4972-9B6C-6B75790945F1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4F8AD68D-9F41-446E-AA81-C43BF88671BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BCD0EA38-A8FB-4F3D-B04E-DFFB38BC7849}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9E03AB38-EF60-4DE6-92FB-656E23403BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E58009CD-D950-4CAE-89B4-E97C3B78319B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{03FC8649-9511-4FB1-BE34-67A442505DCF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{B9DB28D9-15D0-4DDE-A123-C9B82AC9A579}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5EFADE14-CE0B-43BF-ADD2-850FCB79485F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{8E942418-D7DE-48A4-8210-AD994006EFAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{C5CF8938-646A-41A5-A4E6-6EEE4205CBA4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96754DD8-5AF9-4CF8-A5A9-19770CD9AFBC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8AEAF88E-A488-4C1E-B10D-F00143BA650F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2768011) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{C72E5FFA-67C2-4800-A004-23540A3ADE78}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2768011) 32-Bit Edition (HKLM\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.PROPLUS_{47018C45-46C8-4160-ADA7-04D7E195B2B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUS_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66B8CE1E-CAD9-4132-A67C-AE3472B864AD}) (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (HKLM\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.PROPLUS_{A499C133-698D-430B-970B-E5E2ABB28930}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2752018) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C785C90-3A61-47FE-A59F-CC896E87CACD}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9CEFDC22-A298-451A-905E-28E42B90A563}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
v2011.build.44 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.44 - eRightSoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WEB Partner (HKLM\...\WEB Partner) (Version: TOOL-ConnLaucher_WIN1.01.01.00 - Huawei Technologies Co.,Ltd)
Winamp (HKLM\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Anwendungserkennung (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}) (Version: 14.0.8708 - WinZip Computing, S.L. )
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{6C51B615-4FB7-47E2-9838-98C9D291B096}) (Version: 21.01.8499 - Buhl Data Service GmbH)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 5.1.26.1231 - Xilisoft)

==================== Restore Points  =========================

22-05-2014 23:57:45 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2010-01-13 11:30 17:35 - 00000883 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15F0F1EC-321D-4630-B2D6-7718DF8EAF8D} - System32\Tasks\AdobeAAMUpdater-1.0-desktop-chris => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {5848E516-C8B1-4827-87C4-6C5677EDBEC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {9421406F-3FE1-4691-9041-D1A29A92176F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {9BE591D2-494F-4869-A7E7-DC0056381811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {A792A63D-9DC0-4495-9F13-B9B1614F65A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B01A6C5E-8A60-4EB0-A28E-67129F8A1815} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()
Task: {B01A90CF-4B07-4B22-AEB1-B52DEC298006} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FB2AC347-029B-4045-8265-442FE93F62EF} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-01-15 14:45 - 2009-01-15 14:45 - 00181248 _____ () C:\Program Files\Common Files\BitDefender\BitDefender Update Service\txmlutil.dll
2010-01-12 00:04 - 2010-01-12 00:04 - 00094720 _____ () C:\Program Files\BitDefender\BitDefender 2010\framework.dll
2009-01-15 14:45 - 2009-01-15 14:45 - 00181248 _____ () C:\Windows\system32\txmlutil.dll
2010-01-12 00:04 - 2010-01-12 00:04 - 00053248 _____ () C:\Program Files\BitDefender\BitDefender 2010\strdecoder.dll
2010-01-12 00:04 - 2010-01-12 00:04 - 00060416 _____ () C:\Program Files\BitDefender\BitDefender 2010\scansp.dll
2010-01-12 00:03 - 2010-05-10 18:46 - 00203776 _____ () C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\smartscn.dll
2010-01-12 00:04 - 2010-01-12 00:04 - 00019456 _____ () C:\Program Files\BitDefender\BitDefender 2010\knownfilessp.dll
2010-01-12 00:04 - 2010-01-12 00:04 - 00014336 _____ () C:\Program Files\BitDefender\BitDefender 2010\smartscnal.dll
2010-01-12 00:04 - 2010-01-12 00:04 - 00028160 _____ () C:\Program Files\BitDefender\BitDefender 2010\procinfo.dll
2010-04-01 16:18 - 2010-04-01 16:18 - 00282624 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpab.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 00372736 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpbr.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 00249856 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpdsp.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 01351680 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpf.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 01482752 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpph.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 00294912 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpphar.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 00417792 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttprbl.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 00217088 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttprtsr.mdl
2010-04-01 16:18 - 2010-04-01 16:18 - 00274432 _____ () C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpws.mdl
2010-01-12 00:04 - 2010-01-12 00:04 - 00009728 _____ () C:\Program Files\BitDefender\BitDefender 2010\DEU\IMSecurityAL.ui
2010-01-12 00:05 - 2010-01-12 00:05 - 00013312 _____ () C:\Program Files\BitDefender\BitDefender 2010\fwLibrary.dll
2007-04-18 18:11 - 2007-04-18 18:11 - 00196608 _____ () C:\Program Files\BitDefender\BitDefender 2010\libexpatw.dll
2010-01-29 16:17 - 2010-01-29 16:17 - 00036864 _____ () C:\Program Files\BitDefender\BitDefender 2010\midasal.dll
2010-02-10 17:32 - 2010-09-20 17:39 - 00066608 _____ () C:\Program Files\BitDefender\BitDefender 2010\midasdp.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-14 00:16 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2013-05-19 10:50 - 2009-02-27 17:39 - 00019968 _____ () D:\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2010-01-21 22:55 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2008-12-10 12:19 - 2008-12-10 12:19 - 00430080 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-04 21:35 - 2010-02-04 21:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MapsGalaxy_39Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => D:\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: CallGuard => C:\Program Files\Diva Client\cgserver.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
MSCONFIG\startupreg: DiTask => C:\Program Files\Diva Client\ditask.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\chris\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MapsGalaxy EPM Support => "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Mobile Partner => D:\WEB Partner\WEB Partner
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "d:\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: ScreenManager Pro for LCD => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2014 07:07:48 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/23/2014 05:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST.exe, Version: 21.5.2014.0, Zeitstempel: 0x537c6f4a
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000485fe
ID des fehlerhaften Prozesses: 0x134c
Startzeit der fehlerhaften Anwendung: 0xFRST.exe0
Pfad der fehlerhaften Anwendung: FRST.exe1
Pfad des fehlerhaften Moduls: FRST.exe2
Berichtskennung: FRST.exe3

Error: (05/23/2014 05:11:10 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/23/2014 00:17:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 08:28:00 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 08:17:41 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 02:26:11 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 06:21:56 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/21/2014 09:16:10 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (05/21/2014 07:36:22 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Sie halten die STRG-TASTE gedrückt. Möchten Sie Word im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Word.


System errors:
=============
Error: (05/22/2014 06:10:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/21/2014 09:25:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MapsGalaxyService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2014 04:00:50 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/21/2014 09:03:33 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.

Error: (05/21/2014 09:03:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.

Error: (05/21/2014 09:03:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.

Error: (05/21/2014 09:03:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.

Error: (05/19/2014 09:34:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/18/2014 00:12:06 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/16/2014 11:40:04 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BF9A1D09-1AB3-4332-931C-7C1BC77E809-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (05/23/2014 07:07:48 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/23/2014 05:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe21.5.2014.0537c6f4aole32.dll6.1.7601.175144ce7b96fc0000005000485fe134c01cf75e0b215f877C:\Users\chris\Desktop\FRST.exeC:\Windows\system32\ole32.dlleb92ffb6-e227-11e3-a5b1-400021353efa

Error: (05/23/2014 05:11:10 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/23/2014 00:17:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 08:28:00 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 08:17:41 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 02:26:11 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/22/2014 06:21:56 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (05/21/2014 09:16:10 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (05/21/2014 07:36:22 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft WordSie halten die STRG-TASTE gedrückt. Möchten Sie Word im abgesicherten Modus starten?


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 3327.18 MB
Available physical RAM: 2442.83 MB
Total Pagefile: 6652.65 MB
Available Pagefile: 5201.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.65 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:100 GB) (Free:51.98 GB) NTFS
Drive d: (PROGRAMME) (Fixed) (Total:146.48 GB) (Free:65.42 GB) NTFS
Drive e: (HDD) (Fixed) (Total:684.93 GB) (Free:586.54 GB) NTFS
Drive f: (BACKUP) (Fixed) (Total:100.15 GB) (Free:20.13 GB) NTFS
Drive g: (150GB) (Fixed) (Total:149.05 GB) (Free:28.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F4B3C6F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=685 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 38A54CC0)
Partition 1: (Active) - (Size=478 MB) - (Type=83)
Partition 2: (Not Active) - (Size=2 GB) - (Type=82)
Partition 3: (Not Active) - (Size=47 GB) - (Type=83)
Partition 4: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0B1D0B1)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 23.05.2014, 12:01   #4
Warlord711
/// TB-Ausbilder
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Ich hab die Logs angeschaut und ich hätte zuerst eine Frage:

Gibt es für einen User eine zeitliche Nutzungsbegrenzung für den Rechner z.b. in Form einer Kindersicherung ?

Ansonsten hab ich noch Proxyeinstellungen gefunden im Firefox, die auf einen Server in den Staaten zeigen. Ich gehe stark davon aus, das diese ungewollt sind, daher entferne ich sie mit dem Fix in Schritt 1.


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
FF NetworkProxy: "backup.ftp", "72.52.96.51"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.gopher", "72.52.96.51"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "72.52.96.51"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "72.52.96.51"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "69.10.32.154"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "gopher", "69.10.32.154"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "69.10.32.154"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "69.10.32.154"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "69.10.32.154"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 4

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 5
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.


Bitte poste mir in deiner Antwort:
  • Kurze Antwort ob Kindersicherung oder Nutzereinschränkung legitim
  • Fixlog.txt vom FRST Fix
  • AdwCleaner Log
  • JRT Log
  • MBAM Log
  • frisches FRST Log

Alt 23.05.2014, 15:52   #5
polonez
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



So, es war viel Arbeit. Ich hoffe, ich habe alles richtig gemacht.

Also es gibt einen zweiten Useraccount auf dem PC namens "lan".
Unter Bitdefender gibt es eine Möglichkeit, eine Kindersicherung/-Schutz für einzelne Clients einzurichten.
Diese ist für den User "lan" aktiv. Das müsste auch der Grund sein für diese Nutzungsbegrenzung.
FRAGE: Wo erkennt man in den Logs diese Beschränkung?

Proxy unter Firefox habe ich in der Vergangenheit selbst eingestellt.
Diese ist aktuell nicht aktiv, sondern grau hinterlegt (IP aus USA).
Diese Werte hat FRST trotzdem noch ausgelesen.

FRAGE: Warum hat AdwCleaner nichts beim IE gefunden?

Hier die einzelne Logs:
FIXLOG.TXT:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-05-2014
Ran by chris at 2014-05-23 12:35:48 Run:1
Running from C:\Users\chris\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
FF NetworkProxy: "backup.ftp", "72.52.96.51"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.gopher", "72.52.96.51"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "72.52.96.51"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "72.52.96.51"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "69.10.32.154"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "gopher", "69.10.32.154"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "69.10.32.154"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "69.10.32.154"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "69.10.32.154"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => Value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.

==== End of Fixlog ====
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 23/05/2014 um 12:52:35
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : chris - DESKTOP
# Gestartet von : C:\Users\chris\Desktop\B. adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : MapsGalaxy_39Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\mapsgalaxy_39
Ordner Gelöscht : C:\Users\chris\AppData\Local\mapsgalaxy_39
Ordner Gelöscht : C:\Users\chris\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\chris\AppData\LocalLow\mapsgalaxy_39
Ordner Gelöscht : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Allin1Convert_8h
Ordner Gelöscht : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader71282_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader71282_RASMANCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\Software\MapsGalaxy_39

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.playermp3", "C:\\Program Files\\Winamp\\winamp.exe");
Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Zeile gelöscht : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");

*************************

AdwCleaner[R0].txt - [3060 octets] - [23/05/2014 12:47:25]
AdwCleaner[S0].txt - [2985 octets] - [23/05/2014 12:52:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3045 octets] ##########
         
FRAGE: Warum hat AdwCleaner nichts beim IE gefunden?

Junkware Removal Tool:
JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by chris on 23.05.2014 at 13:04:36,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\chris\AppData\Roaming\thinstall"



~~~ FireFox

Successfully deleted the following from C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\prefs.js

user_pref("flagfox.actions", "[{\"name\":\"Geotool\",\"template\":\"hxxp://geo.flagfox.net/?ip={IPaddress}&host={domainName}\",\"iconclick\":\"click\",\"hotkey\":{\"mods\":\"c
Emptied folder: C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\minidumps [290 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2014 at 13:07:07,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Malwarebytes Anti-Malware :
mbam.txt
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.05.2014
Suchlauf-Zeit: 14:06:01
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.23.07
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: chris

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 247039
Verstrichene Zeit: 9 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by chris (administrator) on DESKTOP on 23-05-2014 15:07:36
Running from C:\Users\chris\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(BitDefender S.R.L.) C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
(Dialogic) C:\Program Files\Diva Client\DiTask.exe
(Dialogic) C:\Program Files\Diva Client\cgserver.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BitDefender Antiphishing Helper] => C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [71152 2010-01-12] (BitDefender S.R.L.)
HKLM\...\Run: [BDAgent] => C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [1202440 2012-11-02] (BitDefender S.R.L.)
HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [PC Monitor Operations] => C:\Program Files\PC Monitor\pcmontask.exe [518104 2014-05-16] (MMSOFT Design Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {66613c78-da38-11df-a85a-40002c765c04} - G:\AutoRun.exe
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {a095d499-0e8a-11e0-8114-400068d7f60e} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\WISO\Steuersoftware 2014\mshaktuell.exe ()
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 - d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat - D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]
FF HKLM\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF Extension: BitDefender Antiphishing Toolbar - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ []
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdtbext\
FF Extension: bdToolbar - C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ []

========================== Services (Whitelisted) =================

S3 Arrakis3; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [183880 2010-01-12] (BitDefender S.R.L. hxxp://www.bitdefender.com)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 LIVESRV; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [310856 2011-03-08] (BitDefender S.R.L.)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [733144 2014-05-16] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [315392 2010-04-01] (S.C. BitDefender S.R.L)
R2 VSSERV; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [1615688 2010-05-05] (BitDefender S.R.L.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 BDFM; C:\Windows\System32\DRIVERS\bdfm.sys [153448 2010-02-10] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 BdfNdisf; C:\Windows\System32\DRIVERS\BdfNdisf6.sys [72784 2010-05-05] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [291352 2010-04-01] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [79952 2010-05-05] (BitDefender LLC)
S3 BDSelfPr; C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys [55936 2010-01-12] (BitDefender)
R2 BDVEDISK; C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [85128 2010-05-05] (BitDefender)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-02-11] (CACE Technologies)
S3 Profos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [14720 2010-01-12] (BitDefender S.R.L.)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] ()
S3 Trufos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [39808 2009-05-07] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 aouigsy1; C:\Windows\system32\Drivers\aouigsy1.sys [0 ] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 15:02 - 2014-05-23 15:02 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt
2014-05-23 14:03 - 2014-05-23 14:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 14:02 - 2014-05-23 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-23 14:02 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-23 14:02 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-23 14:02 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 13:07 - 2014-05-23 13:07 - 00004496 _____ () C:\Users\chris\Desktop\JRT.txt
2014-05-23 13:04 - 2014-05-23 13:04 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 13:00 - 2014-05-23 13:00 - 00003125 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt
2014-05-23 12:47 - 2014-05-23 12:52 - 00000000 ____D () C:\AdwCleaner
2014-05-23 12:47 - 2014-05-23 12:47 - 00000569 _____ () C:\Users\chris\Desktop\1.txt
2014-05-23 12:39 - 2014-05-23 12:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\chris\Desktop\Malwarebytes Anti-Malware_mbam-setup-2.0.2.1012.exe
2014-05-23 12:37 - 2014-05-22 19:43 - 01016261 _____ (Thisisu) C:\Users\chris\Desktop\C. JRT (Junkware Removal Tool ).exe
2014-05-23 12:37 - 2014-05-22 19:33 - 01326389 _____ () C:\Users\chris\Desktop\B. adwcleaner_3.210.exe
2014-05-23 07:17 - 2014-05-23 08:22 - 00044591 _____ () C:\Users\chris\Desktop\Addition.txt
2014-05-23 07:16 - 2014-05-23 15:07 - 00018486 _____ () C:\Users\chris\Desktop\FRST.txt
2014-05-23 07:16 - 2014-05-23 15:07 - 00000000 ____D () C:\FRST
2014-05-22 20:31 - 2014-05-22 20:30 - 01056768 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-05-21 21:14 - 2014-05-22 14:32 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ___HD () C:\Program Files\Zero G Registry
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ___HD () C:\Users\chris\InstallAnywhere
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ____D () C:\Program Files\IHMC CmapTools
2014-05-21 18:49 - 2014-05-21 18:49 - 00000021 ____H () C:\Users\chris\Desktop\NewFileTime.ini
2014-05-14 10:53 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:27 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:27 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:27 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:27 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:27 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:27 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:27 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:27 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:27 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:27 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 10:27 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:27 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:27 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 12:10 - 2014-05-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-13 09:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-13 09:35 - 2014-05-13 09:35 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-13 09:35 - 2014-05-13 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 09:35 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-13 09:35 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-13 09:35 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-05 10:14 - 2014-05-05 10:14 - 00199576 _____ () C:\Windows\Minidump\050514-17409-01.dmp
2014-04-29 15:36 - 2014-05-11 21:22 - 00000000 ____D () C:\Users\chris\Desktop\2014-04-29
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieUserList
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieSiteList
2014-04-25 02:16 - 2014-04-25 02:16 - 01070232 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX

==================== One Month Modified Files and Folders =======

2014-05-23 15:07 - 2014-05-23 07:16 - 00018486 _____ () C:\Users\chris\Desktop\FRST.txt
2014-05-23 15:07 - 2014-05-23 07:16 - 00000000 ____D () C:\FRST
2014-05-23 15:02 - 2014-05-23 15:02 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt
2014-05-23 14:41 - 2010-01-11 22:38 - 01450825 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 14:09 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 14:04 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 14:02 - 2014-05-23 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-23 14:02 - 2012-06-12 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-23 13:07 - 2014-05-23 13:07 - 00004496 _____ () C:\Users\chris\Desktop\JRT.txt
2014-05-23 13:04 - 2014-05-23 13:04 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 13:01 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 13:01 - 2009-07-14 06:34 - 00016192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 13:01 - 2009-07-14 06:34 - 00016192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 13:00 - 2014-05-23 13:00 - 00003125 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt
2014-05-23 12:55 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-23 12:54 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-05-23 12:54 - 2010-01-12 00:07 - 01335704 _____ () C:\Windows\PFRO.log
2014-05-23 12:54 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 12:54 - 2009-07-14 06:39 - 00364682 _____ () C:\Windows\setupact.log
2014-05-23 12:53 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-05-23 12:52 - 2014-05-23 12:47 - 00000000 ____D () C:\AdwCleaner
2014-05-23 12:47 - 2014-05-23 12:47 - 00000569 _____ () C:\Users\chris\Desktop\1.txt
2014-05-23 12:38 - 2014-05-23 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\chris\Desktop\Malwarebytes Anti-Malware_mbam-setup-2.0.2.1012.exe
2014-05-23 08:22 - 2014-05-23 07:17 - 00044591 _____ () C:\Users\chris\Desktop\Addition.txt
2014-05-22 20:30 - 2014-05-22 20:31 - 01056768 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-05-22 19:43 - 2014-05-23 12:37 - 01016261 _____ (Thisisu) C:\Users\chris\Desktop\C. JRT (Junkware Removal Tool ).exe
2014-05-22 19:33 - 2014-05-23 12:37 - 01326389 _____ () C:\Users\chris\Desktop\B. adwcleaner_3.210.exe
2014-05-22 14:32 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-05-21 21:14 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ___HD () C:\Program Files\Zero G Registry
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ___HD () C:\Users\chris\InstallAnywhere
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ____D () C:\Program Files\IHMC CmapTools
2014-05-21 18:49 - 2014-05-21 18:49 - 00000021 ____H () C:\Users\chris\Desktop\NewFileTime.ini
2014-05-18 11:57 - 2010-01-12 21:55 - 00000376 _____ () C:\Users\chris\AppData\Roamingprivacy.xml
2014-05-16 11:51 - 2010-02-01 20:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Canon
2014-05-16 11:15 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-05-14 11:38 - 2010-04-30 13:16 - 00000680 __RSH () C:\Users\chris\ntuser.pol
2014-05-14 11:38 - 2010-01-14 12:31 - 00000000 ___RD () C:\Users\chris\Virtual Machines
2014-05-14 11:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-14 11:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 10:53 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 10:44 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-14 10:44 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 10:39 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 10:36 - 2010-01-11 22:47 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 12:22 - 2011-06-02 22:56 - 00000000 ____D () C:\Users\chris\Documents\Steuer-Sparbuch
2014-05-13 12:13 - 2010-07-21 21:52 - 00001066 _____ () C:\Windows\wiso.ini
2014-05-13 12:10 - 2014-05-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-13 12:10 - 2010-07-21 21:50 - 00000000 ____D () C:\Users\chris\AppData\Local\Buhl
2014-05-13 12:09 - 2010-01-14 09:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-13 09:36 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-13 09:35 - 2014-05-13 09:35 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-13 09:35 - 2014-05-13 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 09:35 - 2013-03-08 08:40 - 00000000 ____D () C:\Program Files\Java
2014-05-12 17:34 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-23 14:02 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-23 14:02 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-23 14:02 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 21:22 - 2014-04-29 15:36 - 00000000 ____D () C:\Users\chris\Desktop\2014-04-29
2014-05-11 20:20 - 2014-03-18 19:35 - 00000000 ____D () C:\Users\chris\Documents\Bewerbung
2014-05-10 12:49 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-14 10:27 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 10:27 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:25 - 2014-05-14 10:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 10:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 10:14 - 2014-05-05 10:14 - 00199576 _____ () C:\Windows\Minidump\050514-17409-01.dmp
2014-05-05 10:14 - 2012-12-27 22:15 - 280804184 _____ () C:\Windows\MEMORY.DMP
2014-05-05 10:14 - 2010-02-06 14:10 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 00:55 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieUserList
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieSiteList
2014-04-25 02:16 - 2014-04-25 02:16 - 01070232 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX

Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 10:27] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Geändert von polonez (23.05.2014 um 15:53 Uhr) Grund: Rechtschreibfehler

Alt 24.05.2014, 12:01   #6
Warlord711
/// TB-Ausbilder
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Zitat:
FRAGE: Wo erkennt man in den Logs diese Beschränkung?
Das ist geheim

Code:
ATTFilter
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION
         
Zitat:
FRAGE: Warum hat AdwCleaner nichts beim IE gefunden?
Auch Adware ändert ihr Verhalten von Zeit zu Zeit, bzw. die "Entwickler" bringen eine neue Version heraus, an der etwas geändert wurde. Änderungen werden aber schnell von den Entwicklern der Bereinigungstools erfasst.


Jetzt machen wir noch einen finalen Scan:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 24.05.2014, 20:13   #7
polonez
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Hallo,

hier der Log des Onlinescanners:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ae781b897a7d694fa24331e53078b6e6
# engine=18396
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-24 04:53:04
# local_time=2014-05-24 06:53:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 26628074 152581575 0 0
# scanned=284306
# found=82
# cleaned=0
# scan_time=7745
sh=1A401BBE5BA7C679A6B56A2F335D8AF67A063C4A ft=1 fh=22f921539bef2c08 vn="möglicherweise Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mapsgalaxy_39\bar\1.bin\39skin.dll.vir"
sh=F76EBFB49A14135188A858A9A19ADE33D841FAD9 ft=1 fh=fd6523e46258979f vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mapsgalaxy_39\bar\1.bin\AppIntegrator64.exe.vir"
sh=385877E899E02E0F9C551D5B3293270C5FEB9D6B ft=1 fh=fc49323ed3498cd9 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mapsgalaxy_39\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=E9C0F7642BFDCA4F304679F44A2351765D25D7E3 ft=1 fh=df272951a00ae964 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mapsgalaxy_39\bar\1.bin\ASSISTMONITOR64.DLL.vir"
sh=5B52C97808B05C61C42C660EF788C6E30E9956D1 ft=1 fh=3bd8668ff345b3ba vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir"
sh=C0F1C1AD7E3E71F00D10961BF88368998314C8B5 ft=1 fh=1104306037fac477 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir"
sh=2C88C56E84FB90C27DA50DF87011A98C77362B19 ft=1 fh=054dd36e0a8ce909 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mapsgalaxy_39\bar\1.bin\Hpg64.dll.vir"
sh=5AD7233AC22C9F89993E9A3E0564FADFC82778EA ft=1 fh=188f12da8b91400d vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\chris\Desktop\registrybooster.exe"
sh=13287F94C77CE22E0C11855F6DD07512CC74C105 ft=1 fh=080273d70ec48dd3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\AVIs\PS3\FreeStudio.exe"
sh=EDCD66FBCD2B314E055BA2D8302DFE8E4E88EADE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="G:\artur\artur.rar"
sh=E6BC1B967BD3D84F7FC7696D90D85E17E7E0369C ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\w3180680n.php"
sh=F5F0CB62EE147DC1C28875766BCEC6E4426E2E31 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\wp-conf.php"
sh=FC66EC1461ADC38727874058C23795126298F4BE ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\wp-conf_root.php"
sh=FD6228289E35D9FF8661C3CD2F800880AB175483 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\wthm4323g.php"
sh=DE667BAF41E0FF33D1DC2CB30730BA3EBC21778A ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="G:\artur\web\INSTALL.php"
sh=2E09C809D88F324B39703760E76B32CC5E722D0E ft=0 fh=0000000000000000 vn="PHP/Small.NAQ Trojaner" ac=I fn="G:\artur\web\isszdz.php"
sh=CC15D453332C06BA615401645D7AF7B20107D48C ft=0 fh=0000000000000000 vn="PHP/WebShell.NAG Trojaner" ac=I fn="G:\artur\web\tmplist.php"
sh=BBA2792A4822ED80D80953521ECCD28359D483DA ft=0 fh=0000000000000000 vn="PHP/WebShell.NBV Trojaner" ac=I fn="G:\artur\web\VsPXDgb.php"
sh=875DB0B9076BF3577A2D85785D164311EE67BDA1 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\w1287895n.php"
sh=E6BC1B967BD3D84F7FC7696D90D85E17E7E0369C ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\w3180680n.php"
sh=F5F0CB62EE147DC1C28875766BCEC6E4426E2E31 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\wp-conf.php"
sh=FD6228289E35D9FF8661C3CD2F800880AB175483 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\wthm4323g.php"
sh=EE309498ADC771087F0F5522F9F90719A1BCE94F ft=0 fh=0000000000000000 vn="PHP/Agent.NCQ Trojaner" ac=I fn="G:\artur\web\administrator\3Xxmlrpc.php"
sh=A34A94B3674B7DDA754620F56DA55CDED6F25484 ft=0 fh=0000000000000000 vn="PHP/WebShell.NAG Trojaner" ac=I fn="G:\artur\web\administrator\awishlist.php"
sh=6CDC8F50F25B7FDA326BF2CCD79AF4F9D42B3D94 ft=0 fh=0000000000000000 vn="PHP/Agent.BV Trojaner" ac=I fn="G:\artur\web\administrator\news8lbB.php"
sh=A34A94B3674B7DDA754620F56DA55CDED6F25484 ft=0 fh=0000000000000000 vn="PHP/WebShell.NAG Trojaner" ac=I fn="G:\artur\web\administrator\Ninfo.php"
sh=6CDC8F50F25B7FDA326BF2CCD79AF4F9D42B3D94 ft=0 fh=0000000000000000 vn="PHP/Agent.BV Trojaner" ac=I fn="G:\artur\web\administrator\statsI5.php"
sh=EE309498ADC771087F0F5522F9F90719A1BCE94F ft=0 fh=0000000000000000 vn="PHP/Agent.NCQ Trojaner" ac=I fn="G:\artur\web\administrator\zLssl.php"
sh=64F85C12D6D2F24ADEE6E8DB9FB4DD0796561226 ft=0 fh=0000000000000000 vn="PHP/Agent.NCO Trojaner" ac=I fn="G:\artur\web\administrator\components\com_banners\controllers\users.php"
sh=2136C0877799F599DF00CDF670E58560B8EEBC70 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\administrator\components\com_securityimages\logo\com_securityimages.jpg"
sh=E192FD38522A15185386E624F069E50DCC7EA9B1 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\administrator\components\com_securityimages\logo\demo2.waltercedric.com.jpg"
sh=CF53ABB01D253CD87282C248AC3E975330E7DADD ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\administrator\components\com_securityimages\logo\hncaptha1.0.jpg"
sh=DD2EF700CBDCE28130F9B49D74820006D770B137 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\administrator\components\com_securityimages\selenium\1vx1lm.php"
sh=6652F9D00E335E7AD1EC78C01F5685C1CB794BC2 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\administrator\templates\khepri\images\j_joomla_box.jpg"
sh=64F85C12D6D2F24ADEE6E8DB9FB4DD0796561226 ft=0 fh=0000000000000000 vn="PHP/Agent.NCO Trojaner" ac=I fn="G:\artur\web\components\com_media\movie.php"
sh=BD7DAB509BF9D567517A7625BC14D947BD8E58B8 ft=0 fh=0000000000000000 vn="PHP/Small.NAT Trojaner" ac=I fn="G:\artur\web\images\hb5ar.php"
sh=64F85C12D6D2F24ADEE6E8DB9FB4DD0796561226 ft=0 fh=0000000000000000 vn="PHP/Agent.NCO Trojaner" ac=I fn="G:\artur\web\images\banners\movie.php"
sh=7F3C56BD8AE8577140CC2634F84E7045E651C5E4 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\banners\shop-ad-books.jpg"
sh=E86572A3131F95BC0A6DE0DCAD97D42165AD9BF4 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\banners\shop-ad.jpg"
sh=F0D72C1842477E0FAA592E6A95CE5EC9FA21B383 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\014.jpg"
sh=41563CC5FDAFE1AB9C53B9B4E65685985163B0AA ft=0 fh=0000000000000000 vn="PHP/Small.NAT Trojaner" ac=I fn="G:\artur\web\images\stories\8n8z8.php"
sh=52B25E50DB4E5D8BC865349AFAED9901462B2F1A ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\articles.jpg"
sh=E266F0DB49A15235594A3B139A00A050B70F6FB3 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\haus1.jpg"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i1288mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i1400mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i2043mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i3015mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i3360mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i3746mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i3985mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i4525mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i4729mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i4875mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i5204mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i5574mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i5581mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i6447mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i6756mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i6761mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i7093mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i7511mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i7612mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i7742mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i8614mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i9026mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i9030mg.gif"
sh=175B2C9CBF9BB864C65F34155DE64F41A99A0EEB ft=0 fh=0000000000000000 vn="PHP/Small.NAR Trojaner" ac=I fn="G:\artur\web\images\stories\i9420mg.gif"
sh=6153A9D6380C74FD76AFE0BDD4A2AA5B0EB74E62 ft=0 fh=0000000000000000 vn="PHP/Agent.NCO Trojaner" ac=I fn="G:\artur\web\images\stories\movie.php"
sh=B09AC26EC49175A435A813ACA23282788984CB75 ft=0 fh=0000000000000000 vn="PHP/Agent.NDK Trojaner" ac=I fn="G:\artur\web\images\stories\mua.gif"
sh=A4A893825F4F9DEC211B9AE6D2341666404E0B62 ft=0 fh=0000000000000000 vn="PHP/Agent.NDK Trojaner" ac=I fn="G:\artur\web\images\stories\muakero.php"
sh=58D96AB4877B635045ECE69F8D823A03E13BD5F2 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\pastarchives.jpg"
sh=CD98CE4077C5B37AB971BE6DAEBB727C4EB10DC0 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\renovier1.jpg"
sh=B8DEC373F057143F906472BDB44565EC6AA82240 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\web_links.jpg"
sh=E674B96A6631752AFB7953D4D7F074FE81401C17 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\food\bun.jpg"
sh=56A59DA92D90A27D2B19AE81BA845FADD889E41E ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\food\coffee.jpg"
sh=9F7AA8877AFD83389C55ADC518A7F245FB3930F4 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\food\milk.jpg"
sh=242BA18E4B5E546DF2679E58DBB15447CAF211B9 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\images\stories\fruit\strawberry.jpg"
sh=5C38F78C906118902827B3A637765B29183C68B5 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\media\com_securityimages\backgrounds\ht_freecap_im4.jpg"
sh=64F85C12D6D2F24ADEE6E8DB9FB4DD0796561226 ft=0 fh=0000000000000000 vn="PHP/Agent.NCO Trojaner" ac=I fn="G:\artur\web\modules\mod_wrapper\mod.php"
sh=64F85C12D6D2F24ADEE6E8DB9FB4DD0796561226 ft=0 fh=0000000000000000 vn="PHP/Agent.NCO Trojaner" ac=I fn="G:\artur\web\plugins\search\movie.php"
sh=71F6F9F4082B2643E91912F5A4FF06BD2BDD3B36 ft=0 fh=0000000000000000 vn="PHP/Small.NAY.Gen Trojaner" ac=I fn="G:\artur\web\templates\ja_purity\images\header\header3.jpg"
sh=41563CC5FDAFE1AB9C53B9B4E65685985163B0AA ft=0 fh=0000000000000000 vn="PHP/Small.NAT Trojaner" ac=I fn="G:\artur\web\tmp\4104i.php"
         
Frage: Im Verzeichnis "G:\artur" liegt lediglich ein Quellcode einer Website. Warum soll es gefährlich sein?

Alt 25.05.2014, 14:43   #8
Warlord711
/// TB-Ausbilder
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Es hat niemand gesagt, das die Sachen gefährlich sind.
Und ohne die fraglichen .php Dateien näher zu analysieren, kann es auch Fehlalarm sein.

Wobei die .php Dateien teilweise sehr zufällige Namen haben. (Siehe Code Box) Sieht für mich auch erstmal seltsam aus, evtl. eine zuvor gekaperte Webseite gesichert, die munter Schadsoftware verteilte ?

Code:
ATTFilter
sh=E6BC1B967BD3D84F7FC7696D90D85E17E7E0369C ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\w3180680n.php"
sh=FD6228289E35D9FF8661C3CD2F800880AB175483 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\wthm4323g.php"
sh=BBA2792A4822ED80D80953521ECCD28359D483DA ft=0 fh=0000000000000000 vn="PHP/WebShell.NBV Trojaner" ac=I fn="G:\artur\web\VsPXDgb.php"
sh=875DB0B9076BF3577A2D85785D164311EE67BDA1 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\w1287895n.php"
sh=E6BC1B967BD3D84F7FC7696D90D85E17E7E0369C ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\w3180680n.php"
sh=FD6228289E35D9FF8661C3CD2F800880AB175483 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E evtl. unerwünschte Anwendung" ac=I fn="G:\artur\web\wthm4323g.php"
         
Da kommt man wohl um eine genaue Analyse der .php Dateien nicht herum. Der Webmaster sollte sich an den Entwickler der .php Scripte wenden oder bei ausreichenden Kenntnissen, diese selbst analysieren.

Man kann die .php Dateien auch seinem Antivirensoftware-Anbieter zuschicken. In der Regel bekommt man dann innerhalb einiger Tage eine Antwort.


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\chris\Desktop\registrybooster.exe
F:\AVIs\PS3\FreeStudio.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Damit ist auch der Rest weg.

FRST und Co. entfernen:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




FreeStudio hatte AdWare an Bord.

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall RegistryBooster.exe.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
zu deinstallieren.

Alt 25.05.2014, 16:47   #9
polonez
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Hallo,

die beiden Files:

C:\Users\chris\Desktop\registrybooster.exe
F:\AVIs\PS3\FreeStudio.exe

habe ich nie installiert.
Das waren nur Installationsdateien, die ich nicht ausgeführt habe.
Jetzt sind sie aber gelöscht:-)


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 01
Ran by chris (administrator) on DESKTOP on 25-05-2014 16:32:03
Running from C:\Users\chris\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(BitDefender S.R.L.) C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
(Dialogic) C:\Program Files\Diva Client\DiTask.exe
(Dialogic) C:\Program Files\Diva Client\cgserver.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BitDefender Antiphishing Helper] => C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [71152 2010-01-12] (BitDefender S.R.L.)
HKLM\...\Run: [BDAgent] => C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [1202440 2012-11-02] (BitDefender S.R.L.)
HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [PC Monitor Operations] => C:\Program Files\PC Monitor\pcmontask.exe [518104 2014-05-16] (MMSOFT Design Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {66613c78-da38-11df-a85a-40002c765c04} - G:\AutoRun.exe
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {a095d499-0e8a-11e0-8114-400068d7f60e} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\WISO\Steuersoftware 2014\mshaktuell.exe ()
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 - d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat - D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]
FF HKLM\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF Extension: BitDefender Antiphishing Toolbar - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ []
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdtbext\
FF Extension: bdToolbar - C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ []

========================== Services (Whitelisted) =================

S3 Arrakis3; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [183880 2010-01-12] (BitDefender S.R.L. hxxp://www.bitdefender.com)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 LIVESRV; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [310856 2011-03-08] (BitDefender S.R.L.)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [733144 2014-05-16] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [315392 2010-04-01] (S.C. BitDefender S.R.L)
R2 VSSERV; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [1615688 2010-05-05] (BitDefender S.R.L.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 BDFM; C:\Windows\System32\DRIVERS\bdfm.sys [153448 2010-02-10] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 BdfNdisf; C:\Windows\System32\DRIVERS\BdfNdisf6.sys [72784 2010-05-05] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [291352 2010-04-01] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [79952 2010-05-05] (BitDefender LLC)
S3 BDSelfPr; C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys [55936 2010-01-12] (BitDefender)
R2 BDVEDISK; C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [85128 2010-05-05] (BitDefender)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-02-11] (CACE Technologies)
S3 Profos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [14720 2010-01-12] (BitDefender S.R.L.)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] ()
S3 Trufos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [39808 2009-05-07] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 az74ret4; C:\Windows\system32\Drivers\az74ret4.sys [0 ] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 16:32 - 2014-05-25 16:32 - 00018777 _____ () C:\Users\chris\Desktop\FRST.txt
2014-05-25 16:31 - 2014-05-25 16:31 - 01056256 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-05-24 19:06 - 2014-05-24 20:00 - 00006226 _____ () C:\Users\chris\Desktop\eset.txt
2014-05-24 16:40 - 2014-05-24 16:40 - 00000000 ____D () C:\Program Files\ESET
2014-05-24 16:39 - 2014-05-24 16:39 - 02347384 _____ (ESET) C:\Users\chris\Desktop\esetsmartinstaller_deu.exe
2014-05-23 19:43 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-05-23 14:03 - 2014-05-23 20:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 14:02 - 2014-05-23 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-23 14:02 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-23 14:02 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-23 14:02 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 13:04 - 2014-05-23 13:04 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 12:47 - 2014-05-23 12:52 - 00000000 ____D () C:\AdwCleaner
2014-05-23 07:16 - 2014-05-25 16:32 - 00000000 ____D () C:\FRST
2014-05-21 21:14 - 2014-05-24 02:07 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ___HD () C:\Program Files\Zero G Registry
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ___HD () C:\Users\chris\InstallAnywhere
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ____D () C:\Program Files\IHMC CmapTools
2014-05-14 10:53 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:27 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:27 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:27 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:27 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:27 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:27 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:27 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:27 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:27 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:27 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 10:27 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:27 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:27 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:27 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 12:10 - 2014-05-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-13 09:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-13 09:35 - 2014-05-13 09:35 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-13 09:35 - 2014-05-13 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 09:35 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-13 09:35 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-13 09:35 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-05 10:14 - 2014-05-05 10:14 - 00199576 _____ () C:\Windows\Minidump\050514-17409-01.dmp
2014-04-29 15:36 - 2014-05-11 21:22 - 00000000 ____D () C:\Users\chris\Desktop\2014-04-29
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieUserList
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieSiteList
2014-04-25 02:16 - 2014-04-25 02:16 - 01070232 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX

==================== One Month Modified Files and Folders =======

2014-05-25 16:32 - 2014-05-25 16:32 - 00018777 _____ () C:\Users\chris\Desktop\FRST.txt
2014-05-25 16:32 - 2014-05-23 07:16 - 00000000 ____D () C:\FRST
2014-05-25 16:31 - 2014-05-25 16:31 - 01056256 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-05-25 16:09 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 15:13 - 2010-01-11 22:38 - 01188865 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 12:34 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 12:26 - 2009-07-14 06:39 - 00364962 _____ () C:\Windows\setupact.log
2014-05-24 20:00 - 2014-05-24 19:06 - 00006226 _____ () C:\Users\chris\Desktop\eset.txt
2014-05-24 16:40 - 2014-05-24 16:40 - 00000000 ____D () C:\Program Files\ESET
2014-05-24 16:39 - 2014-05-24 16:39 - 02347384 _____ (ESET) C:\Users\chris\Desktop\esetsmartinstaller_deu.exe
2014-05-24 02:07 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-05-24 00:16 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 00:16 - 2009-07-14 06:34 - 00016192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 00:16 - 2009-07-14 06:34 - 00016192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 00:08 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-05-24 00:08 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 20:11 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-05-23 20:10 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 19:48 - 2014-03-17 20:29 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-23 19:48 - 2014-03-17 20:29 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-23 19:43 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-05-23 14:02 - 2014-05-23 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-23 14:02 - 2012-06-12 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-23 13:04 - 2014-05-23 13:04 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 12:54 - 2010-01-12 00:07 - 01335704 _____ () C:\Windows\PFRO.log
2014-05-23 12:52 - 2014-05-23 12:47 - 00000000 ____D () C:\AdwCleaner
2014-05-21 21:14 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ___HD () C:\Program Files\Zero G Registry
2014-05-21 21:12 - 2014-05-21 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ___HD () C:\Users\chris\InstallAnywhere
2014-05-21 21:07 - 2014-05-21 21:07 - 00000000 ____D () C:\Program Files\IHMC CmapTools
2014-05-18 11:57 - 2010-01-12 21:55 - 00000376 _____ () C:\Users\chris\AppData\Roamingprivacy.xml
2014-05-16 11:51 - 2010-02-01 20:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Canon
2014-05-16 11:15 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-05-14 11:38 - 2010-04-30 13:16 - 00000680 __RSH () C:\Users\chris\ntuser.pol
2014-05-14 11:38 - 2010-01-14 12:31 - 00000000 ___RD () C:\Users\chris\Virtual Machines
2014-05-14 11:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-14 11:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 10:53 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 10:44 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-14 10:44 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 10:39 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 10:36 - 2010-01-11 22:47 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 12:22 - 2011-06-02 22:56 - 00000000 ____D () C:\Users\chris\Documents\Steuer-Sparbuch
2014-05-13 12:13 - 2010-07-21 21:52 - 00001066 _____ () C:\Windows\wiso.ini
2014-05-13 12:10 - 2014-05-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-13 12:10 - 2010-07-21 21:50 - 00000000 ____D () C:\Users\chris\AppData\Local\Buhl
2014-05-13 12:09 - 2010-01-14 09:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-13 11:30 - 2014-05-22 20:57 - 00001992 _____ () C:\Windows\system32\Drivers\etc\hosts (Kopie).org
2014-05-13 09:36 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-13 09:35 - 2014-05-13 09:35 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-13 09:35 - 2014-05-13 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 09:35 - 2013-03-08 08:40 - 00000000 ____D () C:\Program Files\Java
2014-05-12 17:34 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-23 14:02 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-23 14:02 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-23 14:02 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 21:22 - 2014-04-29 15:36 - 00000000 ____D () C:\Users\chris\Desktop\2014-04-29
2014-05-11 20:20 - 2014-03-18 19:35 - 00000000 ____D () C:\Users\chris\Documents\Bewerbung
2014-05-10 12:49 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-14 10:27 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 10:27 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:25 - 2014-05-14 10:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 10:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 10:14 - 2014-05-05 10:14 - 00199576 _____ () C:\Windows\Minidump\050514-17409-01.dmp
2014-05-05 10:14 - 2012-12-27 22:15 - 280804184 _____ () C:\Windows\MEMORY.DMP
2014-05-05 10:14 - 2010-02-06 14:10 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 00:55 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieUserList
2014-04-25 12:39 - 2014-04-25 12:39 - 00000000 __SHD () C:\Users\chris\AppData\Local\EmieSiteList
2014-04-25 02:16 - 2014-04-25 02:16 - 01070232 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX

Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 10:27] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:04

==================== End Of Log ============================
         
--- --- ---

Frage: AdwCleaner hat auf der C-Partition ein Verzeichnis erstellt (C:\AdwCleaner\Quarantine), wo sich alle gefundenen Schädlinge befinden.
Soll ich sie per Hand löschen?

Update:
Die Frage hat sich, glaube ich, erledigt. Ich habe Delfix ausgeführt.

Geändert von polonez (25.05.2014 um 16:56 Uhr) Grund: Update

Alt 26.05.2014, 09:07   #10
Warlord711
/// TB-Ausbilder
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



Schön, dann sind alle Logs für mich sauber




Dann noch ein paar nette Ratschläge mit auf den Weg:

Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 26.05.2014, 19:29   #11
polonez
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service



@Warlord711:

Vielen Dank für Deine Hilfe und die ausführliche Beschreibungen.

Es scheint alles iO zu sein.

FRAGE:
Kann man die Reihenfolge der eingesetzten Hilfs-Werkzeuge bei anderen Problemen beibehalten?

Alt 26.05.2014, 21:11   #12
Warlord711
/// TB-Ausbilder
 
Mapsgalaxy-Toolbar und /-Service - Standard

Mapsgalaxy-Toolbar und /-Service





Nein, das kann man nicht verallgemeinern. Auch wenn Infektionen "ähnlich" erscheinen, braucht es einiges an Kenntnis, um die richtigen Schritte (und Reihenfolge) anzugeben. Auch wenn das einige Forenmitleser gern mal anders behaupten.

Unsere ERSTE "goldene" Regel lautet daher:
  1. Jede Infektion ist anders
    Auch wenn es den Anschein hat, dass ein anderer User das selbe Problem hat, befolge keinesfalls blind die selben Schritte.

Antwort

Themen zu Mapsgalaxy-Toolbar und /-Service
php/agent.bv, php/agent.nco, php/agent.ncq, php/agent.ndk, php/kryptik.ab, php/obfuscated.e, php/small.naq, php/small.nar, php/small.nat, php/small.nay.gen, php/webshell.nag, php/webshell.nbv, win32/packed.rbcrypt.a.gen, win32/toolbar.conduit, win32/toolbar.mywebsearch.p, win32/toolbar.mywebsearch.z, win64/toolbar.mywebsearch.a



Ähnliche Themen: Mapsgalaxy-Toolbar und /-Service


  1. Windows Vista Home Premium Service Pack 2 Win32/Bundled.Toolbar.Google.D und Variante von Win32/OpenCandy.C mit eset online scanner gefunden
    Log-Analyse und Auswertung - 16.10.2015 (9)
  2. Yahoo Toolbar drängelt vor, AVG Securtiy Toolbar nicht löschbar, Werbung poppt auf trotz Firewall
    Plagegeister aller Art und deren Bekämpfung - 23.09.2015 (31)
  3. Windows 7; langsames Hochfahren // Win32/Toolbar.Visicom.A, Win32/DownloadSponsor.C, Win32/Toolbar.Visicom.E
    Log-Analyse und Auswertung - 01.08.2015 (9)
  4. MapsGalaxy Toolbar entfernen
    Anleitungen, FAQs & Links - 13.11.2014 (2)
  5. Windows 7 "PUP Babylon Toolbar" und "a variant of Win32/Bundled.Toolbar.Ask.D" gefunden
    Log-Analyse und Auswertung - 26.09.2013 (9)
  6. wie entferne ich Utility Chest Internet Explorer Toolbar Utility Chest Firefox Toolbar?
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (32)
  7. ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner
    Log-Analyse und Auswertung - 17.06.2013 (7)
  8. mapsgalaxy toolbar und mindspark toolbar platform plugin stub - wie entfernen?
    Log-Analyse und Auswertung - 08.05.2013 (8)
  9. Mywebsearch und MapsGalaxy Toolbar - wie entfernen?
    Log-Analyse und Auswertung - 17.04.2013 (5)
  10. Entrusted Toolbar und DVDVideoSoftTB Toolbar lassen sich nicht deinstaliern
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (4)
  11. service.exe trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (2)
  12. SP1-Download: Windows 7 Service Pack 1 und Windows Server 2008 R2 Service Pack 1
    Nachrichten - 25.02.2011 (0)
  13. Die service.exe
    Alles rund um Windows - 27.08.2006 (1)
  14. Service Pack 2
    Alles rund um Windows - 13.05.2006 (1)
  15. Statuscode 128/service.exe
    Log-Analyse und Auswertung - 19.09.2005 (2)
  16. service pack 1 und 2
    Alles rund um Windows - 04.05.2005 (2)
  17. kav-service
    Antiviren-, Firewall- und andere Schutzprogramme - 07.03.2003 (1)

Zum Thema Mapsgalaxy-Toolbar und /-Service - Hallo, mein Sohn hat im Affekt leider eine falsche Datei runter geladen (hxxp://flvrunner.com/d/fileconverter.php) und gleich ausgeführt. Es hat sich jede Menge installiert: unter anderem Integration in Firefox und IE11. Auf - Mapsgalaxy-Toolbar und /-Service...
Archiv
Du betrachtest: Mapsgalaxy-Toolbar und /-Service auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.