Windows Vista: Umleitung auf Werbeseiten (Google Redirect-Virus)

# AdwCleaner v3.214 - Bericht erstellt am 03/07/2014 um 10:44:26
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Fireboarder - FIREBOARDERS-PC
# Gestartet von : C:\Users\Fireboarder\Desktop\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Fireboarder\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Fireboarder\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\searchplugins\SearchquWebSearch.xml
Datei Gelöscht : C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\searchplugins\yahoo-zugo.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F3F2C8-FFE4-4A24-9EC6-92F47AB8192D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\wi9130~1\datamngr\datamngr.dll
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6002.18005

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Restore]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\prefs.js ]

Zeile gelöscht : user_pref("keyword.URL", "hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0[...]
Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1266943144128");

*************************

AdwCleaner[R0].txt - [6361 octets] - [03/07/2014 10:42:21]
AdwCleaner[S0].txt - [5931 octets] - [03/07/2014 10:44:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5991 octets] ##########
         

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014
Ran by Fireboarder (administrator) on FIREBOARDERS-PC on 03-07-2014 10:52:00
Running from C:\Users\Fireboarder\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Fireboarder\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dropbox, Inc.) C:\Users\Fireboarder\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [233472 2009-04-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-13] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\Run: [Facebook Update] => C:\Users\Fireboarder\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\Run: [Spotify Web Helper] => C:\Users\Fireboarder\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\Run: [DriverTurbo] => C:\Program Files\DriverTurbo\DriverTurbo.exe
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\Run: [WinFLTray] => C:\Windows\system32\WinFLTray.exe
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\Run: [FLBackup] => C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\MountPoints2: {47e7e755-f7fd-11de-91d7-00242cb5c754} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\MountPoints2: {a9a05333-a6c2-11de-915f-00242cb5c754} - G:\AutoRun.exe
HKU\S-1-5-21-3290928489-3682883313-640886511-1000\...\MountPoints2: {ed18cc2b-829f-11df-a269-00242cb5c754} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\Fireboarder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fireboarder\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {472E61E4-52A6-49F2-B5B8-20A3C14CDFE3} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default
FF SearchEngineOrder.1: Yahoo
FF Homepage: google.de
FF NetworkProxy: "ftp", "89.169.27.68"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "89.169.27.68"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "89.169.27.68"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "89.169.27.68"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Fireboarder\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Fireboarder\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Fireboarder\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\battlefieldplay4free@ea.com [2013-09-14]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Stealthy - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\stealthyextension@gmail.com.xpi [2012-04-14]
FF Extension: Flash Player - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\uoyAdfHEWKLavbzHG@GvBVViwk5x6JiA7Rbk7S.com.xpi [2014-06-12]
FF Extension: FlashGot - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-12-02]
FF Extension: BugMeNot Plugin - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-03-24]
FF Extension: Adblock Plus - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-15]
FF Extension: Fox!Box - C:\Users\Fireboarder\AppData\Roaming\Mozilla\Firefox\Profiles\gfikk8eg.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013-11-19]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-28]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn [2014-07-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-30] (Andrea Electronics Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 LckFldService; C:\Windows\system32\LckFldService.exe [36864 2005-06-22] () [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-04-30] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-30] (IDT, Inc.)
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S2 FLService; C:\Windows\system32\WinFLService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-09-07] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140702.001\IDSvix86.sys [395992 2014-03-27] (Symantec Corporation)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. ) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-09-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140702.009\NAVENG.SYS [93272 2014-06-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140702.009\NAVEX15.SYS [1612376 2014-06-30] (Symantec Corporation)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-14] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDIV.SYS [345208 2011-11-16] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41472 2009-10-16] (Apple, Inc.) [File not signed]
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-09-25] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 NEWDRIVER; \??\C:\Windows\system32\WinVDEdrv6.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S2 WinVDEDrv; \??\C:\Windows\system32\WinVDEdrv.sys [X]
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 10:52 - 2014-07-03 10:52 - 00022982 _____ () C:\Users\Fireboarder\Desktop\FRST.txt
2014-07-03 10:51 - 2014-07-03 10:51 - 01073664 _____ (Farbar) C:\Users\Fireboarder\Desktop\FRST.exe
2014-07-03 10:42 - 2014-07-03 10:44 - 00000000 ____D () C:\AdwCleaner
2014-07-03 10:37 - 2014-07-03 10:37 - 00000000 _____ () C:\Users\Fireboarder\Desktop\JRT.exe
2014-07-03 10:36 - 2014-07-03 10:36 - 01346519 _____ () C:\Users\Fireboarder\Desktop\adwcleaner_3.214.exe
2014-07-02 15:21 - 2014-07-02 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-02 15:21 - 2014-07-02 15:21 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-02 14:46 - 2014-07-02 14:46 - 00104960 _____ (GMER) C:\ufxdqaog.sys
2014-07-02 14:25 - 2014-07-03 10:52 - 00000000 ____D () C:\FRST
2014-07-02 14:15 - 2014-07-02 14:15 - 00000020 _____ () C:\Users\Fireboarder\defogger_reenable
2014-07-02 14:13 - 2014-07-02 14:13 - 00050477 _____ () C:\Users\Fireboarder\Desktop\Defogger.exe
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\Users\Fireboarder\Desktop\Literaturarbeit
2014-06-30 16:16 - 2014-06-30 16:16 - 00000000 ____D () C:\Users\Fireboarder\Desktop\Projektsachstandsbericht
2014-06-30 16:15 - 2014-06-30 16:15 - 00000000 ____D () C:\Users\Fireboarder\Desktop\SUP Konzept
2014-06-27 18:40 - 2014-07-03 09:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 18:40 - 2014-06-27 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-27 18:39 - 2014-06-27 18:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-27 18:39 - 2014-06-27 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 18:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-27 18:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-27 18:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-26 16:52 - 2014-06-26 16:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-23 17:19 - 2014-06-23 17:19 - 00000000 ____D () C:\Users\Fireboarder\.chili
2014-06-21 18:11 - 2014-06-21 18:12 - 00000000 ____D () C:\Users\Fireboarder\AppData\Roaming\ImgBurn
2014-06-21 18:00 - 2014-06-21 18:00 - 00001664 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-06-21 18:00 - 2014-06-21 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-06-21 18:00 - 2014-06-21 18:00 - 00000000 ____D () C:\Program Files\ImgBurn
2014-06-18 22:23 - 2014-06-18 22:23 - 00000000 _____ () C:\Windows\system32\8104297.jun
2014-06-18 22:04 - 2014-06-18 22:04 - 00000000 ____D () C:\ProgramData\ESET
2014-06-18 22:04 - 2014-06-18 22:04 - 00000000 ____D () C:\Program Files\ESET
2014-06-18 20:59 - 2014-06-26 17:00 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-06-18 20:59 - 2014-06-18 20:59 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-18 16:02 - 2014-06-18 16:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-14 17:04 - 2014-06-14 17:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 15:40 - 2014-06-12 15:40 - 00000000 ____D () C:\Users\Fireboarder\AppData\Local\Adobe
2014-06-12 13:08 - 2014-05-06 06:46 - 03630592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:08 - 2014-05-06 06:46 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:08 - 2014-05-06 06:46 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:08 - 2014-05-06 06:46 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-06-12 13:08 - 2014-05-06 06:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:08 - 2014-05-06 06:46 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:08 - 2014-05-06 06:46 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 13:08 - 2014-05-06 06:45 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:08 - 2014-05-06 06:45 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:08 - 2014-05-06 06:45 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:08 - 2014-05-06 06:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-12 13:08 - 2014-05-06 06:45 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:08 - 2014-05-06 06:45 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:08 - 2014-05-06 06:45 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-06-12 13:08 - 2014-05-06 05:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-12 13:08 - 2014-05-06 05:07 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:08 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:08 - 2014-04-05 05:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:08 - 2014-04-05 03:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-12 13:08 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:08 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 19:20 - 2014-06-10 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
2014-06-10 19:20 - 2014-06-10 19:20 - 00000000 ____D () C:\Program Files\Free PDF to Word Doc Converter

==================== One Month Modified Files and Folders =======

2014-07-03 10:53 - 2014-07-03 10:52 - 00022982 _____ () C:\Users\Fireboarder\Desktop\FRST.txt
2014-07-03 10:53 - 2012-12-10 22:05 - 00000000 ____D () C:\Users\Fireboarder\AppData\Roaming\NetSpeedMonitor
2014-07-03 10:52 - 2014-07-02 14:25 - 00000000 ____D () C:\FRST
2014-07-03 10:51 - 2014-07-03 10:51 - 01073664 _____ (Farbar) C:\Users\Fireboarder\Desktop\FRST.exe
2014-07-03 10:51 - 2009-06-19 15:53 - 01363199 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 10:48 - 2014-05-03 11:15 - 00000000 ____D () C:\Users\Fireboarder\AppData\Roaming\DropboxMaster
2014-07-03 10:48 - 2012-11-27 23:18 - 00000000 ___RD () C:\Users\Fireboarder\Dropbox
2014-07-03 10:48 - 2012-11-27 23:15 - 00000000 ____D () C:\Users\Fireboarder\AppData\Roaming\Dropbox
2014-07-03 10:46 - 2012-06-02 00:45 - 00132866 _____ () C:\Windows\PFRO.log
2014-07-03 10:46 - 2011-06-27 21:21 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 10:46 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 10:46 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:46 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:45 - 2009-06-19 14:16 - 00006396 _____ () C:\Windows\bthservsdp.dat
2014-07-03 10:45 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 10:44 - 2014-07-03 10:42 - 00000000 ____D () C:\AdwCleaner
2014-07-03 10:43 - 2012-07-04 18:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 10:37 - 2014-07-03 10:37 - 00000000 _____ () C:\Users\Fireboarder\Desktop\JRT.exe
2014-07-03 10:36 - 2014-07-03 10:36 - 01346519 _____ () C:\Users\Fireboarder\Desktop\adwcleaner_3.214.exe
2014-07-03 10:33 - 2012-05-11 13:09 - 00000000 ____D () C:\Users\Fireboarder\AppData\Roaming\Spotify
2014-07-03 10:24 - 2011-06-27 21:21 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 09:45 - 2012-05-11 13:11 - 00000000 ____D () C:\Users\Fireboarder\AppData\Local\Spotify
2014-07-03 09:36 - 2014-06-27 18:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 09:33 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 09:29 - 2009-06-25 21:41 - 00000430 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{324E136E-9CA7-4931-ABBF-D738027D2B08}.job
2014-07-02 22:07 - 2012-04-06 12:12 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-07-02 17:05 - 2012-04-22 19:55 - 00001162 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3290928489-3682883313-640886511-1000UA.job
2014-07-02 17:05 - 2012-04-22 19:55 - 00001140 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3290928489-3682883313-640886511-1000Core.job
2014-07-02 15:38 - 2011-07-19 14:36 - 00000000 ____D () C:\Users\Fireboarder\AppData\Local\CrashDumps
2014-07-02 15:21 - 2014-07-02 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-02 15:21 - 2014-07-02 15:21 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-02 14:46 - 2014-07-02 14:46 - 00104960 _____ (GMER) C:\ufxdqaog.sys
2014-07-02 14:15 - 2014-07-02 14:15 - 00000020 _____ () C:\Users\Fireboarder\defogger_reenable
2014-07-02 14:15 - 2009-06-23 14:19 - 00000000 ____D () C:\Users\Fireboarder
2014-07-02 14:13 - 2014-07-02 14:13 - 00050477 _____ () C:\Users\Fireboarder\Desktop\Defogger.exe
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\Users\Fireboarder\Desktop\Literaturarbeit
2014-06-30 21:08 - 2014-06-02 18:40 - 00000000 ____D () C:\Users\Fireboarder\Desktop\Therapieplan
2014-06-30 21:07 - 2012-10-15 18:58 - 00000000 ____D () C:\Users\Fireboarder\Desktop\Studium
2014-06-30 18:08 - 2009-06-24 06:54 - 00088576 _____ () C:\Users\Fireboarder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-30 16:16 - 2014-06-30 16:16 - 00000000 ____D () C:\Users\Fireboarder\Desktop\Projektsachstandsbericht
2014-06-30 16:15 - 2014-06-30 16:15 - 00000000 ____D () C:\Users\Fireboarder\Desktop\SUP Konzept
2014-06-27 18:40 - 2014-06-27 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-27 18:40 - 2014-06-27 18:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-27 18:39 - 2014-06-27 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 17:00 - 2014-06-18 20:59 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-06-26 16:52 - 2014-06-26 16:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-23 17:19 - 2014-06-23 17:19 - 00000000 ____D () C:\Users\Fireboarder\.chili
2014-06-22 21:07 - 2010-09-11 12:10 - 00000000 ____D () C:\Users\Fireboarder\Desktop\Sonstiges
2014-06-22 15:15 - 2011-06-21 15:38 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-06-21 18:12 - 2014-06-21 18:11 - 00000000 ____D () C:\Users\Fireboarder\AppData\Roaming\ImgBurn
2014-06-21 18:00 - 2014-06-21 18:00 - 00001664 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-06-21 18:00 - 2014-06-21 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-06-21 18:00 - 2014-06-21 18:00 - 00000000 ____D () C:\Program Files\ImgBurn
2014-06-21 17:58 - 2012-05-30 21:12 - 00011619 _____ () C:\Windows\setupact.log
2014-06-21 11:03 - 2012-04-05 14:25 - 00000000 ____D () C:\Users\Fireboarder\AppData\Roaming\vlc
2014-06-20 10:43 - 2012-04-27 18:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 22:23 - 2014-06-18 22:23 - 00000000 _____ () C:\Windows\system32\8104297.jun
2014-06-18 22:04 - 2014-06-18 22:04 - 00000000 ____D () C:\ProgramData\ESET
2014-06-18 22:04 - 2014-06-18 22:04 - 00000000 ____D () C:\Program Files\ESET
2014-06-18 20:59 - 2014-06-18 20:59 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-18 16:02 - 2014-06-18 16:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 02:08 - 2012-04-06 12:12 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-06-14 17:05 - 2014-06-14 17:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 16:58 - 2009-06-19 14:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 16:56 - 2013-07-21 19:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 16:52 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 15:40 - 2014-06-12 15:40 - 00000000 ____D () C:\Users\Fireboarder\AppData\Local\Adobe
2014-06-12 13:18 - 2012-03-31 20:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-12 13:18 - 2011-05-15 16:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-10 19:20 - 2014-06-10 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
2014-06-10 19:20 - 2014-06-10 19:20 - 00000000 ____D () C:\Program Files\Free PDF to Word Doc Converter

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat


Some content of TEMP:
====================
C:\Users\Fireboarder\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslxhxh.dll
C:\Users\Fireboarder\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 10:53

==================== End Of Log ============================