Search conduit aus Firefox entfernen?

Greta21 · 29.07.2013, 08:42

Hallo,

ich bekomme leider die Search Conduit Funktion aus meinem Firefox nicht raus.

Zum Gluck ist mein Internex Explorer nicht davon betroffen.

Es ware toll wenn ihr Euch die Logfiles mal anschauen koennt.
Ich muss sie leider als zip.File anhaengen, da sie zu viele Zeichen haben....

Danke!

schrauber · 29.07.2013, 08:52

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Greta21 · 29.07.2013, 10:24

Hier der Result aus FRST und weiter unten aus der Addition.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by *** (administrator) on 29-07-2013 17:18:07
Running from C:\Users\***_ADMIN\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\***pmsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(*** Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(*** Corp.) c:\sdwork\issimsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(*** Corp) c:\notes\nsd.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(*** Corp) c:\notes\ntmulti.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(PGP Corporation) C:\Windows\SysWOW64\PGPserv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(ICBC OEM From Mingwah Technologies Co., Ltd) C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe
(*** Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(*** Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(*** Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-01-15] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-09-05] (Synaptics Incorporated)
HKLM\...\Run: [ICBCEBankAssist] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe [47744 2012-01-04] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-15] (Lenovo)
HKLM\...\Run: [IME14 CHS Setup] - C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKCU\...\Run: [NetSP - restore settings on power failure] - C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-10] (AT&T)
HKCU\...\Run: [SymphonyPreLoad] - "C:\Program Files (x86)\***\Lotus\Symphony\framework\shared\eclipse\plugins\com.***.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\*** Lotus Symphony" -nogui -nosplash [x]
HKCU\...\Run: [Green Christmas Tree] - C:\Users\***_AD~1\AppData\Local\Temp\notes32C5CD\GreenChristmasTree.exe [x] <===== ATTENTION
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
MountPoints2: E - E:\autorun.exe
MountPoints2: {221c5862-2633-11e1-a4a6-0021cc61a50b} - E:\autorun.exe
HKLM-x32\...\Run: [stgclean] - c:\sdwork\w32maing.exe [292352 2013-01-16] (*** Corp.)
HKLM-x32\...\Run: [MWREGICBC.exe] - C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe [45056 2011-12-18] (ICBC OEM From Mingwah Technologies Co., Ltd)
HKLM-x32\...\Run: [Isamtray] - C:\Program Files (x86)\C4ebreg\isamtray.exe [326968 2012-11-08] (*** Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-03-25] (Symantec Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [C4EBReg] - C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (*** Corp.)
HKLM-x32\...\Run: [ALTOOLS] - AccessL.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACWLIcon] - C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [193896 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [ACTray] - C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [431464 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-14] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\Default\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.***.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
HKU\Default User\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.***.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
Lsa: [Notification Packages] scecli ACGina PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{3E70A1DF-704D-4F20-98CF-BAFD0F1672B0}\Icon6560581611.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
URLSearchHook: (No Name) - {77e8143b-6759-416e-b521-82cfed75150b} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {8B77C897-AB7E-4563-B77D-80B5A44C9250} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3288691&CUI=UN37800652501137218&UM=2
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\***\Java60\jre\bin\ssv.dll (***)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\***\Java60\jre\bin\jp2ssv.dll (***)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\***\Java60\jre\bin\ssv.dll (***)
BHO-x32: DivX Browser Bar Toolbar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Program Files (x86)\DivX_Browser_Bar\prxtbDivX.dll (Conduit Ltd.)
BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\***\Java60\jre\bin\jp2ssv.dll (***)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKLM-x32 - DivX Browser Bar Toolbar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Program Files (x86)\DivX_Browser_Bar\prxtbDivX.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {77E8143B-6759-416E-B521-82CFED75150B} -  No File
DPF: HKLM {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {225F72D5-6C19-4930-A188-CBBF05563E31} https://vip.icbc.com.cn/icbc/newperbank/certInStall_64.cab
DPF: HKLM {25ED8DDA-5824-4A11-9A29-843D7E881254} https://vip.icbc.com.cn/icbc/icbc_mwdv_64.cab
DPF: HKLM {52A56D4A-7243-412C-87E3-A7EB0C16AEEA} https://vip.icbc.com.cn/icbc/newperbank/USBKEY_64.cab
DPF: HKLM {76E720F1-87EA-4813-B227-284229EE04EF} https://vip.icbc.com.cn/icbc/newperbank/AxSafeControls_64.cab
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM {ADB2F000-9D4B-4F33-8D34-C7D61A6BC302} https://vip.icbc.com.cn/icbc/ICBC_NetSign_64.cab
DPF: HKLM {B54D34D3-1E5E-4880-A0EE-CA047CDE197D} https://vip.icbc.com.cn/icbc/icbc_mwusbkey_64.cab
DPF: HKLM {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: HKLM {F0548A2F-D0B0-4DDC-9C9D-8121AADAB952} https://b2c.icbc.com.cn/icbc/newperbank/icbcclean_64.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 9.0.148.50 9.0.146.50
Tcpip\..\Interfaces\{43EECE7D-CA38-4E03-9F2D-38686DF529B2}: [NameServer]9.0.148.50,9.0.146.50

FireFox:
========
FF ProfilePath: C:\Users\***_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @***.com/Java60 - C:\Program Files\***\Java60\jre\bin\new_plugin\npjp2.dll (***)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @***.com/JavaPlugin - C:\Program Files (x86)\***\Java60\jre\bin\plugin2\npjp2.dll (***)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
FF Extension: No Name - C:\Users\***_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [4678552 2011-12-05] (*** Corp.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (*** Corp.)
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-08] (*** Corp.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-08] (Lenovo Group Limited)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2010-09-08] (Symantec Corporation)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [3399680 2010-09-30] (*** Corp)
S3 mnmsrvc; C:\Windows\SysWOW64\mnmsrvc.exe [20752 1999-06-09] (Microsoft Corporation)
R2 Multi-user Cleanup Service; c:\notes\ntmulti.exe [58760 2009-09-29] (*** Corp)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-10] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-10] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-10] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [166520 2011-06-17] (PGP Corporation)
R2 PGPserv; C:\Windows\SysWOW64\PGPserv.exe [135288 2011-06-17] (PGP Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3249768 2011-03-25] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428912 2011-03-25] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839776 2011-03-25] (Symantec Corporation)
S3 TRCTARGET; C:\Program Files (x86)\***\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (*** Corporation)

==================== Drivers (Whitelisted) ====================

R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-10] (AT&T)
S3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-30] (AT&T)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-11] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-09-05] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-04] (GFI Software)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2011-09-05] (Huawei Technologies Co., Ltd.)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2011-09-05] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2011-09-05] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2012-12-13] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-09-05] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-09-05] (MCCI Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R2 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [50296 2011-06-17] (PGP Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [367224 2011-06-17] (PGP Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [14968 2011-06-17] (PGP Corporation)
S2 PMEM; C:\Windows\SysWow64\drivers\PMEMNT.SYS [7012 2002-07-18] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-03-29] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2011-03-25] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [53808 2011-03-25] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S2 PMEM; \??\C:\Windows\system32\drivers\PMEMNT.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\***_ADMIN\Desktop\FRST64.exe
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\***_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:02 - 2013-07-29 15:03 - 00014291 _____ C:\Users\***_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\***_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:43 - 2013-07-29 14:54 - 00097914 _____ C:\Users\***_ADMIN\Desktop\Extras.Txt
2013-07-29 14:42 - 2013-07-29 14:55 - 00182940 _____ C:\Users\***_ADMIN\Desktop\OTL.Txt
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\***_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 14:55 - 00000470 _____ C:\Users\***_ADMIN\Desktop\defogger_disable.log
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\***_ADMIN\defogger_reenable
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\***_ADMIN\Desktop\Defogger.exe
2013-07-24 20:48 - 2013-07-24 20:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:52 - 2013-07-21 22:53 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\***_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-10 20:33 - 2013-07-10 20:35 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\***_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 09:53 - 2013-05-27 13:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 09:53 - 2013-05-27 13:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:52 - 2013-05-27 13:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 13:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 11:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 09:52 - 2013-05-27 11:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:45 - 2013-06-04 14:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 09:45 - 2013-06-04 12:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 09:45 - 2013-05-06 14:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 09:45 - 2013-05-06 12:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 09:36 - 2013-06-05 11:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 09:26 - 2013-04-10 13:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:26 - 2013-04-10 13:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 11:47 - 2013-04-24 15:42 - 00162112 _____ (***) C:\Windows\SysWOW64\javaws.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (***) C:\Windows\SysWOW64\javaw.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (***) C:\Windows\SysWOW64\java.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00084288 _____ (***) C:\Windows\SysWOW64\javacpl***60.cpl
2013-07-09 11:46 - 2013-07-09 12:23 - 46604616 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\iCloudSetup.exe
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\***_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:02 - 2013-07-05 15:07 - 01097728 _____ C:\Users\***_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 11:56 - 2013-07-09 13:20 - 00000000 ____D C:\Users\***_ADMIN\Documents\1 GTS Channel Management
2013-07-05 11:01 - 2013-07-09 18:06 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-05 08:56 - 2013-07-09 12:01 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-05 08:54 - 2013-07-06 19:18 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\DivX
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\***_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\Conduit
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\DivX_Browser_Bar
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-04 23:21 - 2013-07-04 23:52 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:21 - 2013-07-04 23:22 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 23:21 - 2013-07-04 23:21 - 00000000 ____D C:\ProgramData\Conduit
2013-07-04 23:18 - 2013-07-04 23:26 - 00000009 _____ C:\END
2013-07-04 19:19 - 2013-07-04 23:52 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\***_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:06 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\***_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:26 - 2013-07-29 15:26 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-04 16:25 - 2013-07-05 18:39 - 00000000 ____D C:\ProgramData\Search Protection
2013-07-04 16:25 - 2013-07-04 16:43 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:25 - 2013-07-04 16:27 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\adawarebp
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-04 16:24 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:21 - 2013-07-04 16:24 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-07-04 16:19 - 2013-07-05 17:39 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:14 - 2013-07-04 16:16 - 10121867 _____ (                                                            ) C:\Users\***_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\***_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\***_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\***_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:55 - 2013-07-04 10:56 - 00000000 ____D C:\Users\***_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-10 07:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:42 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\***_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:39 - 2013-07-04 10:40 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\***_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:16 - 2013-07-03 15:21 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\***_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:47 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\***_ADMIN\ntuser.pol
2013-07-03 13:47 - 2012-11-02 15:20 - 00060184 _____ (Paragon Software Group) C:\Windows\system32\Drivers\gpt_loader.sys
2013-07-03 13:46 - 2012-11-02 15:20 - 00042264 _____ (Paragon Software Group) C:\Windows\system32\Drivers\mounthlp.sys
2013-07-03 13:35 - 2013-07-03 13:38 - 08447629 _____ C:\Users\***_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\***_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\AirPortSetup.exe
130

==================== One Month Modified Files and Folders =======

2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\***_ADMIN\Desktop\FRST64.exe
2013-07-29 16:55 - 2011-12-18 16:19 - 00628736 _____ C:\Users\***_ADMIN\Desktop\Palm.xls
2013-07-29 16:43 - 2013-04-07 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 15:34 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 15:34 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 15:33 - 2009-07-14 13:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 15:26 - 2013-07-04 16:26 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-29 15:26 - 2011-03-26 05:42 - 00000000 ____D C:\Program Files (x86)\C4ebreg
2013-07-29 15:26 - 2010-11-12 09:35 - 00000000 ____D C:\sdwork
2013-07-29 15:26 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 15:26 - 2009-07-14 12:51 - 00095984 _____ C:\Windows\setupact.log
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\***_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:03 - 2013-07-29 15:02 - 00014291 _____ C:\Users\***_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\***_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:55 - 2013-07-29 14:42 - 00182940 _____ C:\Users\***_ADMIN\Desktop\OTL.Txt
2013-07-29 14:55 - 2013-07-29 11:12 - 00000470 _____ C:\Users\***_ADMIN\Desktop\defogger_disable.log
2013-07-29 14:54 - 2013-07-29 14:43 - 00097914 _____ C:\Users\***_ADMIN\Desktop\Extras.Txt
2013-07-29 14:22 - 2010-11-12 09:08 - 00000000 ____D C:\Program Files (x86)\WST
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 14:06 - 2011-11-04 23:36 - 01694534 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\***_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\***_ADMIN\defogger_reenable
2013-07-29 11:12 - 2010-06-29 12:27 - 00000000 ____D C:\Users\***_ADMIN
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\***_ADMIN\Desktop\Defogger.exe
2013-07-29 09:30 - 2011-12-08 11:05 - 00000000 ____D C:\Users\***_ADMIN\SametimeTranscripts
2013-07-25 23:30 - 2011-09-06 04:08 - 00000000 ____D C:\swd
2013-07-24 20:56 - 2013-07-24 20:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:53 - 2013-07-21 22:52 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-21 22:52 - 2012-03-06 21:41 - 622908564 _____ C:\Windows\MEMORY.DMP
2013-07-21 22:52 - 2010-07-15 00:01 - 00000000 ____D C:\Windows\Minidump
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\***_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-18 09:39 - 2009-07-14 12:45 - 00395232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 23:07 - 2009-07-14 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 22:27 - 2011-12-19 19:05 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\PrimoPDF
2013-07-17 22:25 - 2012-09-04 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 20:35 - 2013-07-10 20:33 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\***_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 07:45 - 2013-07-04 10:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-09 18:06 - 2013-07-05 11:01 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-09 13:20 - 2013-07-05 11:56 - 00000000 ____D C:\Users\***_ADMIN\Documents\1 GTS Channel Management
2013-07-09 12:23 - 2013-07-09 11:46 - 46604616 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\iCloudSetup.exe
2013-07-09 12:01 - 2013-07-05 08:56 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-09 11:47 - 2010-07-14 07:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-09 11:46 - 2010-07-14 07:58 - 00000000 ____D C:\Program Files (x86)\***
2013-07-06 19:18 - 2013-07-05 08:54 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\DivX
2013-07-05 18:39 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Search Protection
2013-07-05 18:22 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-05 18:12 - 2009-07-14 13:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 17:39 - 2013-07-04 16:19 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\***_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:29 - 2010-07-14 07:37 - 00091940 _____ C:\Windows\PFRO.log
2013-07-05 15:07 - 2013-07-05 15:02 - 01097728 _____ C:\Users\***_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 14:47 - 2012-01-05 11:36 - 00000000 ____D C:\Users\***_ADMIN\Documents\z Persoenlich
2013-07-05 11:53 - 2011-12-20 16:56 - 00000000 ____D C:\Users\***_ADMIN\Documents\9 Archiv
2013-07-05 11:53 - 2011-12-17 19:11 - 00000000 ____D C:\Users\***_ADMIN\Documents\0 GMU
2013-07-05 11:19 - 2011-12-17 19:42 - 00000000 ____D C:\Users\***_ADMIN\Documents\2 Job
2013-07-05 11:14 - 2012-01-05 11:38 - 00000000 ____D C:\Users\***_ADMIN\Documents\y Tools
2013-07-05 11:09 - 2012-01-05 11:19 - 00000000 ____D C:\Program Files (x86)\XMind
2013-07-05 10:54 - 2011-12-17 19:15 - 00000000 ____D C:\Users\***_ADMIN\Documents\Media
2013-07-05 10:54 - 2011-12-17 19:10 - 00000000 ____D C:\Users\***_ADMIN\Documents\x Sametime
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\***_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:52 - 2013-07-04 23:21 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:52 - 2013-07-04 19:19 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 23:52 - 2013-06-27 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:26 - 2013-07-04 23:18 - 00000009 _____ C:\END
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\Conduit
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\DivX_Browser_Bar
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-04 23:22 - 2013-07-04 23:21 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 23:21 - 2013-07-04 23:21 - 00000000 ____D C:\ProgramData\Conduit
2013-07-04 22:00 - 2013-05-25 09:01 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\ExpressVPN
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\***_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:06 - 2013-07-04 17:05 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\***_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:43 - 2013-07-04 16:25 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:27 - 2013-07-04 16:25 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\adawarebp
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-04 16:25 - 2013-07-04 16:24 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:24 - 2013-07-04 16:21 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:16 - 2013-07-04 16:14 - 10121867 _____ (                                                            ) C:\Users\***_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\***_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\***_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\***_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:56 - 2013-07-04 10:55 - 00000000 ____D C:\Users\***_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\***_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:40 - 2013-07-04 10:39 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\***_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:47 - 2013-07-03 15:15 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-03 15:47 - 2010-06-29 12:27 - 00000000 ___RD C:\Users\***_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-03 15:21 - 2013-07-03 15:16 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\***_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\***_ADMIN\ntuser.pol
2013-07-03 15:15 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-07-03 15:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources
2013-07-03 13:38 - 2013-07-03 13:35 - 08447629 _____ C:\Users\***_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\***_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:06 - 2011-12-08 16:19 - 00000000 ___HD C:\Users\***_ADMIN\AppData\Local\Apple
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\AirPortSetup.exe
2013-07-02 10:40 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-02 10:28 - 2012-10-16 12:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 10:21 - 2012-07-08 18:48 - 00000000 ____D C:\ProgramData\CanonIJPLM

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 22:10

==================== End Of Log ====

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2013
Ran by *** at 2013-07-29 17:19:24
Running from C:\Users\xxx_ADMIN\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Security Add-on (x32 Version: 3.1.0.2)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AT&T Network Client – xxx (x32 Version: 8.2.0.3003)
Bonjour (Version: 3.0.0.10)
Broadcom InConcert Maestro (Version: 1.0.1.1500)
Canon Easy-PhotoPrint EX (x32)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 4.1 (x32)
Canon MX410 series MP Drivers
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Canon 快速拨号实用程序 (x32)
Chinese Simplified Fonts Support For Adobe Reader X (x32 Version: 10.0.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
COMPUTERBILD-Abzockschutz (x32 Version: 1.0.49)
CVE-2012-4792
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DivX Browser Bar Toolbar (x32 Version: 6.14.0.27)
DivX Setup (x32 Version: 2.6.1.44)
exant 20672 SmartAudio HD (Version: 8.32.18.0)
ExpressVPN v3.112 (x32 Version: v3.112)
Fitbit Connect (x32 Version: 1.0.0.2578)
GoGet 1.1.0 (x32 Version: 1.1.0)
xxx 32-bit Runtime Environment for Java v6 (x32 Version: 6)
xxx 64-bit Runtime Environment for Java v6 (Version: 6)
xxx 64-bit Runtime Environment for Java v6 (x32 Version: 6)
xxx Ayudame Console (x32 Version: 1.4.9)
xxx Ayúdame Utility (x32 Version: 1.5.3.0046)
xxx Centennial screensaver (x32)
xxx Gateway Migration Plugin 1.0.0 (x32 Version: 1.0.0.201108081212)
xxx Lotus Sametime Connect 8.5.1 (x32 Version: 8.51.10219)
xxx Lotus Symphony (x32 Version: 3.01.12011)
xxx My Help (x32 Version: 1.7.8)
xxx Smarter Planet Screensaver (x32)
xxx Standard Asset Manager (x32)
xxx Standard Software Installer (x32)
xxx Tivoli Remote Control Ay鷇ame Premium Edition - Target (x32 Version: 8.2.0.0104)
xxx_100screensaver (x32)
ICBCEBankAssist (Version: 1.0.8.0)
InfoPrint Select (x32 Version: 4.3.0)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software (Version: 14.00.1000)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 11.0.4.4)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo System Interface Driver (Version: 1.05)
LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.99)
Lotus Notes 8.5.1 (x32 Version: 8.51.9271)
MANDIANT Intelligent Response Agent (x32 Version: 2.2.1504)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.6029.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - English (x32 Version: 14.0.6029.1000)
Microsoft Office O MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office ScreenTip Language 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Word MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Office X MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Mozilla Firefox 17.0.7 (x86 en-US) (x32 Version: 17.0.7)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 en-US) (x32 Version: 17.0.7)
Mp3tag v2.56 (x32 Version: v2.56)
NeatMP3 version 1.1 (x32 Version: 1.1)
NetMeeting 3.01 (x32)
On Screen Display (Version: 6.24.00)
pdfsam (HKCU Version: 2.2.1)
PGP Desktop (Version: 10.1.2.50)
Picasa 3 (x32 Version: 3.8)
PlayMemories Home (x32 Version: 6.0.02.14151)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)
QuickTime (x32 Version: 7.72.80.56)
Spybot - Search & Destroy (x32 Version: 2.1.20)
SwiftFile 4.0 (x32 Version: 4.00.0006)
Symantec Endpoint Protection (Version: 11.0.6200.754)
Synaptics Pointing Device Driver (Version: 15.2.19.0)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.1500)
ThinkPad FullScreen Magnifier (Version: 2.24)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad Power Management Driver (Version: 1.62.00.00)
ThinkPad UltraNav Utility (x32 Version: 2.13.0)
ThinkVantage Access Connections (x32 Version: 5.83)
ThinkVantage Active Protection System (Version: 1.74)
Tinypic 3.18 (x32 Version: Tinypic 3.18)
Tivoli Endpoint Manager Client (x32 Version: 8.2.1093.0)
UP_screensaver_dug (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Workstation Security Tool 2.5 (x32)
XMind (x32 Version: 3.2.1)
工行U盾程序（明华）卸载向导 (x32 Version: 2.1.4.198)

==================== Restore Points  =========================

22-07-2013 18:05:10 Removed MacDrive 9 Standard
24-07-2013 12:46:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 10:34 - 2011-09-14 16:18 - 00000907 ____A C:\Windows\system32\Drivers\etc\hosts
	127.0.0.1       localhost
        9.181.122.156   c8ek-prints1-jm13
        9.181.122.146   c8ek-prints1-jm13

==================== Scheduled Tasks (whitelisted) =============

Task: {18DA6C58-E1F1-43C6-B536-FB6736635CD7} - System32\Tasks\Run My Help Delay => C:\Program Files (x86)\xxx\My Help\MyHelp.exe [2012-06-14] ()
Task: {380D79BB-A86E-4056-BA9B-FAFB0563413D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {67B6CB7A-CFBE-4CDD-B937-B88811D70EEF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {6B5EB080-C4E6-4CE2-A6A9-89699DE03470} - System32\Tasks\Run My Help => C:\Program Files (x86)\xxx\My Help\MyHelp.exe [2012-06-14] ()
Task: {70DEC4C9-93A9-4123-92D5-7564A769444B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17] (Adobe Systems Incorporated)
Task: {B226C347-3C11-483F-A90D-80F2203BD30D} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {B40B33BB-E625-4013-9DEB-3058E72FB3F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {BA68043A-84A8-499C-930F-312B55284BEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: AGN Virtual Network Adapter
Description: AGN Virtual Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: AT&T
Service: avpnnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 05:19:02 PM) (Source: Application Hang) (User: )
Description: The program EXCEL.EXE version 14.0.6126.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 157c

Start Time: 01ce8c394db3fa8a

Termination Time: 3

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

Report Id: d85d94d9-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 05:17:18 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4e4

Start Time: 01ce8c3c60f11cb6

Termination Time: 4

Application Path: C:\Users\xxx_ADMIN\Desktop\FRST64.exe

Report Id: a81c9478-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0


System errors:
=============
Error: (07/29/2013 03:28:00 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (07/29/2013 03:27:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/29/2013 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: The PMEM service failed to start due to the following error: 
%%1275

Error: (07/29/2013 03:26:23 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\PMEMNT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/29/2013 03:21:57 PM) (Source: SRTSP) (User: )
Description: Error loading virus definitions.

Error: (07/29/2013 03:16:23 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.218 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 03:14:54 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.218 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 03:09:43 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.198 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 03:04:33 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.198 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 02:21:03 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.153 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (07/29/2013 05:19:02 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE14.0.6126.5003157c01ce8c394db3fa8a3C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEd85d94d9-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 05:17:18 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.14e401ce8c3c60f11cb64C:\Users\xxx_ADMIN\Desktop\FRST64.exea81c9478-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path88000

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path25000

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path13000

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path25900

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path17900

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path23808600

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path21808600


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3983.23 MB
Available physical RAM: 2141.72 MB
Total Pagefile: 7964.65 MB
Available Pagefile: 5932.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:298.09 GB) (Free:60.74 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 623BC613)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

Greta21 · 29.07.2013, 10:25

Hier der Result aus FRST und weiter unten aus der Addition.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by *** (administrator) on 29-07-2013 17:18:07
Running from C:\Users\***_ADMIN\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\***pmsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(*** Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(*** Corp.) c:\sdwork\issimsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(*** Corp) c:\notes\nsd.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(*** Corp) c:\notes\ntmulti.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(PGP Corporation) C:\Windows\SysWOW64\PGPserv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(ICBC OEM From Mingwah Technologies Co., Ltd) C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe
(*** Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(*** Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(*** Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-01-15] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-09-05] (Synaptics Incorporated)
HKLM\...\Run: [ICBCEBankAssist] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe [47744 2012-01-04] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-15] (Lenovo)
HKLM\...\Run: [IME14 CHS Setup] - C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKCU\...\Run: [NetSP - restore settings on power failure] - C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-10] (AT&T)
HKCU\...\Run: [SymphonyPreLoad] - "C:\Program Files (x86)\***\Lotus\Symphony\framework\shared\eclipse\plugins\com.***.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\*** Lotus Symphony" -nogui -nosplash [x]
HKCU\...\Run: [Green Christmas Tree] - C:\Users\***_AD~1\AppData\Local\Temp\notes32C5CD\GreenChristmasTree.exe [x] <===== ATTENTION
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
MountPoints2: E - E:\autorun.exe
MountPoints2: {221c5862-2633-11e1-a4a6-0021cc61a50b} - E:\autorun.exe
HKLM-x32\...\Run: [stgclean] - c:\sdwork\w32maing.exe [292352 2013-01-16] (*** Corp.)
HKLM-x32\...\Run: [MWREGICBC.exe] - C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe [45056 2011-12-18] (ICBC OEM From Mingwah Technologies Co., Ltd)
HKLM-x32\...\Run: [Isamtray] - C:\Program Files (x86)\C4ebreg\isamtray.exe [326968 2012-11-08] (*** Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-03-25] (Symantec Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [C4EBReg] - C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (*** Corp.)
HKLM-x32\...\Run: [ALTOOLS] - AccessL.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACWLIcon] - C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [193896 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [ACTray] - C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [431464 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-14] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\Default\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.***.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
HKU\Default User\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.***.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
Lsa: [Notification Packages] scecli ACGina PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{3E70A1DF-704D-4F20-98CF-BAFD0F1672B0}\Icon6560581611.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
URLSearchHook: (No Name) - {77e8143b-6759-416e-b521-82cfed75150b} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {8B77C897-AB7E-4563-B77D-80B5A44C9250} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3288691&CUI=UN37800652501137218&UM=2
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\***\Java60\jre\bin\ssv.dll (***)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\***\Java60\jre\bin\jp2ssv.dll (***)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\***\Java60\jre\bin\ssv.dll (***)
BHO-x32: DivX Browser Bar Toolbar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Program Files (x86)\DivX_Browser_Bar\prxtbDivX.dll (Conduit Ltd.)
BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\***\Java60\jre\bin\jp2ssv.dll (***)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKLM-x32 - DivX Browser Bar Toolbar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Program Files (x86)\DivX_Browser_Bar\prxtbDivX.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {77E8143B-6759-416E-B521-82CFED75150B} -  No File
DPF: HKLM {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {225F72D5-6C19-4930-A188-CBBF05563E31} https://vip.icbc.com.cn/icbc/newperbank/certInStall_64.cab
DPF: HKLM {25ED8DDA-5824-4A11-9A29-843D7E881254} https://vip.icbc.com.cn/icbc/icbc_mwdv_64.cab
DPF: HKLM {52A56D4A-7243-412C-87E3-A7EB0C16AEEA} https://vip.icbc.com.cn/icbc/newperbank/USBKEY_64.cab
DPF: HKLM {76E720F1-87EA-4813-B227-284229EE04EF} https://vip.icbc.com.cn/icbc/newperbank/AxSafeControls_64.cab
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM {ADB2F000-9D4B-4F33-8D34-C7D61A6BC302} https://vip.icbc.com.cn/icbc/ICBC_NetSign_64.cab
DPF: HKLM {B54D34D3-1E5E-4880-A0EE-CA047CDE197D} https://vip.icbc.com.cn/icbc/icbc_mwusbkey_64.cab
DPF: HKLM {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: HKLM {F0548A2F-D0B0-4DDC-9C9D-8121AADAB952} https://b2c.icbc.com.cn/icbc/newperbank/icbcclean_64.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 9.0.148.50 9.0.146.50
Tcpip\..\Interfaces\{43EECE7D-CA38-4E03-9F2D-38686DF529B2}: [NameServer]9.0.148.50,9.0.146.50

FireFox:
========
FF ProfilePath: C:\Users\***_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @***.com/Java60 - C:\Program Files\***\Java60\jre\bin\new_plugin\npjp2.dll (***)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @***.com/JavaPlugin - C:\Program Files (x86)\***\Java60\jre\bin\plugin2\npjp2.dll (***)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
FF Extension: No Name - C:\Users\***_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [4678552 2011-12-05] (*** Corp.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (*** Corp.)
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-08] (*** Corp.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-08] (Lenovo Group Limited)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2010-09-08] (Symantec Corporation)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [3399680 2010-09-30] (*** Corp)
S3 mnmsrvc; C:\Windows\SysWOW64\mnmsrvc.exe [20752 1999-06-09] (Microsoft Corporation)
R2 Multi-user Cleanup Service; c:\notes\ntmulti.exe [58760 2009-09-29] (*** Corp)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-10] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-10] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-10] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [166520 2011-06-17] (PGP Corporation)
R2 PGPserv; C:\Windows\SysWOW64\PGPserv.exe [135288 2011-06-17] (PGP Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3249768 2011-03-25] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428912 2011-03-25] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839776 2011-03-25] (Symantec Corporation)
S3 TRCTARGET; C:\Program Files (x86)\***\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (*** Corporation)

==================== Drivers (Whitelisted) ====================

R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-10] (AT&T)
S3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-30] (AT&T)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-11] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-09-05] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-04] (GFI Software)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2011-09-05] (Huawei Technologies Co., Ltd.)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2011-09-05] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2011-09-05] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2012-12-13] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-09-05] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-09-05] (MCCI Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130728.020\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R2 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [50296 2011-06-17] (PGP Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [367224 2011-06-17] (PGP Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [14968 2011-06-17] (PGP Corporation)
S2 PMEM; C:\Windows\SysWow64\drivers\PMEMNT.SYS [7012 2002-07-18] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-03-29] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2011-03-25] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [53808 2011-03-25] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S2 PMEM; \??\C:\Windows\system32\drivers\PMEMNT.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\***_ADMIN\Desktop\FRST64.exe
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\***_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:02 - 2013-07-29 15:03 - 00014291 _____ C:\Users\***_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\***_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:43 - 2013-07-29 14:54 - 00097914 _____ C:\Users\***_ADMIN\Desktop\Extras.Txt
2013-07-29 14:42 - 2013-07-29 14:55 - 00182940 _____ C:\Users\***_ADMIN\Desktop\OTL.Txt
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\***_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 14:55 - 00000470 _____ C:\Users\***_ADMIN\Desktop\defogger_disable.log
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\***_ADMIN\defogger_reenable
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\***_ADMIN\Desktop\Defogger.exe
2013-07-24 20:48 - 2013-07-24 20:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:52 - 2013-07-21 22:53 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\***_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-10 20:33 - 2013-07-10 20:35 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\***_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 09:53 - 2013-05-27 13:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 09:53 - 2013-05-27 13:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:52 - 2013-05-27 13:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 13:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 11:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 09:52 - 2013-05-27 11:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:45 - 2013-06-04 14:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 09:45 - 2013-06-04 12:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 09:45 - 2013-05-06 14:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 09:45 - 2013-05-06 12:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 09:36 - 2013-06-05 11:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 09:26 - 2013-04-10 13:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:26 - 2013-04-10 13:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 11:47 - 2013-04-24 15:42 - 00162112 _____ (***) C:\Windows\SysWOW64\javaws.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (***) C:\Windows\SysWOW64\javaw.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (***) C:\Windows\SysWOW64\java.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00084288 _____ (***) C:\Windows\SysWOW64\javacpl***60.cpl
2013-07-09 11:46 - 2013-07-09 12:23 - 46604616 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\iCloudSetup.exe
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\***_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:02 - 2013-07-05 15:07 - 01097728 _____ C:\Users\***_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 11:56 - 2013-07-09 13:20 - 00000000 ____D C:\Users\***_ADMIN\Documents\1 GTS Channel Management
2013-07-05 11:01 - 2013-07-09 18:06 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-05 08:56 - 2013-07-09 12:01 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-05 08:54 - 2013-07-06 19:18 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\DivX
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\***_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\Conduit
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\DivX_Browser_Bar
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-04 23:21 - 2013-07-04 23:52 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:21 - 2013-07-04 23:22 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 23:21 - 2013-07-04 23:21 - 00000000 ____D C:\ProgramData\Conduit
2013-07-04 23:18 - 2013-07-04 23:26 - 00000009 _____ C:\END
2013-07-04 19:19 - 2013-07-04 23:52 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\***_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:06 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\***_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:26 - 2013-07-29 15:26 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-04 16:25 - 2013-07-05 18:39 - 00000000 ____D C:\ProgramData\Search Protection
2013-07-04 16:25 - 2013-07-04 16:43 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:25 - 2013-07-04 16:27 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\adawarebp
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-04 16:24 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:21 - 2013-07-04 16:24 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-07-04 16:19 - 2013-07-05 17:39 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:14 - 2013-07-04 16:16 - 10121867 _____ (                                                            ) C:\Users\***_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\***_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\***_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\***_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:55 - 2013-07-04 10:56 - 00000000 ____D C:\Users\***_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-10 07:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:42 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\***_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:39 - 2013-07-04 10:40 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\***_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:16 - 2013-07-03 15:21 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\***_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:47 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\***_ADMIN\ntuser.pol
2013-07-03 13:47 - 2012-11-02 15:20 - 00060184 _____ (Paragon Software Group) C:\Windows\system32\Drivers\gpt_loader.sys
2013-07-03 13:46 - 2012-11-02 15:20 - 00042264 _____ (Paragon Software Group) C:\Windows\system32\Drivers\mounthlp.sys
2013-07-03 13:35 - 2013-07-03 13:38 - 08447629 _____ C:\Users\***_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\***_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\AirPortSetup.exe
130

==================== One Month Modified Files and Folders =======

2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\***_ADMIN\Desktop\FRST64.exe
2013-07-29 16:55 - 2011-12-18 16:19 - 00628736 _____ C:\Users\***_ADMIN\Desktop\Palm.xls
2013-07-29 16:43 - 2013-04-07 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 15:34 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 15:34 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 15:33 - 2009-07-14 13:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 15:26 - 2013-07-04 16:26 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-29 15:26 - 2011-03-26 05:42 - 00000000 ____D C:\Program Files (x86)\C4ebreg
2013-07-29 15:26 - 2010-11-12 09:35 - 00000000 ____D C:\sdwork
2013-07-29 15:26 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 15:26 - 2009-07-14 12:51 - 00095984 _____ C:\Windows\setupact.log
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\***_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:03 - 2013-07-29 15:02 - 00014291 _____ C:\Users\***_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\***_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:55 - 2013-07-29 14:42 - 00182940 _____ C:\Users\***_ADMIN\Desktop\OTL.Txt
2013-07-29 14:55 - 2013-07-29 11:12 - 00000470 _____ C:\Users\***_ADMIN\Desktop\defogger_disable.log
2013-07-29 14:54 - 2013-07-29 14:43 - 00097914 _____ C:\Users\***_ADMIN\Desktop\Extras.Txt
2013-07-29 14:22 - 2010-11-12 09:08 - 00000000 ____D C:\Program Files (x86)\WST
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 14:06 - 2011-11-04 23:36 - 01694534 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\***_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\***_ADMIN\defogger_reenable
2013-07-29 11:12 - 2010-06-29 12:27 - 00000000 ____D C:\Users\***_ADMIN
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\***_ADMIN\Desktop\Defogger.exe
2013-07-29 09:30 - 2011-12-08 11:05 - 00000000 ____D C:\Users\***_ADMIN\SametimeTranscripts
2013-07-25 23:30 - 2011-09-06 04:08 - 00000000 ____D C:\swd
2013-07-24 20:56 - 2013-07-24 20:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:53 - 2013-07-21 22:52 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-21 22:52 - 2012-03-06 21:41 - 622908564 _____ C:\Windows\MEMORY.DMP
2013-07-21 22:52 - 2010-07-15 00:01 - 00000000 ____D C:\Windows\Minidump
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\***_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-18 09:39 - 2009-07-14 12:45 - 00395232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 23:07 - 2009-07-14 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 22:27 - 2011-12-19 19:05 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\PrimoPDF
2013-07-17 22:25 - 2012-09-04 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 20:35 - 2013-07-10 20:33 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\***_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 07:45 - 2013-07-04 10:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-09 18:06 - 2013-07-05 11:01 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-09 13:20 - 2013-07-05 11:56 - 00000000 ____D C:\Users\***_ADMIN\Documents\1 GTS Channel Management
2013-07-09 12:23 - 2013-07-09 11:46 - 46604616 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\iCloudSetup.exe
2013-07-09 12:01 - 2013-07-05 08:56 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-09 11:47 - 2010-07-14 07:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-09 11:46 - 2010-07-14 07:58 - 00000000 ____D C:\Program Files (x86)\***
2013-07-06 19:18 - 2013-07-05 08:54 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\DivX
2013-07-05 18:39 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Search Protection
2013-07-05 18:22 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-05 18:12 - 2009-07-14 13:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 17:39 - 2013-07-04 16:19 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\***_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:29 - 2010-07-14 07:37 - 00091940 _____ C:\Windows\PFRO.log
2013-07-05 15:07 - 2013-07-05 15:02 - 01097728 _____ C:\Users\***_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 14:47 - 2012-01-05 11:36 - 00000000 ____D C:\Users\***_ADMIN\Documents\z Persoenlich
2013-07-05 11:53 - 2011-12-20 16:56 - 00000000 ____D C:\Users\***_ADMIN\Documents\9 Archiv
2013-07-05 11:53 - 2011-12-17 19:11 - 00000000 ____D C:\Users\***_ADMIN\Documents\0 GMU
2013-07-05 11:19 - 2011-12-17 19:42 - 00000000 ____D C:\Users\***_ADMIN\Documents\2 Job
2013-07-05 11:14 - 2012-01-05 11:38 - 00000000 ____D C:\Users\***_ADMIN\Documents\y Tools
2013-07-05 11:09 - 2012-01-05 11:19 - 00000000 ____D C:\Program Files (x86)\XMind
2013-07-05 10:54 - 2011-12-17 19:15 - 00000000 ____D C:\Users\***_ADMIN\Documents\Media
2013-07-05 10:54 - 2011-12-17 19:10 - 00000000 ____D C:\Users\***_ADMIN\Documents\x Sametime
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\***_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:52 - 2013-07-04 23:21 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:52 - 2013-07-04 19:19 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 23:52 - 2013-06-27 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:26 - 2013-07-04 23:18 - 00000009 _____ C:\END
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\Conduit
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\DivX_Browser_Bar
2013-07-04 23:25 - 2013-07-04 23:25 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-04 23:22 - 2013-07-04 23:21 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 23:21 - 2013-07-04 23:21 - 00000000 ____D C:\ProgramData\Conduit
2013-07-04 22:00 - 2013-05-25 09:01 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\ExpressVPN
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\***_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:06 - 2013-07-04 17:05 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\***_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:43 - 2013-07-04 16:25 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:27 - 2013-07-04 16:25 - 00000000 ____D C:\Users\***_ADMIN\AppData\Local\adawarebp
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-04 16:25 - 2013-07-04 16:24 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:24 - 2013-07-04 16:21 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\***_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:16 - 2013-07-04 16:14 - 10121867 _____ (                                                            ) C:\Users\***_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\***_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\***_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\***_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:56 - 2013-07-04 10:55 - 00000000 ____D C:\Users\***_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\***_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:40 - 2013-07-04 10:39 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\***_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:47 - 2013-07-03 15:15 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-03 15:47 - 2010-06-29 12:27 - 00000000 ___RD C:\Users\***_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-03 15:21 - 2013-07-03 15:16 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\***_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\***_ADMIN\ntuser.pol
2013-07-03 15:15 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-07-03 15:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources
2013-07-03 13:38 - 2013-07-03 13:35 - 08447629 _____ C:\Users\***_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\***_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:06 - 2011-12-08 16:19 - 00000000 ___HD C:\Users\***_ADMIN\AppData\Local\Apple
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\***_ADMIN\Downloads\AirPortSetup.exe
2013-07-02 10:40 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-02 10:28 - 2012-10-16 12:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 10:21 - 2012-07-08 18:48 - 00000000 ____D C:\ProgramData\CanonIJPLM

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 22:10

==================== End Of Log ====

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2013
Ran by *** at 2013-07-29 17:19:24
Running from C:\Users\xxx_ADMIN\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Security Add-on (x32 Version: 3.1.0.2)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AT&T Network Client – xxx (x32 Version: 8.2.0.3003)
Bonjour (Version: 3.0.0.10)
Broadcom InConcert Maestro (Version: 1.0.1.1500)
Canon Easy-PhotoPrint EX (x32)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 4.1 (x32)
Canon MX410 series MP Drivers
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Canon 快速拨号实用程序 (x32)
Chinese Simplified Fonts Support For Adobe Reader X (x32 Version: 10.0.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
COMPUTERBILD-Abzockschutz (x32 Version: 1.0.49)
CVE-2012-4792
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DivX Browser Bar Toolbar (x32 Version: 6.14.0.27)
DivX Setup (x32 Version: 2.6.1.44)
exant 20672 SmartAudio HD (Version: 8.32.18.0)
ExpressVPN v3.112 (x32 Version: v3.112)
Fitbit Connect (x32 Version: 1.0.0.2578)
GoGet 1.1.0 (x32 Version: 1.1.0)
xxx 32-bit Runtime Environment for Java v6 (x32 Version: 6)
xxx 64-bit Runtime Environment for Java v6 (Version: 6)
xxx 64-bit Runtime Environment for Java v6 (x32 Version: 6)
xxx Ayudame Console (x32 Version: 1.4.9)
xxx Ayúdame Utility (x32 Version: 1.5.3.0046)
xxx Centennial screensaver (x32)
xxx Gateway Migration Plugin 1.0.0 (x32 Version: 1.0.0.201108081212)
xxx Lotus Sametime Connect 8.5.1 (x32 Version: 8.51.10219)
xxx Lotus Symphony (x32 Version: 3.01.12011)
xxx My Help (x32 Version: 1.7.8)
xxx Smarter Planet Screensaver (x32)
xxx Standard Asset Manager (x32)
xxx Standard Software Installer (x32)
xxx Tivoli Remote Control Ay鷇ame Premium Edition - Target (x32 Version: 8.2.0.0104)
xxx_100screensaver (x32)
ICBCEBankAssist (Version: 1.0.8.0)
InfoPrint Select (x32 Version: 4.3.0)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software (Version: 14.00.1000)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 11.0.4.4)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo System Interface Driver (Version: 1.05)
LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.99)
Lotus Notes 8.5.1 (x32 Version: 8.51.9271)
MANDIANT Intelligent Response Agent (x32 Version: 2.2.1504)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.6029.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - English (x32 Version: 14.0.6029.1000)
Microsoft Office O MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office ScreenTip Language 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Word MUI (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Office X MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Mozilla Firefox 17.0.7 (x86 en-US) (x32 Version: 17.0.7)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 en-US) (x32 Version: 17.0.7)
Mp3tag v2.56 (x32 Version: v2.56)
NeatMP3 version 1.1 (x32 Version: 1.1)
NetMeeting 3.01 (x32)
On Screen Display (Version: 6.24.00)
pdfsam (HKCU Version: 2.2.1)
PGP Desktop (Version: 10.1.2.50)
Picasa 3 (x32 Version: 3.8)
PlayMemories Home (x32 Version: 6.0.02.14151)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)
QuickTime (x32 Version: 7.72.80.56)
Spybot - Search & Destroy (x32 Version: 2.1.20)
SwiftFile 4.0 (x32 Version: 4.00.0006)
Symantec Endpoint Protection (Version: 11.0.6200.754)
Synaptics Pointing Device Driver (Version: 15.2.19.0)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.1500)
ThinkPad FullScreen Magnifier (Version: 2.24)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad Power Management Driver (Version: 1.62.00.00)
ThinkPad UltraNav Utility (x32 Version: 2.13.0)
ThinkVantage Access Connections (x32 Version: 5.83)
ThinkVantage Active Protection System (Version: 1.74)
Tinypic 3.18 (x32 Version: Tinypic 3.18)
Tivoli Endpoint Manager Client (x32 Version: 8.2.1093.0)
UP_screensaver_dug (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Workstation Security Tool 2.5 (x32)
XMind (x32 Version: 3.2.1)
工行U盾程序（明华）卸载向导 (x32 Version: 2.1.4.198)

==================== Restore Points  =========================

22-07-2013 18:05:10 Removed MacDrive 9 Standard
24-07-2013 12:46:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 10:34 - 2011-09-14 16:18 - 00000907 ____A C:\Windows\system32\Drivers\etc\hosts
	127.0.0.1       localhost
        9.181.122.156   c8ek-prints1-jm13
        9.181.122.146   c8ek-prints1-jm13

==================== Scheduled Tasks (whitelisted) =============

Task: {18DA6C58-E1F1-43C6-B536-FB6736635CD7} - System32\Tasks\Run My Help Delay => C:\Program Files (x86)\xxx\My Help\MyHelp.exe [2012-06-14] ()
Task: {380D79BB-A86E-4056-BA9B-FAFB0563413D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {67B6CB7A-CFBE-4CDD-B937-B88811D70EEF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {6B5EB080-C4E6-4CE2-A6A9-89699DE03470} - System32\Tasks\Run My Help => C:\Program Files (x86)\xxx\My Help\MyHelp.exe [2012-06-14] ()
Task: {70DEC4C9-93A9-4123-92D5-7564A769444B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17] (Adobe Systems Incorporated)
Task: {B226C347-3C11-483F-A90D-80F2203BD30D} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {B40B33BB-E625-4013-9DEB-3058E72FB3F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {BA68043A-84A8-499C-930F-312B55284BEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: AGN Virtual Network Adapter
Description: AGN Virtual Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: AT&T
Service: avpnnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 05:19:02 PM) (Source: Application Hang) (User: )
Description: The program EXCEL.EXE version 14.0.6126.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 157c

Start Time: 01ce8c394db3fa8a

Termination Time: 3

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

Report Id: d85d94d9-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 05:17:18 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4e4

Start Time: 01ce8c3c60f11cb6

Termination Time: 4

Application Path: C:\Users\xxx_ADMIN\Desktop\FRST64.exe

Report Id: a81c9478-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0


System errors:
=============
Error: (07/29/2013 03:28:00 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (07/29/2013 03:27:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/29/2013 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: The PMEM service failed to start due to the following error: 
%%1275

Error: (07/29/2013 03:26:23 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\PMEMNT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/29/2013 03:21:57 PM) (Source: SRTSP) (User: )
Description: Error loading virus definitions.

Error: (07/29/2013 03:16:23 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.218 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 03:14:54 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.218 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 03:09:43 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.198 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 03:04:33 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.198 did not allow the name to be claimed by
this computer.

Error: (07/29/2013 02:21:03 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 9.115.169.139.
The computer with the IP address 9.115.169.153 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (07/29/2013 05:19:02 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE14.0.6126.5003157c01ce8c394db3fa8a3C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEd85d94d9-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 05:17:18 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.14e401ce8c3c60f11cb64C:\Users\xxx_ADMIN\Desktop\FRST64.exea81c9478-f82f-11e2-8767-0021cc61a50b

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path88000

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path25000

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path13000

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path25900

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path17900

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path23808600

Error: (07/29/2013 03:27:37 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path21808600


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3983.23 MB
Available physical RAM: 2141.72 MB
Total Pagefile: 7964.65 MB
Available Pagefile: 5932.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:298.09 GB) (Free:60.74 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 623BC613)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 29.07.2013, 14:51

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Greta21 · 30.07.2013, 04:31

Sieht gut aus

))
Aber die Analyse lasse ich lieber dem Fachmann...

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Logfile created 07/30/2013 at 11:12:47
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : xxx - xxx-J9GI0INIVJS
# Boot Mode : Normal
# Running from : C:\Users\xxx_ADMIN\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DivX_Browser_Bar
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\xxx_AD~1\AppData\Local\Temp\CT3288691
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Local\Conduit
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\DivX_Browser_Bar
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\adawaretb
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\CT3288691
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\Smartbar
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DivX_Browser_Bar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX_Browser_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A84F3FC-20DD-4F1E-ADA5-AEB6E46E0B26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB55DBC5-9508-4610-8034-01C8F0C672E6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DivX_Browser_Bar Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{77E8143B-6759-416E-B521-82CFED75150B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.7 (en-US)

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

Deleted : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3288691.FF19Solved", "true");
Deleted : user_pref("CT3288691.FirstTime", "true");
Deleted : user_pref("CT3288691.FirstTimeFF3", "true");
Deleted : user_pref("CT3288691.UserID", "UN20521476917637105");
Deleted : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3288691.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3288691.autoDisableScopes", -1);
Deleted : user_pref("CT3288691.countryCode", "CN");
Deleted : user_pref("CT3288691.defaultSearch", "false");
Deleted : user_pref("CT3288691.enableAlerts", "true");
Deleted : user_pref("CT3288691.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3288691.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3288691.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundError", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3288691.fixUrls", true);
Deleted : user_pref("CT3288691.fullUserID", "UN20521476917637105.IN.20130704232346");
Deleted : user_pref("CT3288691.installDate", "04/07/2013 23:23:46");
Deleted : user_pref("CT3288691.installId", "stub.exe");
Deleted : user_pref("CT3288691.installSessionId", "{E6A02F1F-6761-404C-A81C-43BE767719FA}");
Deleted : user_pref("CT3288691.installSp", "false");
Deleted : user_pref("CT3288691.installType", "conduitnsisintegration");
Deleted : user_pref("CT3288691.installUsage", "2013-07-05T03:50:38.6483234+03:00");
Deleted : user_pref("CT3288691.installUsageEarly", "2013-07-05T03:50:34.5859534+03:00");
Deleted : user_pref("CT3288691.installerVersion", "1.5.4.1");
Deleted : user_pref("CT3288691.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3288691.keyword", "true");
Deleted : user_pref("CT3288691.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT3288691.lastVersion", "10.16.70.505");
Deleted : user_pref("CT3288691.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3288691.migrateAppsAndComponents", true);
Deleted : user_pref("CT3288691.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3288691.openThankYouPage", "false");
Deleted : user_pref("CT3288691.openUninstallPage", "true");
Deleted : user_pref("CT3288691.originalSearchAddressUrl", "hxxp://securedsearch2.lavasoft.com/results.php?pr=v[...]
Deleted : user_pref("CT3288691.revertSettingsEnabled", "true");
Deleted : user_pref("CT3288691.search.searchAppId", "10000002");
Deleted : user_pref("CT3288691.search.searchCount", "1");
Deleted : user_pref("CT3288691.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3288691.searchRevert", "true");
Deleted : user_pref("CT3288691.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3288691.searchUserMode", "2");
Deleted : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1375081600325");
Deleted : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372985437425");
Deleted : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1372985440987");
Deleted : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372985440872");
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1372985436[...]
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1372985439708")[...]
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373002191459");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373437028695");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.7.524_lastUpdate", "1374419263283");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.70.505_lastUpdate", "1375149408664");
Deleted : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372985440939");
Deleted : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1375081602373");
Deleted : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1375081599893");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372985440904");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1375149407769");
Deleted : user_pref("CT3288691.serviceLayer_services_translation_lastUpdate", "1375081600049");
Deleted : user_pref("CT3288691.settingsINI", true);
Deleted : user_pref("CT3288691.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3288691.showToolbarPermission", "false");
Deleted : user_pref("CT3288691.smartbar.CTID", "CT3288691");
Deleted : user_pref("CT3288691.smartbar.Uninstall", "0");
Deleted : user_pref("CT3288691.smartbar.isHidden", true);
Deleted : user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");
Deleted : user_pref("CT3288691.startPage", "false");
Deleted : user_pref("CT3288691.toolbarBornServerTime", "5-7-2013");
Deleted : user_pref("CT3288691.toolbarCurrentServerTime", "30-7-2013");
Deleted : user_pref("CT3288691.toolbarLoginClientTime", "Fri Jul 05 2013 08:50:40 GMT+0800 (China Standard Tim[...]
Deleted : user_pref("CT3288691.versionFromInstaller", "10.16.4.19");
Deleted : user_pref("CT3288691_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://securedsearch2.lavasoft.com/results.php?p[...]
Deleted : user_pref("browser.search.defaultenginename", "DivX Browser Bar Customized Web Search");
Deleted : user_pref("extensions.aniweather.timeShifted", 993887);
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3288691");
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "LWK9I6/3XQS/X1AIUIXSHS0AI3JJ3FVSR5RHRTTCRNKSWJTOCNZH/XOVDQIOX/RB5ID[...]

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

[OK] File is clean.

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13095 octets] - [30/07/2013 11:12:47]

########## EOF - C:\AdwCleaner[S1].txt - [13156 octets] ##########

--- --- ---

[/CODE]

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Logfile created 07/30/2013 at 11:12:47
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : xxx - xxx-J9GI0INIVJS
# Boot Mode : Normal
# Running from : C:\Users\xxx_ADMIN\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DivX_Browser_Bar
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\xxx_AD~1\AppData\Local\Temp\CT3288691
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Local\Conduit
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\DivX_Browser_Bar
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\adawaretb
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\CT3288691
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\Smartbar
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DivX_Browser_Bar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX_Browser_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A84F3FC-20DD-4F1E-ADA5-AEB6E46E0B26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB55DBC5-9508-4610-8034-01C8F0C672E6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DivX_Browser_Bar Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{77E8143B-6759-416E-B521-82CFED75150B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.7 (en-US)

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

Deleted : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3288691.FF19Solved", "true");
Deleted : user_pref("CT3288691.FirstTime", "true");
Deleted : user_pref("CT3288691.FirstTimeFF3", "true");
Deleted : user_pref("CT3288691.UserID", "UN20521476917637105");
Deleted : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3288691.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3288691.autoDisableScopes", -1);
Deleted : user_pref("CT3288691.countryCode", "CN");
Deleted : user_pref("CT3288691.defaultSearch", "false");
Deleted : user_pref("CT3288691.enableAlerts", "true");
Deleted : user_pref("CT3288691.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3288691.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3288691.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundError", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3288691.fixUrls", true);
Deleted : user_pref("CT3288691.fullUserID", "UN20521476917637105.IN.20130704232346");
Deleted : user_pref("CT3288691.installDate", "04/07/2013 23:23:46");
Deleted : user_pref("CT3288691.installId", "stub.exe");
Deleted : user_pref("CT3288691.installSessionId", "{E6A02F1F-6761-404C-A81C-43BE767719FA}");
Deleted : user_pref("CT3288691.installSp", "false");
Deleted : user_pref("CT3288691.installType", "conduitnsisintegration");
Deleted : user_pref("CT3288691.installUsage", "2013-07-05T03:50:38.6483234+03:00");
Deleted : user_pref("CT3288691.installUsageEarly", "2013-07-05T03:50:34.5859534+03:00");
Deleted : user_pref("CT3288691.installerVersion", "1.5.4.1");
Deleted : user_pref("CT3288691.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3288691.keyword", "true");
Deleted : user_pref("CT3288691.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT3288691.lastVersion", "10.16.70.505");
Deleted : user_pref("CT3288691.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3288691.migrateAppsAndComponents", true);
Deleted : user_pref("CT3288691.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3288691.openThankYouPage", "false");
Deleted : user_pref("CT3288691.openUninstallPage", "true");
Deleted : user_pref("CT3288691.originalSearchAddressUrl", "hxxp://securedsearch2.lavasoft.com/results.php?pr=v[...]
Deleted : user_pref("CT3288691.revertSettingsEnabled", "true");
Deleted : user_pref("CT3288691.search.searchAppId", "10000002");
Deleted : user_pref("CT3288691.search.searchCount", "1");
Deleted : user_pref("CT3288691.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3288691.searchRevert", "true");
Deleted : user_pref("CT3288691.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3288691.searchUserMode", "2");
Deleted : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1375081600325");
Deleted : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372985437425");
Deleted : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1372985440987");
Deleted : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372985440872");
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1372985436[...]
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1372985439708")[...]
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373002191459");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373437028695");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.7.524_lastUpdate", "1374419263283");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.70.505_lastUpdate", "1375149408664");
Deleted : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372985440939");
Deleted : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1375081602373");
Deleted : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1375081599893");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372985440904");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1375149407769");
Deleted : user_pref("CT3288691.serviceLayer_services_translation_lastUpdate", "1375081600049");
Deleted : user_pref("CT3288691.settingsINI", true);
Deleted : user_pref("CT3288691.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3288691.showToolbarPermission", "false");
Deleted : user_pref("CT3288691.smartbar.CTID", "CT3288691");
Deleted : user_pref("CT3288691.smartbar.Uninstall", "0");
Deleted : user_pref("CT3288691.smartbar.isHidden", true);
Deleted : user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");
Deleted : user_pref("CT3288691.startPage", "false");
Deleted : user_pref("CT3288691.toolbarBornServerTime", "5-7-2013");
Deleted : user_pref("CT3288691.toolbarCurrentServerTime", "30-7-2013");
Deleted : user_pref("CT3288691.toolbarLoginClientTime", "Fri Jul 05 2013 08:50:40 GMT+0800 (China Standard Tim[...]
Deleted : user_pref("CT3288691.versionFromInstaller", "10.16.4.19");
Deleted : user_pref("CT3288691_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://securedsearch2.lavasoft.com/results.php?p[...]
Deleted : user_pref("browser.search.defaultenginename", "DivX Browser Bar Customized Web Search");
Deleted : user_pref("extensions.aniweather.timeShifted", 993887);
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3288691");
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "LWK9I6/3XQS/X1AIUIXSHS0AI3JJ3FVSR5RHRTTCRNKSWJTOCNZH/XOVDQIOX/RB5ID[...]

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

[OK] File is clean.

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13095 octets] - [30/07/2013 11:12:47]

########## EOF - C:\AdwCleaner[S1].txt - [13156 octets] ##########

--- --- ---

[/CODE]

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by xxx xxx (administrator) on 30-07-2013 11:26:02
Running from C:\Users\xxx_ADMIN\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\xxxpmsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(xxx Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(xxx Corp.) c:\sdwork\issimsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(xxx Corp) c:\notes\nsd.exe
(xxx Corp) c:\notes\ntmulti.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(Industrial and Commercial Bank of China) C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\ICBCEBankAssist.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(PGP Corporation) C:\Windows\SysWOW64\PGPserv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ICBC OEM From Mingwah Technologies Co., Ltd) C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(xxx Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(xxx Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(xxx Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-01-15] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-09-05] (Synaptics Incorporated)
HKLM\...\Run: [ICBCEBankAssist] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe [47744 2012-01-04] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-15] (Lenovo)
HKLM\...\Run: [IME14 CHS Setup] - C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKCU\...\Run: [NetSP - restore settings on power failure] - C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-10] (AT&T)
HKCU\...\Run: [SymphonyPreLoad] - "C:\Program Files (x86)\xxx\Lotus\Symphony\framework\shared\eclipse\plugins\com.xxx.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\xxx Lotus Symphony" -nogui -nosplash [x]
HKCU\...\Run: [Green Christmas Tree] - C:\Users\xxx_AD~1\AppData\Local\Temp\notes32C5CD\GreenChristmasTree.exe [x] <===== ATTENTION
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
MountPoints2: E - E:\autorun.exe
MountPoints2: {221c5862-2633-11e1-a4a6-0021cc61a50b} - E:\autorun.exe
HKLM-x32\...\Run: [stgclean] - c:\sdwork\w32maing.exe [292352 2013-01-16] (xxx Corp.)
HKLM-x32\...\Run: [MWREGICBC.exe] - C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe [45056 2011-12-18] (ICBC OEM From Mingwah Technologies Co., Ltd)
HKLM-x32\...\Run: [Isamtray] - C:\Program Files (x86)\C4ebreg\isamtray.exe [326968 2012-11-08] (xxx Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-03-25] (Symantec Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [C4EBReg] - C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (xxx Corp.)
HKLM-x32\...\Run: [ALTOOLS] - AccessL.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACWLIcon] - C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [193896 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [ACTray] - C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [431464 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\Default\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.xxx.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
HKU\Default User\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.xxx.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
Lsa: [Notification Packages] scecli ACGina PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{3E70A1DF-704D-4F20-98CF-BAFD0F1672B0}\Icon6560581611.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\xxx\Java60\jre\bin\ssv.dll (xxx)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\xxx\Java60\jre\bin\jp2ssv.dll (xxx)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\xxx\Java60\jre\bin\ssv.dll (xxx)
BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\xxx\Java60\jre\bin\jp2ssv.dll (xxx)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {225F72D5-6C19-4930-A188-CBBF05563E31} https://vip.icbc.com.cn/icbc/newperbank/certInStall_64.cab
DPF: HKLM {25ED8DDA-5824-4A11-9A29-843D7E881254} https://vip.icbc.com.cn/icbc/icbc_mwdv_64.cab
DPF: HKLM {52A56D4A-7243-412C-87E3-A7EB0C16AEEA} https://vip.icbc.com.cn/icbc/newperbank/USBKEY_64.cab
DPF: HKLM {76E720F1-87EA-4813-B227-284229EE04EF} https://vip.icbc.com.cn/icbc/newperbank/AxSafeControls_64.cab
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM {ADB2F000-9D4B-4F33-8D34-C7D61A6BC302} https://vip.icbc.com.cn/icbc/ICBC_NetSign_64.cab
DPF: HKLM {B54D34D3-1E5E-4880-A0EE-CA047CDE197D} https://vip.icbc.com.cn/icbc/icbc_mwusbkey_64.cab
DPF: HKLM {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: HKLM {F0548A2F-D0B0-4DDC-9C9D-8121AADAB952} https://b2c.icbc.com.cn/icbc/newperbank/icbcclean_64.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 9.0.148.50 9.0.146.50
Tcpip\..\Interfaces\{43EECE7D-CA38-4E03-9F2D-38686DF529B2}: [NameServer]9.0.148.50,9.0.146.50

FireFox:
========
FF ProfilePath: C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @xxx.com/Java60 - C:\Program Files\xxx\Java60\jre\bin\new_plugin\npjp2.dll (xxx)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @xxx.com/JavaPlugin - C:\Program Files (x86)\xxx\Java60\jre\bin\plugin2\npjp2.dll (xxx)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [4678552 2011-12-05] (xxx Corp.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (xxx Corp.)
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-08] (xxx Corp.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-08] (Lenovo Group Limited)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2010-09-08] (Symantec Corporation)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [3399680 2010-09-30] (xxx Corp)
S3 mnmsrvc; C:\Windows\SysWOW64\mnmsrvc.exe [20752 1999-06-09] (Microsoft Corporation)
R2 Multi-user Cleanup Service; c:\notes\ntmulti.exe [53248 2013-06-11] (xxx Corp)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-10] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-10] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-10] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [166520 2011-06-17] (PGP Corporation)
R2 PGPserv; C:\Windows\SysWOW64\PGPserv.exe [135288 2011-06-17] (PGP Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3249768 2011-03-25] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428912 2011-03-25] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839776 2011-03-25] (Symantec Corporation)
S3 TRCTARGET; C:\Program Files (x86)\xxx\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (xxx Corporation)

==================== Drivers (Whitelisted) ====================

R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-10] (AT&T)
S3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-30] (AT&T)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-11] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-09-05] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-04] (GFI Software)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2011-09-05] (Huawei Technologies Co., Ltd.)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2011-09-05] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2011-09-05] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2012-12-13] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-09-05] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-09-05] (MCCI Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R2 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [50296 2011-06-17] (PGP Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [367224 2011-06-17] (PGP Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [14968 2011-06-17] (PGP Corporation)
S2 PMEM; C:\Windows\SysWow64\drivers\PMEMNT.SYS [7012 2002-07-18] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-03-29] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2011-03-25] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [53808 2011-03-25] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-09-30] (Symantec Corporation)
S2 PMEM; \??\C:\Windows\system32\drivers\PMEMNT.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 11:23 - 2013-07-30 11:23 - 00001370 _____ C:\Users\xxx_ADMIN\Desktop\JRT.txt
2013-07-30 11:19 - 2013-07-30 11:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 11:17 - 2013-07-30 11:18 - 00013217 _____ C:\Users\xxx_ADMIN\Desktop\AdwCleaner[S1].txt
2013-07-30 11:12 - 2013-07-30 11:13 - 00013224 _____ C:\AdwCleaner[S1].txt
2013-07-30 11:11 - 2013-07-30 11:11 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\xxx_ADMIN\Desktop\JRT.exe
2013-07-30 11:10 - 2013-07-30 11:11 - 00666633 _____ C:\Users\xxx_ADMIN\Desktop\adwcleaner.exe
2013-07-30 11:02 - 2013-07-30 11:05 - 00109322 _____ C:\Users\xxx_ADMIN\Documents\lotusinstall.log
2013-07-29 17:19 - 2013-07-29 17:21 - 00020154 _____ C:\Users\xxx_ADMIN\Desktop\Addition.txt
2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\xxx_ADMIN\Desktop\FRST64.exe
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\xxx_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:02 - 2013-07-29 15:03 - 00014291 _____ C:\Users\xxx_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\xxx_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:43 - 2013-07-29 14:54 - 00097914 _____ C:\Users\xxx_ADMIN\Desktop\Extras.Txt
2013-07-29 14:42 - 2013-07-29 14:55 - 00182940 _____ C:\Users\xxx_ADMIN\Desktop\OTL.Txt
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\xxx_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 14:55 - 00000470 _____ C:\Users\xxx_ADMIN\Desktop\defogger_disable.log
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\xxx_ADMIN\defogger_reenable
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\xxx_ADMIN\Desktop\Defogger.exe
2013-07-24 20:48 - 2013-07-24 20:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:52 - 2013-07-21 22:53 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\xxx_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-10 20:33 - 2013-07-10 20:35 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\xxx_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 09:53 - 2013-05-27 13:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 09:53 - 2013-05-27 13:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:52 - 2013-05-27 13:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 13:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 11:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 09:52 - 2013-05-27 11:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:45 - 2013-06-04 14:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 09:45 - 2013-06-04 12:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 09:45 - 2013-05-06 14:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 09:45 - 2013-05-06 12:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 09:36 - 2013-06-05 11:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 09:26 - 2013-04-10 13:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:26 - 2013-04-10 13:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 11:47 - 2013-04-24 15:42 - 00162112 _____ (xxx) C:\Windows\SysWOW64\javaws.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (xxx) C:\Windows\SysWOW64\javaw.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (xxx) C:\Windows\SysWOW64\java.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00084288 _____ (xxx) C:\Windows\SysWOW64\javacplxxx60.cpl
2013-07-09 11:46 - 2013-07-09 12:23 - 46604616 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\iCloudSetup.exe
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\xxx_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:02 - 2013-07-05 15:07 - 01097728 _____ C:\Users\xxx_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 11:56 - 2013-07-09 13:20 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\1 GTS Channel Management
2013-07-05 11:01 - 2013-07-09 18:06 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-05 08:56 - 2013-07-09 12:01 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-05 08:54 - 2013-07-06 19:18 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\DivX
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\xxx_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:21 - 2013-07-04 23:52 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:21 - 2013-07-04 23:22 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 19:19 - 2013-07-04 23:52 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\xxx_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:06 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:26 - 2013-07-30 11:16 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-04 16:25 - 2013-07-04 16:43 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:24 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:19 - 2013-07-05 17:39 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:14 - 2013-07-04 16:16 - 10121867 _____ (                                                            ) C:\Users\xxx_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\xxx_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\xxx_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\xxx_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:55 - 2013-07-04 10:56 - 00000000 ____D C:\Users\xxx_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-10 07:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:42 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\xxx_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:39 - 2013-07-04 10:40 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\xxx_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:16 - 2013-07-03 15:21 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\xxx_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\xxx_ADMIN\ntuser.pol
2013-07-03 13:47 - 2012-11-02 15:20 - 00060184 _____ (Paragon Software Group) C:\Windows\system32\Drivers\gpt_loader.sys
2013-07-03 13:46 - 2012-11-02 15:20 - 00042264 _____ (Paragon Software Group) C:\Windows\system32\Drivers\mounthlp.sys
2013-07-03 13:35 - 2013-07-03 13:38 - 08447629 _____ C:\Users\xxx_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\xxx_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\AirPortSetup.exe
127

==================== One Month Modified Files and Folders =======

2013-07-30 11:24 - 2013-07-30 11:24 - 00001370 _____ C:\Users\xxx_ADMIN\Desktop\JRT v1.txt
2013-07-30 11:24 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 11:24 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 11:23 - 2013-07-30 11:23 - 00001370 _____ C:\Users\xxx_ADMIN\Desktop\JRT.txt
2013-07-30 11:22 - 2009-07-14 13:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 11:19 - 2013-07-30 11:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 11:18 - 2013-07-30 11:17 - 00013217 _____ C:\Users\xxx_ADMIN\Desktop\AdwCleaner[S1].txt
2013-07-30 11:16 - 2013-07-04 16:26 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-30 11:16 - 2011-03-26 05:42 - 00000000 ____D C:\Program Files (x86)\C4ebreg
2013-07-30 11:16 - 2010-11-12 09:35 - 00000000 ____D C:\sdwork
2013-07-30 11:16 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 11:16 - 2009-07-14 12:51 - 00096096 _____ C:\Windows\setupact.log
2013-07-30 11:13 - 2013-07-30 11:12 - 00013224 _____ C:\AdwCleaner[S1].txt
2013-07-30 11:11 - 2013-07-30 11:11 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\xxx_ADMIN\Desktop\JRT.exe
2013-07-30 11:11 - 2013-07-30 11:10 - 00666633 _____ C:\Users\xxx_ADMIN\Desktop\adwcleaner.exe
2013-07-30 11:06 - 2011-09-06 04:08 - 00000000 ____D C:\swd
2013-07-30 11:05 - 2013-07-30 11:02 - 00109322 _____ C:\Users\xxx_ADMIN\Documents\lotusinstall.log
2013-07-30 11:02 - 2011-09-07 05:31 - 00000000 ____D C:\notes
2013-07-30 10:43 - 2013-04-07 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 17:21 - 2013-07-29 17:19 - 00020154 _____ C:\Users\xxx_ADMIN\Desktop\Addition.txt
2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\xxx_ADMIN\Desktop\FRST64.exe
2013-07-29 16:55 - 2011-12-18 16:19 - 00628736 _____ C:\Users\xxx_ADMIN\Desktop\Palm.xls
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\xxx_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:03 - 2013-07-29 15:02 - 00014291 _____ C:\Users\xxx_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\xxx_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:55 - 2013-07-29 14:42 - 00182940 _____ C:\Users\xxx_ADMIN\Desktop\OTL.Txt
2013-07-29 14:55 - 2013-07-29 11:12 - 00000470 _____ C:\Users\xxx_ADMIN\Desktop\defogger_disable.log
2013-07-29 14:54 - 2013-07-29 14:43 - 00097914 _____ C:\Users\xxx_ADMIN\Desktop\Extras.Txt
2013-07-29 14:22 - 2010-11-12 09:08 - 00000000 ____D C:\Program Files (x86)\WST
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 14:06 - 2011-11-04 23:36 - 01694534 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\xxx_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\xxx_ADMIN\defogger_reenable
2013-07-29 11:12 - 2010-06-29 12:27 - 00000000 ____D C:\Users\xxx_ADMIN
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\xxx_ADMIN\Desktop\Defogger.exe
2013-07-29 09:30 - 2011-12-08 11:05 - 00000000 ____D C:\Users\xxx_ADMIN\SametimeTranscripts
2013-07-24 20:56 - 2013-07-24 20:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:53 - 2013-07-21 22:52 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-21 22:52 - 2012-03-06 21:41 - 622908564 _____ C:\Windows\MEMORY.DMP
2013-07-21 22:52 - 2010-07-15 00:01 - 00000000 ____D C:\Windows\Minidump
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\xxx_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-18 09:39 - 2009-07-14 12:45 - 00395232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 23:07 - 2009-07-14 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 22:27 - 2011-12-19 19:05 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\PrimoPDF
2013-07-17 22:25 - 2012-09-04 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 20:35 - 2013-07-10 20:33 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\xxx_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 07:45 - 2013-07-04 10:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-09 18:06 - 2013-07-05 11:01 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-09 13:20 - 2013-07-05 11:56 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\1 GTS Channel Management
2013-07-09 12:23 - 2013-07-09 11:46 - 46604616 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\iCloudSetup.exe
2013-07-09 12:01 - 2013-07-05 08:56 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-09 11:47 - 2010-07-14 07:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-09 11:46 - 2010-07-14 07:58 - 00000000 ____D C:\Program Files (x86)\xxx
2013-07-06 19:18 - 2013-07-05 08:54 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\DivX
2013-07-05 18:22 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-05 18:12 - 2009-07-14 13:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 17:39 - 2013-07-04 16:19 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\xxx_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:29 - 2010-07-14 07:37 - 00091940 _____ C:\Windows\PFRO.log
2013-07-05 15:07 - 2013-07-05 15:02 - 01097728 _____ C:\Users\xxx_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 14:47 - 2012-01-05 11:36 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\z Persoenlich
2013-07-05 11:53 - 2011-12-20 16:56 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\9 Archiv
2013-07-05 11:53 - 2011-12-17 19:11 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\0 GMU
2013-07-05 11:19 - 2011-12-17 19:42 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\2 Job
2013-07-05 11:14 - 2012-01-05 11:38 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\y Tools
2013-07-05 11:09 - 2012-01-05 11:19 - 00000000 ____D C:\Program Files (x86)\XMind
2013-07-05 10:54 - 2011-12-17 19:15 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\Media
2013-07-05 10:54 - 2011-12-17 19:10 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\x Sametime
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\xxx_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:52 - 2013-07-04 23:21 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:52 - 2013-07-04 19:19 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 23:52 - 2013-06-27 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:22 - 2013-07-04 23:21 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 22:00 - 2013-05-25 09:01 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\ExpressVPN
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\xxx_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:06 - 2013-07-04 17:05 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:43 - 2013-07-04 16:25 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:25 - 2013-07-04 16:24 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:16 - 2013-07-04 16:14 - 10121867 _____ (                                                            ) C:\Users\xxx_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\xxx_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\xxx_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\xxx_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:56 - 2013-07-04 10:55 - 00000000 ____D C:\Users\xxx_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\xxx_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:40 - 2013-07-04 10:39 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\xxx_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:47 - 2010-06-29 12:27 - 00000000 ___RD C:\Users\xxx_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-03 15:21 - 2013-07-03 15:16 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\xxx_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\xxx_ADMIN\ntuser.pol
2013-07-03 15:15 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-07-03 15:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources
2013-07-03 13:38 - 2013-07-03 13:35 - 08447629 _____ C:\Users\xxx_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\xxx_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:06 - 2011-12-08 16:19 - 00000000 ___HD C:\Users\xxx_ADMIN\AppData\Local\Apple
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\AirPortSetup.exe
2013-07-02 10:40 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-02 10:28 - 2012-10-16 12:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 10:21 - 2012-07-08 18:48 - 00000000 ____D C:\ProgramData\CanonIJPLM

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 22:10

==================== End Of Log ============================

--- --- ---

Greta21 · 30.07.2013, 04:34

Sieht gut aus

))
Aber die Analyse lasse ich lieber dem Fachmann...

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Logfile created 07/30/2013 at 11:12:47
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : xxx - xxx-J9GI0INIVJS
# Boot Mode : Normal
# Running from : C:\Users\xxx_ADMIN\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DivX_Browser_Bar
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\xxx_AD~1\AppData\Local\Temp\CT3288691
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Local\Conduit
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\xxx_ADMIN\AppData\LocalLow\DivX_Browser_Bar
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\adawaretb
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\CT3288691
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\Smartbar
Folder Deleted : C:\Users\xxx_ADMIN\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DivX_Browser_Bar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX_Browser_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A84F3FC-20DD-4F1E-ADA5-AEB6E46E0B26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB55DBC5-9508-4610-8034-01C8F0C672E6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DivX_Browser_Bar Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{77E8143B-6759-416E-B521-82CFED75150B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.7 (en-US)

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

Deleted : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3288691.FF19Solved", "true");
Deleted : user_pref("CT3288691.FirstTime", "true");
Deleted : user_pref("CT3288691.FirstTimeFF3", "true");
Deleted : user_pref("CT3288691.UserID", "UN20521476917637105");
Deleted : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3288691.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3288691.autoDisableScopes", -1);
Deleted : user_pref("CT3288691.countryCode", "CN");
Deleted : user_pref("CT3288691.defaultSearch", "false");
Deleted : user_pref("CT3288691.enableAlerts", "true");
Deleted : user_pref("CT3288691.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3288691.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3288691.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundError", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3288691.fixUrls", true);
Deleted : user_pref("CT3288691.fullUserID", "UN20521476917637105.IN.20130704232346");
Deleted : user_pref("CT3288691.installDate", "04/07/2013 23:23:46");
Deleted : user_pref("CT3288691.installId", "stub.exe");
Deleted : user_pref("CT3288691.installSessionId", "{E6A02F1F-6761-404C-A81C-43BE767719FA}");
Deleted : user_pref("CT3288691.installSp", "false");
Deleted : user_pref("CT3288691.installType", "conduitnsisintegration");
Deleted : user_pref("CT3288691.installUsage", "2013-07-05T03:50:38.6483234+03:00");
Deleted : user_pref("CT3288691.installUsageEarly", "2013-07-05T03:50:34.5859534+03:00");
Deleted : user_pref("CT3288691.installerVersion", "1.5.4.1");
Deleted : user_pref("CT3288691.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3288691.keyword", "true");
Deleted : user_pref("CT3288691.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT3288691.lastVersion", "10.16.70.505");
Deleted : user_pref("CT3288691.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3288691.migrateAppsAndComponents", true);
Deleted : user_pref("CT3288691.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3288691.openThankYouPage", "false");
Deleted : user_pref("CT3288691.openUninstallPage", "true");
Deleted : user_pref("CT3288691.originalSearchAddressUrl", "hxxp://securedsearch2.lavasoft.com/results.php?pr=v[...]
Deleted : user_pref("CT3288691.revertSettingsEnabled", "true");
Deleted : user_pref("CT3288691.search.searchAppId", "10000002");
Deleted : user_pref("CT3288691.search.searchCount", "1");
Deleted : user_pref("CT3288691.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3288691.searchRevert", "true");
Deleted : user_pref("CT3288691.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3288691.searchUserMode", "2");
Deleted : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1375081600325");
Deleted : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372985437425");
Deleted : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1372985440987");
Deleted : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372985440872");
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1372985436[...]
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1372985439708")[...]
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373002191459");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373437028695");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.7.524_lastUpdate", "1374419263283");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.70.505_lastUpdate", "1375149408664");
Deleted : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372985440939");
Deleted : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1375081602373");
Deleted : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1375081599893");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372985440904");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1375149407769");
Deleted : user_pref("CT3288691.serviceLayer_services_translation_lastUpdate", "1375081600049");
Deleted : user_pref("CT3288691.settingsINI", true);
Deleted : user_pref("CT3288691.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3288691.showToolbarPermission", "false");
Deleted : user_pref("CT3288691.smartbar.CTID", "CT3288691");
Deleted : user_pref("CT3288691.smartbar.Uninstall", "0");
Deleted : user_pref("CT3288691.smartbar.isHidden", true);
Deleted : user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");
Deleted : user_pref("CT3288691.startPage", "false");
Deleted : user_pref("CT3288691.toolbarBornServerTime", "5-7-2013");
Deleted : user_pref("CT3288691.toolbarCurrentServerTime", "30-7-2013");
Deleted : user_pref("CT3288691.toolbarLoginClientTime", "Fri Jul 05 2013 08:50:40 GMT+0800 (China Standard Tim[...]
Deleted : user_pref("CT3288691.versionFromInstaller", "10.16.4.19");
Deleted : user_pref("CT3288691_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://securedsearch2.lavasoft.com/results.php?p[...]
Deleted : user_pref("browser.search.defaultenginename", "DivX Browser Bar Customized Web Search");
Deleted : user_pref("extensions.aniweather.timeShifted", 993887);
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3288691");
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "LWK9I6/3XQS/X1AIUIXSHS0AI3JJ3FVSR5RHRTTCRNKSWJTOCNZH/XOVDQIOX/RB5ID[...]

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

[OK] File is clean.

File : C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default-1372906529118\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13095 octets] - [30/07/2013 11:12:47]

########## EOF - C:\AdwCleaner[S1].txt - [13156 octets] ##########

--- --- ---

[/CODE]

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by xxx xxx (administrator) on 30-07-2013 11:26:02
Running from C:\Users\xxx_ADMIN\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\xxxpmsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(xxx Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(xxx Corp.) c:\sdwork\issimsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(xxx Corp) c:\notes\nsd.exe
(xxx Corp) c:\notes\ntmulti.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(Industrial and Commercial Bank of China) C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\ICBCEBankAssist.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(PGP Corporation) C:\Windows\SysWOW64\PGPserv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ICBC OEM From Mingwah Technologies Co., Ltd) C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(xxx Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(xxx Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(xxx Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-01-15] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-09-05] (Synaptics Incorporated)
HKLM\...\Run: [ICBCEBankAssist] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe [47744 2012-01-04] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-15] (Lenovo)
HKLM\...\Run: [IME14 CHS Setup] - C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKCU\...\Run: [NetSP - restore settings on power failure] - C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-10] (AT&T)
HKCU\...\Run: [SymphonyPreLoad] - "C:\Program Files (x86)\xxx\Lotus\Symphony\framework\shared\eclipse\plugins\com.xxx.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\xxx Lotus Symphony" -nogui -nosplash [x]
HKCU\...\Run: [Green Christmas Tree] - C:\Users\xxx_AD~1\AppData\Local\Temp\notes32C5CD\GreenChristmasTree.exe [x] <===== ATTENTION
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
MountPoints2: E - E:\autorun.exe
MountPoints2: {221c5862-2633-11e1-a4a6-0021cc61a50b} - E:\autorun.exe
HKLM-x32\...\Run: [stgclean] - c:\sdwork\w32maing.exe [292352 2013-01-16] (xxx Corp.)
HKLM-x32\...\Run: [MWREGICBC.exe] - C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe [45056 2011-12-18] (ICBC OEM From Mingwah Technologies Co., Ltd)
HKLM-x32\...\Run: [Isamtray] - C:\Program Files (x86)\C4ebreg\isamtray.exe [326968 2012-11-08] (xxx Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-03-25] (Symantec Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [C4EBReg] - C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (xxx Corp.)
HKLM-x32\...\Run: [ALTOOLS] - AccessL.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACWLIcon] - C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [193896 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [ACTray] - C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [431464 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\Default\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.xxx.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
HKU\Default User\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.xxx.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
Lsa: [Notification Packages] scecli ACGina PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{3E70A1DF-704D-4F20-98CF-BAFD0F1672B0}\Icon6560581611.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\xxx\Java60\jre\bin\ssv.dll (xxx)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\xxx\Java60\jre\bin\jp2ssv.dll (xxx)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\xxx\Java60\jre\bin\ssv.dll (xxx)
BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\xxx\Java60\jre\bin\jp2ssv.dll (xxx)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {225F72D5-6C19-4930-A188-CBBF05563E31} https://vip.icbc.com.cn/icbc/newperbank/certInStall_64.cab
DPF: HKLM {25ED8DDA-5824-4A11-9A29-843D7E881254} https://vip.icbc.com.cn/icbc/icbc_mwdv_64.cab
DPF: HKLM {52A56D4A-7243-412C-87E3-A7EB0C16AEEA} https://vip.icbc.com.cn/icbc/newperbank/USBKEY_64.cab
DPF: HKLM {76E720F1-87EA-4813-B227-284229EE04EF} https://vip.icbc.com.cn/icbc/newperbank/AxSafeControls_64.cab
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM {ADB2F000-9D4B-4F33-8D34-C7D61A6BC302} https://vip.icbc.com.cn/icbc/ICBC_NetSign_64.cab
DPF: HKLM {B54D34D3-1E5E-4880-A0EE-CA047CDE197D} https://vip.icbc.com.cn/icbc/icbc_mwusbkey_64.cab
DPF: HKLM {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: HKLM {F0548A2F-D0B0-4DDC-9C9D-8121AADAB952} https://b2c.icbc.com.cn/icbc/newperbank/icbcclean_64.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 9.0.148.50 9.0.146.50
Tcpip\..\Interfaces\{43EECE7D-CA38-4E03-9F2D-38686DF529B2}: [NameServer]9.0.148.50,9.0.146.50

FireFox:
========
FF ProfilePath: C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @xxx.com/Java60 - C:\Program Files\xxx\Java60\jre\bin\new_plugin\npjp2.dll (xxx)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @xxx.com/JavaPlugin - C:\Program Files (x86)\xxx\Java60\jre\bin\plugin2\npjp2.dll (xxx)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [4678552 2011-12-05] (xxx Corp.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (xxx Corp.)
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-08] (xxx Corp.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-08] (Lenovo Group Limited)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2010-09-08] (Symantec Corporation)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [3399680 2010-09-30] (xxx Corp)
S3 mnmsrvc; C:\Windows\SysWOW64\mnmsrvc.exe [20752 1999-06-09] (Microsoft Corporation)
R2 Multi-user Cleanup Service; c:\notes\ntmulti.exe [53248 2013-06-11] (xxx Corp)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-10] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-10] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-10] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [166520 2011-06-17] (PGP Corporation)
R2 PGPserv; C:\Windows\SysWOW64\PGPserv.exe [135288 2011-06-17] (PGP Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3249768 2011-03-25] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428912 2011-03-25] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839776 2011-03-25] (Symantec Corporation)
S3 TRCTARGET; C:\Program Files (x86)\xxx\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (xxx Corporation)

==================== Drivers (Whitelisted) ====================

R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-10] (AT&T)
S3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-30] (AT&T)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-11] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-09-05] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-04] (GFI Software)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2011-09-05] (Huawei Technologies Co., Ltd.)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2011-09-05] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2011-09-05] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2012-12-13] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-09-05] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-09-05] (MCCI Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130729.007\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R2 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [50296 2011-06-17] (PGP Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [367224 2011-06-17] (PGP Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [14968 2011-06-17] (PGP Corporation)
S2 PMEM; C:\Windows\SysWow64\drivers\PMEMNT.SYS [7012 2002-07-18] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-03-29] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2011-03-25] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [53808 2011-03-25] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-09-30] (Symantec Corporation)
S2 PMEM; \??\C:\Windows\system32\drivers\PMEMNT.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 11:23 - 2013-07-30 11:23 - 00001370 _____ C:\Users\xxx_ADMIN\Desktop\JRT.txt
2013-07-30 11:19 - 2013-07-30 11:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 11:17 - 2013-07-30 11:18 - 00013217 _____ C:\Users\xxx_ADMIN\Desktop\AdwCleaner[S1].txt
2013-07-30 11:12 - 2013-07-30 11:13 - 00013224 _____ C:\AdwCleaner[S1].txt
2013-07-30 11:11 - 2013-07-30 11:11 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\xxx_ADMIN\Desktop\JRT.exe
2013-07-30 11:10 - 2013-07-30 11:11 - 00666633 _____ C:\Users\xxx_ADMIN\Desktop\adwcleaner.exe
2013-07-30 11:02 - 2013-07-30 11:05 - 00109322 _____ C:\Users\xxx_ADMIN\Documents\lotusinstall.log
2013-07-29 17:19 - 2013-07-29 17:21 - 00020154 _____ C:\Users\xxx_ADMIN\Desktop\Addition.txt
2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\xxx_ADMIN\Desktop\FRST64.exe
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\xxx_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:02 - 2013-07-29 15:03 - 00014291 _____ C:\Users\xxx_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\xxx_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:43 - 2013-07-29 14:54 - 00097914 _____ C:\Users\xxx_ADMIN\Desktop\Extras.Txt
2013-07-29 14:42 - 2013-07-29 14:55 - 00182940 _____ C:\Users\xxx_ADMIN\Desktop\OTL.Txt
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\xxx_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 14:55 - 00000470 _____ C:\Users\xxx_ADMIN\Desktop\defogger_disable.log
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\xxx_ADMIN\defogger_reenable
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\xxx_ADMIN\Desktop\Defogger.exe
2013-07-24 20:48 - 2013-07-24 20:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:52 - 2013-07-21 22:53 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\xxx_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-10 20:33 - 2013-07-10 20:35 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\xxx_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 09:53 - 2013-05-27 13:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 09:53 - 2013-05-27 13:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:52 - 2013-05-27 13:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 13:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 11:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 09:52 - 2013-05-27 11:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:45 - 2013-06-04 14:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 09:45 - 2013-06-04 12:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 09:45 - 2013-05-06 14:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 09:45 - 2013-05-06 12:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 09:36 - 2013-06-05 11:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 09:26 - 2013-04-10 13:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:26 - 2013-04-10 13:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 11:47 - 2013-04-24 15:42 - 00162112 _____ (xxx) C:\Windows\SysWOW64\javaws.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (xxx) C:\Windows\SysWOW64\javaw.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (xxx) C:\Windows\SysWOW64\java.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00084288 _____ (xxx) C:\Windows\SysWOW64\javacplxxx60.cpl
2013-07-09 11:46 - 2013-07-09 12:23 - 46604616 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\iCloudSetup.exe
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\xxx_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:19 - 2013-07-05 16:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:02 - 2013-07-05 15:07 - 01097728 _____ C:\Users\xxx_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 11:56 - 2013-07-09 13:20 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\1 GTS Channel Management
2013-07-05 11:01 - 2013-07-09 18:06 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-05 08:56 - 2013-07-09 12:01 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-05 08:54 - 2013-07-06 19:18 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\DivX
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\xxx_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:21 - 2013-07-04 23:52 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:21 - 2013-07-04 23:22 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 19:19 - 2013-07-04 23:52 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\xxx_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:06 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:26 - 2013-07-30 11:16 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-04 16:25 - 2013-07-04 16:43 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:24 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:19 - 2013-07-05 17:39 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:14 - 2013-07-04 16:16 - 10121867 _____ (                                                            ) C:\Users\xxx_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\xxx_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\xxx_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\xxx_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:55 - 2013-07-04 10:56 - 00000000 ____D C:\Users\xxx_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-10 07:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:42 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\xxx_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:39 - 2013-07-04 10:40 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\xxx_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:16 - 2013-07-03 15:21 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\xxx_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\xxx_ADMIN\ntuser.pol
2013-07-03 13:47 - 2012-11-02 15:20 - 00060184 _____ (Paragon Software Group) C:\Windows\system32\Drivers\gpt_loader.sys
2013-07-03 13:46 - 2012-11-02 15:20 - 00042264 _____ (Paragon Software Group) C:\Windows\system32\Drivers\mounthlp.sys
2013-07-03 13:35 - 2013-07-03 13:38 - 08447629 _____ C:\Users\xxx_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\xxx_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\AirPortSetup.exe
127

==================== One Month Modified Files and Folders =======

2013-07-30 11:24 - 2013-07-30 11:24 - 00001370 _____ C:\Users\xxx_ADMIN\Desktop\JRT v1.txt
2013-07-30 11:24 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 11:24 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 11:23 - 2013-07-30 11:23 - 00001370 _____ C:\Users\xxx_ADMIN\Desktop\JRT.txt
2013-07-30 11:22 - 2009-07-14 13:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 11:19 - 2013-07-30 11:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 11:18 - 2013-07-30 11:17 - 00013217 _____ C:\Users\xxx_ADMIN\Desktop\AdwCleaner[S1].txt
2013-07-30 11:16 - 2013-07-04 16:26 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-30 11:16 - 2011-03-26 05:42 - 00000000 ____D C:\Program Files (x86)\C4ebreg
2013-07-30 11:16 - 2010-11-12 09:35 - 00000000 ____D C:\sdwork
2013-07-30 11:16 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 11:16 - 2009-07-14 12:51 - 00096096 _____ C:\Windows\setupact.log
2013-07-30 11:13 - 2013-07-30 11:12 - 00013224 _____ C:\AdwCleaner[S1].txt
2013-07-30 11:11 - 2013-07-30 11:11 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\xxx_ADMIN\Desktop\JRT.exe
2013-07-30 11:11 - 2013-07-30 11:10 - 00666633 _____ C:\Users\xxx_ADMIN\Desktop\adwcleaner.exe
2013-07-30 11:06 - 2011-09-06 04:08 - 00000000 ____D C:\swd
2013-07-30 11:05 - 2013-07-30 11:02 - 00109322 _____ C:\Users\xxx_ADMIN\Documents\lotusinstall.log
2013-07-30 11:02 - 2011-09-07 05:31 - 00000000 ____D C:\notes
2013-07-30 10:43 - 2013-04-07 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 17:21 - 2013-07-29 17:19 - 00020154 _____ C:\Users\xxx_ADMIN\Desktop\Addition.txt
2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 17:16 - 2013-07-29 17:16 - 01780547 _____ (Farbar) C:\Users\xxx_ADMIN\Desktop\FRST64.exe
2013-07-29 16:55 - 2011-12-18 16:19 - 00628736 _____ C:\Users\xxx_ADMIN\Desktop\Palm.xls
2013-07-29 15:17 - 2013-07-29 15:17 - 00039056 _____ C:\Users\xxx_ADMIN\Desktop\Trojaner Hilfe.zip
2013-07-29 15:03 - 2013-07-29 15:02 - 00014291 _____ C:\Users\xxx_ADMIN\Desktop\gmer.txt
2013-07-29 14:56 - 2013-07-29 14:56 - 00377856 _____ C:\Users\xxx_ADMIN\Desktop\gmer_2.1.19163.exe
2013-07-29 14:55 - 2013-07-29 14:42 - 00182940 _____ C:\Users\xxx_ADMIN\Desktop\OTL.Txt
2013-07-29 14:55 - 2013-07-29 11:12 - 00000470 _____ C:\Users\xxx_ADMIN\Desktop\defogger_disable.log
2013-07-29 14:54 - 2013-07-29 14:43 - 00097914 _____ C:\Users\xxx_ADMIN\Desktop\Extras.Txt
2013-07-29 14:22 - 2010-11-12 09:08 - 00000000 ____D C:\Program Files (x86)\WST
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 14:06 - 2011-11-04 23:36 - 01694534 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:13 - 2013-07-29 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\xxx_ADMIN\Desktop\OTL.exe
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\xxx_ADMIN\defogger_reenable
2013-07-29 11:12 - 2010-06-29 12:27 - 00000000 ____D C:\Users\xxx_ADMIN
2013-07-29 11:11 - 2013-07-29 11:11 - 00050477 _____ C:\Users\xxx_ADMIN\Desktop\Defogger.exe
2013-07-29 09:30 - 2011-12-08 11:05 - 00000000 ____D C:\Users\xxx_ADMIN\SametimeTranscripts
2013-07-24 20:56 - 2013-07-24 20:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:53 - 2013-07-21 22:52 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-21 22:52 - 2012-03-06 21:41 - 622908564 _____ C:\Windows\MEMORY.DMP
2013-07-21 22:52 - 2010-07-15 00:01 - 00000000 ____D C:\Windows\Minidump
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\xxx_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-18 09:39 - 2009-07-14 12:45 - 00395232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 23:07 - 2009-07-14 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 22:27 - 2011-12-19 19:05 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\PrimoPDF
2013-07-17 22:25 - 2012-09-04 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 20:35 - 2013-07-10 20:33 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\xxx_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 07:45 - 2013-07-04 10:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-09 18:06 - 2013-07-05 11:01 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-09 13:20 - 2013-07-05 11:56 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\1 GTS Channel Management
2013-07-09 12:23 - 2013-07-09 11:46 - 46604616 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\iCloudSetup.exe
2013-07-09 12:01 - 2013-07-05 08:56 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-09 11:47 - 2010-07-14 07:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-09 11:46 - 2010-07-14 07:58 - 00000000 ____D C:\Program Files (x86)\xxx
2013-07-06 19:18 - 2013-07-05 08:54 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\DivX
2013-07-05 18:22 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-05 18:12 - 2009-07-14 13:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 17:39 - 2013-07-04 16:19 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Ad-Aware Antivirus
2013-07-05 17:30 - 2013-07-05 17:30 - 00000000 ____H C:\Users\xxx_ADMIN\Documents\Default.rdp
2013-07-05 16:20 - 2013-07-05 16:20 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 16:20 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 16:19 - 2013-07-05 16:19 - 00000000 ____D C:\Program Files\iPod
2013-07-05 15:29 - 2010-07-14 07:37 - 00091940 _____ C:\Windows\PFRO.log
2013-07-05 15:07 - 2013-07-05 15:02 - 01097728 _____ C:\Users\xxx_ADMIN\Desktop\BP001 Business Partner Go To Market Plan - page 2 revised.ppt
2013-07-05 14:47 - 2012-01-05 11:36 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\z Persoenlich
2013-07-05 11:53 - 2011-12-20 16:56 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\9 Archiv
2013-07-05 11:53 - 2011-12-17 19:11 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\0 GMU
2013-07-05 11:19 - 2011-12-17 19:42 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\2 Job
2013-07-05 11:14 - 2012-01-05 11:38 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\y Tools
2013-07-05 11:09 - 2012-01-05 11:19 - 00000000 ____D C:\Program Files (x86)\XMind
2013-07-05 10:54 - 2011-12-17 19:15 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\Media
2013-07-05 10:54 - 2011-12-17 19:10 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\x Sametime
2013-07-04 23:52 - 2013-07-04 23:52 - 00001632 _____ C:\Users\xxx_ADMIN\Desktop\DivX Movies.lnk
2013-07-04 23:52 - 2013-07-04 23:52 - 00001122 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-04 23:52 - 2013-07-04 23:21 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-04 23:52 - 2013-07-04 19:19 - 00000000 ____D C:\ProgramData\DivX
2013-07-04 23:52 - 2013-06-27 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-04 23:51 - 2013-07-04 23:51 - 00001162 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-04 23:51 - 2013-07-04 23:51 - 00000000 ____D C:\Program Files\DivX
2013-07-04 23:22 - 2013-07-04 23:21 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-04 22:00 - 2013-05-25 09:01 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\ExpressVPN
2013-07-04 19:19 - 2013-07-04 19:19 - 00957248 _____ (DivX, LLC) C:\Users\xxx_ADMIN\Downloads\DivXInstaller.exe
2013-07-04 17:06 - 2013-07-04 17:06 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Mp3tag
2013-07-04 17:06 - 2013-07-04 17:05 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-04 17:05 - 2013-07-04 17:05 - 00000989 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\NeatMP3
2013-07-04 16:56 - 2013-07-04 16:56 - 00001001 _____ C:\Users\Public\Desktop\NeatMP3.lnk
2013-07-04 16:56 - 2013-07-04 16:56 - 00000000 ____D C:\Program Files (x86)\NeatMP3
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoGet
2013-07-04 16:46 - 2013-07-04 16:46 - 00000000 ____D C:\Program Files (x86)\Sound Doctrine
2013-07-04 16:43 - 2013-07-04 16:43 - 00004346 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\LavasoftStatistics
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-04 16:43 - 2013-07-04 16:25 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-04 16:25 - 2013-07-04 16:24 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\SecureSearch
2013-07-04 16:23 - 2013-07-04 16:23 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-04 16:19 - 2013-07-04 16:19 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-04 16:19 - 2013-07-04 16:19 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-04 16:16 - 2013-07-04 16:14 - 10121867 _____ (                                                            ) C:\Users\xxx_ADMIN\Downloads\setup_1.1.exe
2013-07-04 16:12 - 2013-07-04 16:12 - 02627888 _____ C:\Users\xxx_ADMIN\Downloads\mp3tagv256setup.exe
2013-07-04 16:08 - 2013-07-04 16:08 - 00716121 _____ C:\Users\xxx_ADMIN\Downloads\GoGetSetup_1.1.exe
2013-07-04 16:07 - 2013-07-04 16:07 - 05616264 _____ (Lavasoft Limited) C:\Users\xxx_ADMIN\Downloads\Adaware53_Installer.exe
2013-07-04 10:56 - 2013-07-04 10:55 - 00000000 ____D C:\Users\xxx_ADMIN\Desktop\Old Firefox Data-1
2013-07-04 10:47 - 2013-07-04 10:47 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-04 10:43 - 2013-07-04 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 10:42 - 2013-07-04 10:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-04 10:42 - 2013-07-04 10:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 10:41 - 2013-07-04 10:41 - 02825264 _____ (J3S GmbH) C:\Users\xxx_ADMIN\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2013-07-04 10:40 - 2013-07-04 10:39 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\xxx_ADMIN\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-03 15:47 - 2010-06-29 12:27 - 00000000 ___RD C:\Users\xxx_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-03 15:21 - 2013-07-03 15:16 - 13341408 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\xxx_ADMIN\Downloads\MacDrive Standard 9.0.5.14 (en) Setup.exe
2013-07-03 15:15 - 2013-07-03 15:15 - 00000884 __RSH C:\Users\xxx_ADMIN\ntuser.pol
2013-07-03 15:15 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-07-03 15:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources
2013-07-03 13:38 - 2013-07-03 13:35 - 08447629 _____ C:\Users\xxx_ADMIN\Downloads\FileRenamerBasic.exe
2013-07-02 12:49 - 2013-07-02 12:49 - 05127955 _____ C:\Users\xxx_ADMIN\Downloads\whiteboard.ipa
2013-07-02 11:06 - 2011-12-08 16:19 - 00000000 ___HD C:\Users\xxx_ADMIN\AppData\Local\Apple
2013-07-02 11:00 - 2013-07-02 11:00 - 10815592 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\AirPortSetup.exe
2013-07-02 10:40 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-02 10:28 - 2012-10-16 12:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 10:21 - 2012-07-08 18:48 - 00000000 ____D C:\ProgramData\CanonIJPLM

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 22:10

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

[/CODE]

Sorry, ich habe das JRT nicht eingefugt.

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.8 (07.29.2013:2)
OS: Windows 7 Professional x64
Ran by xxx xxx on 30.07.13 Tue at 11:19:29.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8B77C897-AB7E-4563-B77D-80B5A44C9250}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\bigfix"
Successfully deleted: [Folder] "C:\Users\xxx_ADMIN\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\xxx_ADMIN\AppData\Roaming\mozilla\firefox\profiles\0a0spamj.default-1372906529118\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Emptied folder: C:\Users\xxx_ADMIN\AppData\Roaming\mozilla\firefox\profiles\0a0spamj.default-1372906529118\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.07.13 Tue at 11:23:56.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 30.07.2013, 07:56

Noch nen Onlinescan und wir sind durch

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Greta21 · 31.07.2013, 07:42

Ui der ESETdauert relativ lange, den muss ich wohl heute nacht mal laufen lassen. melde mich morgen wieder.

schrauber · 31.07.2013, 09:54

ok

Greta21 · 05.08.2013, 15:01

Hier der ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91b17e1c4072bc43a49394cd0d815c0c
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 06:40:53
# local_time=2013-07-31 02:40:53 (+0800, China Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776638 100 94 1179177 126882703 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=319
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91b17e1c4072bc43a49394cd0d815c0c
# engine=14653
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-05 10:34:03
# local_time=2013-08-05 06:34:03 (+0800, China Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776638 100 94 1625167 127328693 0 0
# scanned=359364
# found=0
# cleaned=0
# scan_time=9000

und noch security check ( ja ich muss meine firewall updaten

)

Code:

ATTFilter

Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Lavasoft Ad-Aware              
Symantec Endpoint Protection   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Spybot - Search & Destroy 
 IBM 32-bit Runtime Environment for Java v6 
 IBM 64-bit Runtime Environment for Java v6 
 Java 7 Update 17  
 IBM 32-bit Runtime Environment for Java v6 
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Mozilla Firefox 17.0.7 Firefox out of Date!  
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Spybot Teatimer.exe is disabled! 
 Ad-Aware Antivirus AdAwareService.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

und FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by xxx xxx (administrator) on 05-08-2013 21:53:29
Running from C:\Users\xxx_ADMIN\Desktop\Trojan Help
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\xxxpmsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(xxx Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(xxx Corp.) c:\sdwork\issimsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(xxx Corp) c:\notes\nsd.exe
(xxx Corp) c:\notes\ntmulti.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(PGP Corporation) C:\Windows\SysWOW64\PGPserv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(ICBC OEM From Mingwah Technologies Co., Ltd) C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe
(xxx Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(xxx Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(xxx Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\xxx_ADMIN\Desktop\Trojan Help\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-01-15] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-09-05] (Synaptics Incorporated)
HKLM\...\Run: [ICBCEBankAssist] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe [47744 2012-01-04] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-15] (Lenovo)
HKLM\...\Run: [IME14 CHS Setup] - C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKCU\...\Run: [NetSP - restore settings on power failure] - C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-10] (AT&T)
HKCU\...\Run: [SymphonyPreLoad] - "C:\Program Files (x86)\xxx\Lotus\Symphony\framework\shared\eclipse\plugins\com.xxx.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\xxx Lotus Symphony" -nogui -nosplash [x]
HKCU\...\Run: [Green Christmas Tree] - C:\Users\xxx_AD~1\AppData\Local\Temp\notes32C5CD\GreenChristmasTree.exe [x] <===== ATTENTION
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex [514952 2013-06-17] (Adobe Systems Incorporated)
MountPoints2: E - E:\autorun.exe
MountPoints2: {221c5862-2633-11e1-a4a6-0021cc61a50b} - E:\autorun.exe
HKLM-x32\...\Run: [stgclean] - c:\sdwork\w32maing.exe [292352 2013-01-16] (xxx Corp.)
HKLM-x32\...\Run: [MWREGICBC.exe] - C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe [45056 2011-12-18] (ICBC OEM From Mingwah Technologies Co., Ltd)
HKLM-x32\...\Run: [Isamtray] - C:\Program Files (x86)\C4ebreg\isamtray.exe [326968 2012-11-08] (xxx Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-03-25] (Symantec Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [C4EBReg] - C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (xxx Corp.)
HKLM-x32\...\Run: [ALTOOLS] - AccessL.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACWLIcon] - C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [193896 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [ACTray] - C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [431464 2011-04-15] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\Default\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.xxx.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
HKU\Default User\...\Run: [SODCPreLoad] - C:\notes\framework\shared\eclipse\plugins\com.xxx.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe [40960 2011-09-07] ()
Lsa: [Notification Packages] scecli ACGina PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{3E70A1DF-704D-4F20-98CF-BAFD0F1672B0}\Icon6560581611.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\xxx\Java60\jre\bin\ssv.dll (xxx)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\xxx\Java60\jre\bin\jp2ssv.dll (xxx)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\xxx\Java60\jre\bin\ssv.dll (xxx)
BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\xxx\Java60\jre\bin\jp2ssv.dll (xxx)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {225F72D5-6C19-4930-A188-CBBF05563E31} https://vip.icbc.com.cn/icbc/newperbank/certInStall_64.cab
DPF: HKLM {25ED8DDA-5824-4A11-9A29-843D7E881254} https://vip.icbc.com.cn/icbc/icbc_mwdv_64.cab
DPF: HKLM {52A56D4A-7243-412C-87E3-A7EB0C16AEEA} https://vip.icbc.com.cn/icbc/newperbank/USBKEY_64.cab
DPF: HKLM {76E720F1-87EA-4813-B227-284229EE04EF} https://vip.icbc.com.cn/icbc/newperbank/AxSafeControls_64.cab
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM {ADB2F000-9D4B-4F33-8D34-C7D61A6BC302} https://vip.icbc.com.cn/icbc/ICBC_NetSign_64.cab
DPF: HKLM {B54D34D3-1E5E-4880-A0EE-CA047CDE197D} https://vip.icbc.com.cn/icbc/icbc_mwusbkey_64.cab
DPF: HKLM {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: HKLM {F0548A2F-D0B0-4DDC-9C9D-8121AADAB952} https://b2c.icbc.com.cn/icbc/newperbank/icbcclean_64.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{43EECE7D-CA38-4E03-9F2D-38686DF529B2}: [NameServer]9.0.148.50,9.0.146.50

FireFox:
========
FF ProfilePath: C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\0a0spamj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @xxx.com/Java60 - C:\Program Files\xxx\Java60\jre\bin\new_plugin\npjp2.dll (xxx)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @xxx.com/JavaPlugin - C:\Program Files (x86)\xxx\Java60\jre\bin\plugin2\npjp2.dll (xxx)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [4678552 2011-12-05] (xxx Corp.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-03-25] (Symantec Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [511288 2012-11-08] (xxx Corp.)
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-08] (xxx Corp.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-08] (Lenovo Group Limited)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2010-09-08] (Symantec Corporation)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [3399680 2010-09-30] (xxx Corp)
S3 mnmsrvc; C:\Windows\SysWOW64\mnmsrvc.exe [20752 1999-06-09] (Microsoft Corporation)
R2 Multi-user Cleanup Service; c:\notes\ntmulti.exe [53248 2013-06-11] (xxx Corp)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-10] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-10] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-10] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [166520 2011-06-17] (PGP Corporation)
R2 PGPserv; C:\Windows\SysWOW64\PGPserv.exe [135288 2011-06-17] (PGP Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3249768 2011-03-25] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428912 2011-03-25] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839776 2011-03-25] (Symantec Corporation)
S3 TRCTARGET; C:\Program Files (x86)\xxx\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (xxx Corporation)

==================== Drivers (Whitelisted) ====================

R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-10] (AT&T)
S3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-30] (AT&T)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-11] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-09-05] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-04] (GFI Software)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2011-09-05] (Huawei Technologies Co., Ltd.)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2011-09-05] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2011-09-05] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2012-12-13] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-09-05] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-09-05] (MCCI Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130804.032\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130804.032\ENG64.SYS [126040 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130804.032\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130804.032\EX64.SYS [2098776 2013-06-16] (Symantec Corporation)
R2 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [50296 2011-06-17] (PGP Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [367224 2011-06-17] (PGP Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [14968 2011-06-17] (PGP Corporation)
S2 PMEM; C:\Windows\SysWow64\drivers\PMEMNT.SYS [7012 2002-07-18] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [449072 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482352 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-03-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-03-29] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2011-03-25] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [53808 2011-03-25] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-04] (Symantec Corporation)
S2 PMEM; \??\C:\Windows\system32\drivers\PMEMNT.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-02 16:43 - 2013-08-02 16:43 - 00430080 _____ C:\Users\xxx_ADMIN\Documents\1-3-9Powerpoint Presentation Template[1].ppt
2013-08-02 16:30 - 2013-08-02 16:40 - 00074752 _____ C:\Users\xxx_ADMIN\Desktop\xxx GMU HQ name card request form-2013.xls
2013-07-31 14:23 - 2013-07-31 14:23 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-31 07:25 - 2013-07-31 07:25 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Local\adawarebp
2013-07-30 11:27 - 2013-08-05 21:53 - 00000000 ____D C:\Users\xxx_ADMIN\Desktop\Trojan Help
2013-07-30 11:19 - 2013-07-30 11:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 11:12 - 2013-07-30 11:13 - 00013224 _____ C:\AdwCleaner[S1].txt
2013-07-30 11:02 - 2013-07-30 11:05 - 00109322 _____ C:\Users\xxx_ADMIN\Documents\lotusinstall.log
2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\xxx_ADMIN\defogger_reenable
2013-07-24 20:48 - 2013-07-24 20:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:52 - 2013-07-21 22:53 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\xxx_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-10 20:33 - 2013-07-10 20:35 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\xxx_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 09:53 - 2013-05-27 13:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 09:53 - 2013-05-27 13:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 09:53 - 2013-05-27 12:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:52 - 2013-05-27 13:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 13:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 13:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:52 - 2013-05-27 13:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:52 - 2013-05-27 12:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:52 - 2013-05-27 12:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:52 - 2013-05-27 11:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 09:52 - 2013-05-27 11:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:45 - 2013-06-04 14:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 09:45 - 2013-06-04 12:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 09:45 - 2013-05-06 14:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 09:45 - 2013-05-06 12:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 09:36 - 2013-06-05 11:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 09:26 - 2013-04-10 13:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:26 - 2013-04-10 13:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 11:47 - 2013-04-24 15:42 - 00162112 _____ (xxx) C:\Windows\SysWOW64\javaws.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (xxx) C:\Windows\SysWOW64\javaw.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00149824 _____ (xxx) C:\Windows\SysWOW64\java.exe
2013-07-09 11:47 - 2013-04-24 15:42 - 00084288 _____ (xxx) C:\Windows\SysWOW64\javacplxxx60.cpl
2013-07-09 11:46 - 2013-07-09 12:23 - 46604616 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\iCloudSetup.exe

==================== One Month Modified Files and Folders =======

2013-08-05 21:43 - 2013-04-07 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 17:29 - 2011-12-18 16:19 - 00628736 _____ C:\Users\xxx_ADMIN\Desktop\Palm.xls
2013-08-05 15:58 - 2012-01-05 11:19 - 00000000 ____D C:\Program Files (x86)\XMind
2013-08-05 15:30 - 2010-11-12 09:35 - 00000000 ____D C:\sdwork
2013-08-05 15:02 - 2010-11-12 09:08 - 00000000 ____D C:\Program Files (x86)\WST
2013-08-05 14:56 - 2011-03-26 05:42 - 00000000 ____D C:\Program Files (x86)\C4ebreg
2013-08-05 14:33 - 2011-12-08 11:05 - 00000000 ____D C:\Users\xxx_ADMIN\SametimeTranscripts
2013-08-05 12:12 - 2011-11-04 23:36 - 01147412 _____ C:\Windows\WindowsUpdate.log
2013-08-05 09:26 - 2013-07-04 16:26 - 00001874 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-05 09:26 - 2009-07-14 12:51 - 00096992 _____ C:\Windows\setupact.log
2013-08-02 16:43 - 2013-08-02 16:43 - 00430080 _____ C:\Users\xxx_ADMIN\Documents\1-3-9Powerpoint Presentation Template[1].ppt
2013-08-02 16:40 - 2013-08-02 16:30 - 00074752 _____ C:\Users\xxx_ADMIN\Desktop\xxx GMU HQ name card request form-2013.xls
2013-08-01 08:59 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 08:59 - 2009-07-14 12:45 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 08:52 - 2009-07-14 13:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 14:23 - 2013-07-31 14:23 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-31 07:25 - 2013-07-31 07:25 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Local\adawarebp
2013-07-31 07:24 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 11:19 - 2013-07-30 11:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 11:13 - 2013-07-30 11:12 - 00013224 _____ C:\AdwCleaner[S1].txt
2013-07-30 11:06 - 2011-09-06 04:08 - 00000000 ____D C:\swd
2013-07-30 11:05 - 2013-07-30 11:02 - 00109322 _____ C:\Users\xxx_ADMIN\Documents\lotusinstall.log
2013-07-30 11:02 - 2011-09-07 05:31 - 00000000 ____D C:\notes
2013-07-29 17:18 - 2013-07-29 17:18 - 00000000 ____D C:\FRST
2013-07-29 14:07 - 2013-07-29 14:07 - 00001188 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-29 11:12 - 2013-07-29 11:12 - 00000000 _____ C:\Users\xxx_ADMIN\defogger_reenable
2013-07-29 11:12 - 2010-06-29 12:27 - 00000000 ____D C:\Users\xxx_ADMIN
2013-07-24 20:56 - 2013-07-24 20:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 22:53 - 2013-07-21 22:52 - 00705304 _____ C:\Windows\Minidump\072113-29218-01.dmp
2013-07-21 22:52 - 2012-03-06 21:41 - 622908564 _____ C:\Windows\MEMORY.DMP
2013-07-21 22:52 - 2010-07-15 00:01 - 00000000 ____D C:\Windows\Minidump
2013-07-18 10:52 - 2013-07-18 10:52 - 01910424 _____ (Fitbit Inc.) C:\Users\xxx_ADMIN\Downloads\FitbitConnect_Win_20130226_1.0.0.2578.exe
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-07-18 10:52 - 2013-07-18 10:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-07-18 09:39 - 2009-07-14 12:45 - 00395232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 23:07 - 2009-07-14 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 23:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 22:27 - 2011-12-19 19:05 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\PrimoPDF
2013-07-17 22:25 - 2012-09-04 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 20:35 - 2013-07-10 20:33 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\COMPUTERBILD-Abzockschutz
2013-07-10 12:09 - 2013-07-10 12:09 - 00011387 _____ C:\Users\xxx_ADMIN\Desktop\Reisekosten.xlsx
2013-07-10 07:45 - 2013-07-04 10:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-09 18:06 - 2013-07-05 11:01 - 00094264 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-07-09 13:20 - 2013-07-05 11:56 - 00000000 ____D C:\Users\xxx_ADMIN\Documents\1 GTS Channel Management
2013-07-09 12:23 - 2013-07-09 11:46 - 46604616 _____ (Apple Inc.) C:\Users\xxx_ADMIN\Downloads\iCloudSetup.exe
2013-07-09 12:01 - 2013-07-05 08:56 - 00094264 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-07-09 11:47 - 2010-07-14 07:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-09 11:46 - 2010-07-14 07:58 - 00000000 ____D C:\Program Files (x86)\xxx
2013-07-06 19:18 - 2013-07-05 08:54 - 00000000 ____D C:\Users\xxx_ADMIN\AppData\Roaming\DivX

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 10:11

==================== End Of Log ============================

--- --- ---

--- --- ---

Und keine Probleme mehr

Alles gut soweit.

schrauber · 05.08.2013, 19:31

Da is noch bissl mehr zum Updaten

. mach das alles mal.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Greta21 · 06.08.2013, 09:10

Lieber Schrauber!

Vielen Dank fur die tolle Unterstuetztung in der vergangenen Woche und auch die Tipps fuer die Zukunft. Ein paar Sachen hatte ich schon im Kopf - aber danke auch nochmal fuer die Tool Tips.

Ich hoffe ich werde Deine Hilfe in Zukunft nicht mehr benoetigen

Dann habe ich alles richtig gemacht. ;D

LG aus China
(ps. aber die nervige engine habe ich mir glaube ich auf download.com eingefangen.. grr....)

P.S. Malware hat doch gleich nochmal ein paar Objekte gefunden.

schrauber · 06.08.2013, 16:36

Zeig mal was gefunden wurde

31.07.2013, 09:54	#10
schrauber /// the machine /// TB-Ausbilder	Search conduit aus Firefox entfernen? ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.08.2013, 16:36	#14
schrauber /// the machine /// TB-Ausbilder	Search conduit aus Firefox entfernen? Zeig mal was gefunden wurde __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Search conduit aus Firefox entfernen?

Plagegeister aller Art und deren Bekämpfung: Search conduit aus Firefox entfernen?