Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Scan ergibt PUP.Optional.PricePeep.A und Malware.Trace befall (https://www.trojaner-board.de/155304-scan-ergibt-pup-optional-pricepeep-a-malware-trace-befall.html)

Burningshad 16.06.2014 11:51
Scan ergibt PUP.Optional.PricePeep.A und Malware.Trace befall
 
Hallo Trojaner Board Team,

da ich mir heute einen neuen PGP Schlüssel einrichten wollte, wollte ich zunächst ausschließen dass sich auf meinem Rechner ein Key-Logger oder andere Eckelheimer verstecken.

Ein Scan mit Malwarebytes hat dabei folgendes ergeben:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16.06.2014
Scan Time: 11:13:50
Logfile: Maleware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.16.02
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: C5136164

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 540045
Time Elapsed: 32 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.PricePeep.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, , [061c5821daa14ee8e5ea690c1ce6857b],
PUP.Optional.PricePeep.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, , [061c5821daa14ee8e5ea690c1ce6857b],
PUP.Optional.PricePeep.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, , [f42e1069631878be13c20aba986aa15f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2563777637-2523973292-974082842-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [7aa8f5846b10043297c847a57c8754ac],

Registry Values: 10
Malware.Trace, HKU\S-1-5-21-2563777637-2523973292-974082842-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [e2407306b1cad3632dcbbe73c83bdd23]
Malware.Trace, HKU\S-1-5-21-2563777637-2523973292-974082842-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [8e94da9f6e0d35017a7e3af74bb8d729]
Malware.Trace, HKU\S-1-5-21-2563777637-2523973292-974082842-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [74ae07724536092d6593250c3ac97a86]
Malware.Trace, HKU\S-1-5-21-42933632-2124368392-1501187911-1398592-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [68ba43363d3e8da9d82050e132d1659b]
Malware.Trace, HKU\S-1-5-21-42933632-2124368392-1501187911-152748-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [8a9830491863b97d03f55dd46e9504fc]
Malware.Trace, HKU\S-1-5-21-74642-3284969411-2123768488-129672-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [a28086f3e99239fde51340f16f942ad6]
Malware.Trace, HKU\S-1-5-21-74642-3284969411-2123768488-155029-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [b0727aff97e432043cbcf14009fa3ac6]
Malware.Trace, HKU\S-1-5-21-74642-3284969411-2123768488-157177-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [44de4534c8b385b1fff978b9fd063ec2]
Malware.Trace, HKU\S-1-5-21-74642-3284969411-2123768488-439000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [7fa398e157241b1b08f0cd6404ff3bc5]
Malware.Trace, HKU\S-1-5-21-74642-3284969411-2123768488-4731-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [180a97e2a5d659dd76823cf5fb08ce32]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Anschließend habe ich noch AdwCleaner laufen lassen:
Code:
# AdwCleaner v3.212 - Report created 16/06/2014 at 12:17:02
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : C5136164 - WDFN00304443A
# Running from : C:\Users\C5136164\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\C5136164\AppData\Local\Temp\OCS

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B90F32AD-859E-4EDD-BFAE-C9216849520C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C08AB035-3820-4FA7-9420-B0259A4DA2B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAADF07B-7D06-4AF4-B3CA-6144830077EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\OCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9919 octets] - [24/12/2013 16:35:34]
AdwCleaner[R1].txt - [1007 octets] - [24/12/2013 16:45:30]
AdwCleaner[R2].txt - [1126 octets] - [24/12/2013 16:52:00]
AdwCleaner[R3].txt - [1844 octets] - [16/06/2014 12:10:46]
AdwCleaner[R4].txt - [1904 octets] - [16/06/2014 12:14:28]
AdwCleaner[S0].txt - [7379 octets] - [24/12/2013 16:37:15]
AdwCleaner[S1].txt - [1068 octets] - [24/12/2013 16:46:52]
AdwCleaner[S2].txt - [1188 octets] - [24/12/2013 16:53:33]
AdwCleaner[S3].txt - [1806 octets] - [16/06/2014 12:17:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1866 octets] ##########
Könnt ihr mir sagen was genau ich mir da eingefangen habe und wie ich es sicher/sauber wieder von meinem System entferne?

Danke

schrauber 16.06.2014 12:09
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Burningshad 16.06.2014 13:47
Hi,

danke für die schnelle Antwort!

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by C5136164 (administrator) on WDFN00304443A on 16-06-2014 14:18:53
Running from C:\Users\C5136164\Downloads
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5CredMgrSrv.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
() C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(1E) C:\Program Files\1E\Agent\NightWatchman\NwmSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(1E) C:\Program Files\1E\Agent\WakeUp\WakeUpAgt.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformHost.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobilityService.exe
(1E) C:\Program Files\1E\Agent\NightWatchman\NwmCli.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(iPass, Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobility.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Dropbox, Inc.) C:\Users\C5136164\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe
(WebToGo Mobiles Internet GmbH) C:\Program Files (x86)\XSManager\XSManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(The TeXnicCenter Team) C:\Program Files\TeXnicCenter\TeXnicCenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtITunesPlugIn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(PortableApps.com) E:\ThunderbirdPortable\ThunderbirdPortable.exe
(Mozilla Corporation) E:\ThunderbirdPortable\App\Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239328 2013-12-18] (McAfee, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2907448 2013-12-20] (Synaptics Incorporated)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1171088 2013-10-06] (Highresolution Enterprises)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117160 2013-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [starter4g] => C:\WINDOWS\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoftGridTray] => C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe [854760 2012-09-03] (Microsoft Corporation)
HKLM-x32\...\Run: [ACSW17DE] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe [300832 2013-08-02] (Autonomy Corporation plc)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DcaTray] => C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2012-08-27] (Microsoft Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe",
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 65536
HKLM\...\Policies\Explorer: [NoViewOnDrive] 65536
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\C5136164\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Policies\system: [HideLegacyLogonScripts] 1
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Policies\Explorer: [DisallowCPL] 1
AppInit_DLLs: PGPmapih.dll => C:\WINDOWS\system32\PGPmapih.dll [80608 2013-05-23] (Symantec Corporation)
AppInit_DLLs-x32: PGPmapih.dll => C:\WINDOWS\SysWOW64\PGPmapih.dll [52280 2013-05-23] (Symantec Corporation)
AppInit_DLLs-x32: , C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Global Corporate Access.lnk
ShortcutTarget: Global Corporate Access.lnk -> C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobility.exe (iPass, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk
ShortcutTarget: PGP Tray.lnk -> C:\Windows\Installer\{E9659F65-B92B-4884-B852-EEF492E1DA2F}\Icon6560581611.exe ()
Startup: C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\C5136164\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBF0525FBAA45CA01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140429164720.dll (McAfee, Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citrix URL-Redirection Helper - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll (Tracker Software Products (Canada) Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140429164722.dll (McAfee, Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll (Tracker Software Products (Canada) Ltd.)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://c:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} file://c:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: HKLM-x32 {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {49EC7987-E331-44E3-B170-748B58A268B9} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\WINDOWS\TEMP\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {7584c670-2274-4efb-b00b-d6aaba6d3850} file://c:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://c:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {8F6AFB67-F834-4227-94A7-A51377E0678E} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: HKLM-x32 {B8693DEF-98AC-43FC-AA00-E7D728334C80} file://c:/Program Files (x86)/F5 VPN/F5_TMP/ur5250x.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://c:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\WINDOWS\TEMP\f5tmp\f5syschk.cab
DPF: HKLM-x32 {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} file://c:/Program Files (x86)/F5 VPN/F5_TMP/urvncx.cab
DPF: HKLM-x32 {EBDC91CB-F23F-477D-B152-3F7243760D04} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{FAA2983A-04A7-4639-A08D-2A07A0416D35}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default
FF NetworkProxy: "backup.ftp", "proxy"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "proxy"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "proxy"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "proxy"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: German Dictionary - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: WOT - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2013-12-24]
FF Extension: Adblock Plus - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-07-09]

==================== Services (Whitelisted) =================

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [6789408 2013-08-02] (Autonomy Corporation plc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
R2 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2012-10-29] (Lenovo.)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [611152 2013-12-18] (McAfee, Inc.)
R2 F5 Networks Component Installer; c:\WINDOWS\SysWOW64\F5InstallerService.exe [379312 2013-12-20] (F5 Networks, Inc.) [File not signed]
R2 F5CredMgrSrv; c:\WINDOWS\SysWOW64\F5CredMgrSrv.exe [213624 2013-12-20] (F5 Networks, Inc.)
R2 F5FltSrv; c:\WINDOWS\SysWOW64\F5FltSrv.exe [282272 2012-11-09] (F5 Networks, Inc.)
R2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832 2013-12-18] (McAfee, Inc.)
R2 hpDiscAgent; c:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [997176 2013-11-24] ()
R3 iMobilityService; C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobilityService.exe [30720 2012-10-24] (iPass Inc.) [File not signed]
R2 iPlatformService; C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformService.exe [22528 2012-10-24] (iPass Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2012-10-29] (Lenovo Group Limited)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-04-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-04-29] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NightWatchman; C:\Program Files\1E\Agent\NightWatchman\NwmSvc.exe [1308992 2013-06-25] (1E)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation)
R2 WakeUpAgt; C:\Program Files\1E\Agent\WakeUp\WakeUpAgt.exe [679216 2013-06-25] (1E)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\WINDOWS\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2013-01-15] (Mobile Connector)
S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [30328 2012-11-09] (F5 Networks, Inc.)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [18552 2012-06-13] (F5 Networks, Inc.)
R3 FireNfcp; C:\Windows\system32\drivers\FireNfcp.sys [53728 2014-06-06] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [200616 2013-12-18] (McAfee, Inc.)
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-04-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-04-29] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [520056 2013-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-04-29] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [78960 2013-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-04-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-04-29] (McAfee, Inc.)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [274320 2013-05-23] (Symantec Corporation)
R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [182632 2013-05-23] (Symantec Corporation)
R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [52328 2013-05-23] (Symantec Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [379344 2013-05-23] (Symantec Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [16320 2013-05-23] (Symantec Corporation)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2012-10-29] (Research In Motion Limited)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [766696 2012-09-04] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [272616 2012-09-04] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [26344 2012-09-04] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22760 2012-09-04] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2013-12-20] (Synaptics Incorporated)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [44024 2012-06-13] (F5 Networks, Inc.)
S3 Firehk; system32\DRIVERS\firehk.sys [X]
S3 FirehkMP; system32\DRIVERS\firehk.sys [X]
U4 MDM;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 14:18 - 2014-06-16 14:20 - 00038482 _____ () C:\Users\C5136164\Downloads\FRST.txt
2014-06-16 14:18 - 2014-06-16 14:19 - 00000000 ____D () C:\FRST
2014-06-16 14:17 - 2014-06-16 14:17 - 02081280 _____ (Farbar) C:\Users\C5136164\Downloads\FRST64.exe
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Thunderbird
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Thunderbird
2014-06-16 12:30 - 2014-06-16 12:30 - 00001946 _____ () C:\Users\C5136164\Desktop\AdwCleaner[S3].txt
2014-06-16 12:22 - 2014-06-16 12:22 - 00000022 _____ () C:\WINDOWS\S.dirmngr
2014-06-16 12:09 - 2014-06-16 12:10 - 01333465 _____ () C:\Users\C5136164\Downloads\adwcleaner_3.212.exe
2014-06-16 11:50 - 2014-06-16 11:50 - 00004326 _____ () C:\Users\C5136164\Desktop\Maleware.txt
2014-06-16 11:12 - 2014-06-16 13:31 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 11:12 - 2014-06-16 11:12 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 11:12 - 2014-06-16 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-16 11:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-16 11:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-16 11:10 - 2014-06-16 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\C5136164\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 12:02 - 2014-06-14 12:02 - 00112891 _____ () C:\Users\C5136164\oPenGP.asc
2014-06-13 23:14 - 2014-06-13 23:14 - 00011671 _____ () C:\Users\C5136164\AppData\Local\recently-used.xbel
2014-06-13 20:22 - 2014-06-13 20:22 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\.kde
2014-06-13 15:47 - 2014-06-13 15:47 - 00000055 _____ () C:\Users\C5136164\.gtk-bookmarks
2014-06-13 03:05 - 2014-06-13 03:05 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:59 - 2014-06-13 23:14 - 00000000 ____D () C:\Users\C5136164\AppData\Local\gtk-2.0
2014-06-13 02:48 - 2014-06-13 02:48 - 00000000 ____D () C:\Users\C5136164\AppData\Local\GNU
2014-06-13 02:34 - 2014-06-13 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:33 - 2014-06-16 13:25 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\gnupg
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\ProgramData\GNU
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-06-13 02:32 - 2014-06-13 02:33 - 29689992 _____ (g10 Code GmbH) C:\Users\C5136164\Downloads\gpg4win-2.2.1.exe
2014-06-12 22:14 - 2014-06-14 19:18 - 00000000 ____D () C:\Users\C5136164\Desktop\ThunderbirdPortable
2014-06-12 20:28 - 2014-06-12 20:29 - 00961360 _____ (Chip Digital GmbH) C:\Users\C5136164\Downloads\Thunderbird Portable - CHIP-Installer.exe
2014-06-07 14:09 - 2014-06-16 12:27 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\DropboxMaster
2014-05-30 18:40 - 2013-10-31 01:22 - 00420008 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-05-30 18:40 - 2013-10-31 01:02 - 00420008 _____ () C:\WINDOWS\system32\locale.nls

==================== One Month Modified Files and Folders =======

2014-06-16 14:20 - 2014-06-16 14:18 - 00038482 _____ () C:\Users\C5136164\Downloads\FRST.txt
2014-06-16 14:20 - 2013-01-14 12:01 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Temp
2014-06-16 14:19 - 2014-06-16 14:18 - 00000000 ____D () C:\FRST
2014-06-16 14:17 - 2014-06-16 14:17 - 02081280 _____ (Farbar) C:\Users\C5136164\Downloads\FRST64.exe
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Thunderbird
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Thunderbird
2014-06-16 14:09 - 2012-10-29 11:02 - 00009704 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-06-16 14:08 - 2013-01-21 11:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-16 14:05 - 2012-10-29 11:03 - 01108192 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-16 13:31 - 2014-06-16 11:12 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 13:25 - 2014-06-13 02:33 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\gnupg
2014-06-16 12:36 - 2009-07-14 06:45 - 00019104 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 12:36 - 2009-07-14 06:45 - 00019104 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 12:34 - 2013-12-16 13:50 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-06-16 12:30 - 2014-06-16 12:30 - 00001946 _____ () C:\Users\C5136164\Desktop\AdwCleaner[S3].txt
2014-06-16 12:28 - 2013-10-05 18:31 - 00000000 ___RD () C:\Users\C5136164\Dropbox
2014-06-16 12:28 - 2013-10-05 18:26 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Dropbox
2014-06-16 12:27 - 2014-06-07 14:09 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\DropboxMaster
2014-06-16 12:26 - 2011-07-09 13:38 - 00000569 _____ () C:\WINDOWS\SMSCFG.INI
2014-06-16 12:25 - 2013-07-26 19:51 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Skype
2014-06-16 12:25 - 2013-01-14 12:03 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Deployment
2014-06-16 12:22 - 2014-06-16 12:22 - 00000022 _____ () C:\WINDOWS\S.dirmngr
2014-06-16 12:22 - 2010-11-21 05:47 - 00255360 _____ () C:\WINDOWS\PFRO.log
2014-06-16 12:22 - 2009-07-14 07:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-16 12:22 - 2009-07-14 06:51 - 00050794 _____ () C:\WINDOWS\setupact.log
2014-06-16 12:17 - 2013-12-24 16:34 - 00000000 ____D () C:\AdwCleaner
2014-06-16 12:16 - 2013-01-14 12:02 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\SoftGrid Client
2014-06-16 12:12 - 2014-03-12 13:53 - 08396025 _____ () C:\Users\C5136164\Downloads\dict-de_de-frami_2013-12-06.oxt
2014-06-16 12:10 - 2014-06-16 12:09 - 01333465 _____ () C:\Users\C5136164\Downloads\adwcleaner_3.212.exe
2014-06-16 11:50 - 2014-06-16 11:50 - 00004326 _____ () C:\Users\C5136164\Desktop\Maleware.txt
2014-06-16 11:31 - 2013-03-23 13:56 - 00000000 ____D () C:\Quarantine
2014-06-16 11:12 - 2014-06-16 11:12 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 11:12 - 2014-06-16 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:10 - 2014-06-16 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\C5136164\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 01:48 - 2009-07-14 04:34 - 00530565 _____ () C:\WINDOWS\system32\Drivers\etc\services
2014-06-16 01:30 - 2013-12-20 20:13 - 00000000 ___DC () C:\WINDOWS\ccmcache
2014-06-15 22:00 - 2012-10-29 11:49 - 00418316 _____ () C:\WINDOWS\sapmsg.ini
2014-06-15 11:28 - 2012-10-29 11:49 - 00530565 _____ () C:\WINDOWS\system32\Drivers\etc\services.sav
2014-06-14 19:18 - 2014-06-12 22:14 - 00000000 ____D () C:\Users\C5136164\Desktop\ThunderbirdPortable
2014-06-14 19:12 - 2009-07-14 07:13 - 00785992 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-14 12:02 - 2014-06-14 12:02 - 00112891 _____ () C:\Users\C5136164\oPenGP.asc
2014-06-14 12:02 - 2013-01-14 12:01 - 00000000 ____D () C:\Users\C5136164
2014-06-13 23:14 - 2014-06-13 23:14 - 00011671 _____ () C:\Users\C5136164\AppData\Local\recently-used.xbel
2014-06-13 23:14 - 2014-06-13 02:59 - 00000000 ____D () C:\Users\C5136164\AppData\Local\gtk-2.0
2014-06-13 20:22 - 2014-06-13 20:22 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\.kde
2014-06-13 16:52 - 2013-01-28 21:37 - 00000600 _____ () C:\Users\C5136164\AppData\Local\PUTTY.RND
2014-06-13 15:47 - 2014-06-13 15:47 - 00000055 _____ () C:\Users\C5136164\.gtk-bookmarks
2014-06-13 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-13 03:05 - 2014-06-13 03:05 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:48 - 2014-06-13 02:48 - 00000000 ____D () C:\Users\C5136164\AppData\Local\GNU
2014-06-13 02:43 - 2013-01-14 12:48 - 00000000 ____D () C:\Users\C5136164\AppData\Local\TSVNCache
2014-06-13 02:34 - 2014-06-13 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\ProgramData\GNU
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-06-13 02:33 - 2014-06-13 02:32 - 29689992 _____ (g10 Code GmbH) C:\Users\C5136164\Downloads\gpg4win-2.2.1.exe
2014-06-12 20:32 - 2013-06-13 17:04 - 00000000 ____D () C:\Users\C5136164\Tracing
2014-06-12 20:29 - 2014-06-12 20:28 - 00961360 _____ (Chip Digital GmbH) C:\Users\C5136164\Downloads\Thunderbird Portable - CHIP-Installer.exe
2014-06-10 13:11 - 2012-10-29 12:18 - 00172116 __RSH () C:\ProgramData\ntuser.pol
2014-06-07 14:09 - 2013-01-14 12:02 - 00000000 ___RD () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-07 14:08 - 2013-10-05 18:29 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-07 14:08 - 2013-01-14 12:02 - 00044336 __RSH () C:\Users\C5136164\ntuser.pol
2014-06-07 14:07 - 2013-07-26 19:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 14:07 - 2013-07-26 19:51 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 13:57 - 2013-12-20 15:40 - 00000000 ____D () C:\Users\PGP_OSD_Image
2014-06-07 13:56 - 2013-01-14 12:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-06 17:34 - 2013-01-14 12:48 - 00000000 ____D () C:\Users\C5136164\Documents\PhD
2014-06-06 02:08 - 2014-05-16 10:48 - 00053728 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\FireNfcp.sys
2014-06-01 15:43 - 2011-07-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-30 18:59 - 2011-07-09 14:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-30 18:59 - 2009-07-14 04:34 - 00000478 _____ () C:\WINDOWS\win.ini
2014-05-27 13:16 - 2012-10-29 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2014-05-27 13:16 - 2012-10-29 12:17 - 00000000 ____D () C:\Program Files\Microsoft Lync
2014-05-27 13:16 - 2012-10-29 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Lync
2014-05-27 13:06 - 2014-03-06 16:18 - 00000000 ____D () C:\PhilippG
2014-05-19 02:36 - 2013-02-09 16:41 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\vlc


Some content of TEMP:
====================
C:\Users\C5136164\AppData\Local\Temp\22E5.tmpcrt.dll
C:\Users\C5136164\AppData\Local\Temp\2CD5.tmpcrt.dll
C:\Users\C5136164\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthjdtm.dll
C:\Users\C5136164\AppData\Local\Temp\i4jdel0.exe
C:\Users\C5136164\AppData\Local\Temp\npp.6.5.Installer.exe
C:\Users\C5136164\AppData\Local\Temp\preflight_DADeselected_acknowledge.exe
C:\Users\C5136164\AppData\Local\Temp\preflight_SUP_acknowledge.exe
C:\Users\C5136164\AppData\Local\Temp\preflight_TLMFAIL_acknowledge.exe
C:\Users\C5136164\AppData\Local\Temp\Tsu4AFBF24C.dll
C:\Users\C5136164\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\C5136164\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\C5136164\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\C5136164\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:25

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by C5136164 at 2014-06-16 14:20:49
Running from C:\Users\C5136164\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

1E Agent (HKLM\...\{1E80CADB-6DEF-4D4C-BEF6-BE25A9353521}) (Version: 6.5.0 - 1E)
1E Web WakeUp ActiveX (HKLM-x32\...\{4D2B5D70-CD48-42F0-AF4E-5580A0875A9C}) (Version: 1.7.0 - 1E)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.0.42 - ACD Systems International Inc.)
ACDSee 5.0 Standard Trial (HKLM-x32\...\{A4C7096C-DB17-4B31-BBDB-E805513AA637}) (Version: 5.0.1 - ACD Systems Ltd)
Adobe Acrobat Connect 8 Add-in (HKLM-x32\...\{CC302586-0A21-4AE8-AF96-F5F7B2DC63A6}) (Version: 9.4.96.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\{B01EA176-C775-4490-B4CC-938A4B3EF5A3}) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle Chronicler (HKLM-x32\...\{E31C4368-2353-41C8-A778-31D8CB5824A1}) (Version: 1.2.3 - Battle Chronicler)
bccomps (HKLM-x32\...\{9744F1F4-2D8E-43B7-8D9D-63A593867A92}) (Version: 1.6.0 - Battle Chronicler)
BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 70.2012.1109.1405 - F5 Networks, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2012.1109.1410 - F5 Networks, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
CDisplayEx 1.9.16 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Charles 3.7 (HKLM\...\{2B2D8DD3-E7CF-4C2E-AF95-4CBA441F66C2}) (Version: 3.7.0.0 - XK72 Ltd)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (PNA) (x32 Version: 12.0.3.6 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver (USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.6.2.7 - Autonomy Corporation plc)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Global Corporate Access (HKLM-x32\...\{FF4714F2-76A6-49E8-AF8F-035A14B16CC9}) (Version: 2.3.0.13270 - iPass)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
HP Universal Discovery Agent (x86) (HKLM-x32\...\{B7643B11-A60E-4A33-A465-263FEB32113A}) (Version: 10.10.000.329 - Hewlett-Packard Development Company, L.P.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2769 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)
McAfee GTI Proxy Agent (HKLM-x32\...\{01490E21-3536-4627-BC1E-4871D01B309B}) (Version: 2.0.0.705 - McAfee, Inc.)
McAfee Host Intrusion Prevention (HKLM\...\{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst) (Version: 8.00.0402 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0402 - McAfee, Inc.) Hidden
Mcafee VSE 8.8 (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Application Virtualization Desktop Client (HKLM\...\{5D80483C-D297-4E04-9EDF-DD58521E9565}) (Version: 4.6.2.24020 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{342C9BB8-65A0-46DE-AB7A-8031E151AF69}) (Version: 4.6.1.30111 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{5D80483C-D297-4E04-9EDF-DD58521E9565}) (Version: 4.6.2.24020 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{E569E45F-7BA6-4C7F-B6BA-3FFCBE92FC22}) (Version: 4.6.0.1523 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4409 - Microsoft Corporation)
Microsoft MSCAL Library 12.0 (HKLM-x32\...\{25A0F73E-7D2F-4481-99AF-8031C817EF74}) (Version: 12.0.6413.1000 - Microsoft)
Microsoft Office 2010 Deployment Kit for App-V (HKLM\...\{90140000-0073-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Japanese) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Japanese) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Korean) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Korean) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Bulgarian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Croatian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Estonian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Finnish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Greek) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Gujarati) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Hindi) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Hungarian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Japanese) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Kannada) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Kazakh) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Korean) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Latvian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Lithuanian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Marathi) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Norwegian (Bokmål)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Norwegian (Nynorsk)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Portugal)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Punjabi) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Romanian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Serbian (Latin)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Tamil) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Telugu) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Thai) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Turkish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Urdu) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Kit 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools Kit Compilation 2010 (HKLM-x32\...\Office14.PROOFKIT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office ProofMUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\{7CD48E86-9B73-413D-AFEB-406DFAA13626}) (Version: 5.8.6 - Notepad++ Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.24.00 - )
Online Plug-in (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Open Text Imaging Windows Viewer 9.7.0 (HKLM-x32\...\{7549A4D5-963E-4BFE-BCD6-3EC1233D717A}) (Version: 9.7.0 - OPEN TEXT CORPORATION)
OpenText Email Management Client for MSX 10.3.0 (HKLM-x32\...\{401C5C74-82EB-40A5-A82C-E130731CB4FD}) (Version: 10.3.0.516 - Open Text Corporation)
PDF-XChange 2012 Pro (HKLM\...\{3A4802E5-BB13-4DD4-BD24-B3089F44A2F1}) (Version: 5.0.262.0 - Tracker Software Products (Canada) Ltd.)
Quest VMOVER 8.9.0.11 (HKLM\...\{426A5A29-2F5E-4A06-BAA8-4996D6874C6A}) (Version: 8.9.0.11 - Quest)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
RarLabs WinRar Archiver x64 4.01 (HKLM\...\{47E135E7-12CC-43BF-BAD0-C3D9646555C6}) (Version: 4.01 - Rarlabs)
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{C380F832-0AA6-42C4-BB48-E92C91EE814E}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Symantec Encryption Desktop 10.3.0.9269 (HKLM\...\{E9659F65-B92B-4884-B852-EEF492E1DA2F}) (Version: 10.3.0.9269 - Symantec)
TeXnicCenter Version 2.0 Beta 1 (HKLM\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.59 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.24 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.5.0 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
Visual C++ 2008 Runtime (x64) (x32 Version: 1.0.1 - Highresolution Enterprises) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows 7 Welcome (HKLM-x32\...\{36D5B7DF-0924-4188-B26A-C12B058538C2}) (Version: 2.1.2)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
X-Mouse Button Control 2.6.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.6.2 - Highresolution Enterprises)
XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager)
Zoom 3.2.2 (HKLM-x32\...\{B0B2D9BE-26DA-4887-855F-DC53DBA6CC88}) (Version: 3.2.2 - RotateRight)

==================== Restore Points  =========================

12-05-2014 11:58:48 Windows Update
30-05-2014 16:39:48 Windows Update
30-05-2014 16:43:32 Windows Update
16-06-2014 10:33:41 Removed Java(TM) 6 Update 39 (64-bit)
16-06-2014 10:34:49 Removed Java(TM) 6 Update 39 (64-bit)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-12-19 09:39 - 00000990 ____A C:\WINDOWS\system32\Drivers\etc\hosts
155.56.39.150        connectwdf06 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#


==================== Scheduled Tasks (whitelisted) =============

Task: {17D98C19-EBF5-4A02-B433-DFC015975DAD} - \TubeSaver-15-updater No Task File <==== ATTENTION
Task: {259F2E66-D8EC-4147-8BAF-00829BFBF4AE} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-10-29] (Lenovo Group Limited)
Task: {59F2CA2C-55C1-44C1-81B7-4105ECE9C332} - \TubeSaver-15-enabler No Task File <==== ATTENTION
Task: {7E1034C3-7807-42D8-9042-49ACA36A0AEB} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION
Task: {93ACC96C-D78F-4CCB-93F7-30C388B5F03D} - System32\Tasks\VMOVER => C:\Program Files\Quest\vmover\vmover.bat [2012-08-31] ()
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {A539EB9B-FEF5-4E0D-9B20-04E5E1884858} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {C51DD25B-B592-4316-BE48-EF960441955A} - \TubeSaver-15-firefoxinstaller No Task File <==== ATTENTION
Task: {D7E14ABA-66F8-4E1B-AD06-1FAE53F7114E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D878FA3B-057B-4169-B9DB-DB4F78645355} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION
Task: {DC8C8AE0-CFAC-4F95-84D2-3E7F26E79507} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12] (Adobe Systems Incorporated)
Task: {F7C9FDBD-C24C-47F5-B3DA-AD2E3DBA9AB2} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {FB683D6B-1F30-4CA0-A0E7-5E92B6CF8774} - System32\Tasks\Credmanager => C:\WINDOWS\System32\WindowsPowerShell\v1.0\\powershell.exe [2012-08-21] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-11-24 20:54 - 2013-11-24 20:54 - 00997176 _____ () c:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
2012-12-12 22:37 - 2012-12-12 22:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-10-29 11:32 - 2012-10-29 11:32 - 00044544 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-01-15 10:35 - 2010-04-12 19:03 - 00329168 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2012-10-29 11:19 - 2010-10-26 13:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-10-29 11:28 - 2011-03-11 12:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-18 16:50 - 2010-12-18 16:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2010-12-18 16:50 - 2010-12-18 16:50 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2013-04-17 15:09 - 2013-04-17 15:09 - 00635392 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
2013-08-29 09:31 - 2013-08-29 09:31 - 04065792 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-12-12 21:30 - 2012-12-12 21:30 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-10-24 09:34 - 2012-10-24 09:34 - 00886272 _____ () C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\System.Data.SQLite.dll
2014-06-16 12:24 - 2014-06-16 12:24 - 00043008 _____ () c:\users\c5136164\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthjdtm.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\C5136164\AppData\Roaming\Dropbox\bin\libcef.dll
2013-04-29 12:22 - 2013-04-29 12:22 - 00247747 _____ () C:\Program Files (x86)\GNU\GnuPG\libexpat.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 01974784 _____ () C:\Program Files (x86)\GNU\GnuPG\libkleo.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 03354112 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\libkdecore.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00039936 _____ () C:\Program Files (x86)\GNU\GnuPG\libkdewin.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00038912 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcc_s_sjlj-1.dll
2013-04-17 15:09 - 2013-04-17 15:09 - 00507904 _____ () C:\Program Files (x86)\GNU\GnuPG\libdbus-1.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 04038144 _____ () C:\Program Files (x86)\GNU\GnuPG\libkdeui.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00949248 _____ () C:\Program Files (x86)\GNU\GnuPG\libattica.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00258560 _____ () C:\Program Files (x86)\GNU\GnuPG\libdbusmenu-qt.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00852480 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpgme++.dll
2013-10-07 17:02 - 2013-10-07 17:02 - 00248832 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpgme-11.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00072704 _____ () C:\Program Files (x86)\GNU\GnuPG\libqgpgme.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00294400 _____ () C:\Program Files (x86)\GNU\GnuPG\libkcmutils.dll
2013-08-29 09:31 - 2013-08-29 09:31 - 00604160 _____ () C:\Program Files (x86)\GNU\GnuPG\libkmime.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00376832 ____N () C:\Program Files (x86)\XSManager\WtgCore.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00139264 ____N () C:\Program Files (x86)\XSManager\WtgBluetooth.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00065536 ____N () C:\Program Files (x86)\XSManager\WtgDialup.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00204800 ____N () C:\Program Files (x86)\XSManager\WtgUtil.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00086016 ____N () C:\Program Files (x86)\XSManager\WtgPorts.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00110592 ____N () C:\Program Files (x86)\XSManager\WtgDatabase.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00139264 ____N () C:\Program Files (x86)\XSManager\WtgDetection.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00045056 ____N () C:\Program Files (x86)\XSManager\WtgDriverInstall.dll
2013-01-15 10:35 - 2010-04-12 18:59 - 00024576 ____N () C:\Program Files (x86)\XSManager\WTGDebugs.dll
2013-01-15 10:35 - 2010-04-16 12:35 - 01261224 ____N () C:\Program Files (x86)\XSManager\4GSystems_OneClickAssistantGer.dll
2013-01-15 10:35 - 2009-12-08 12:22 - 00593920 ____N () C:\Program Files (x86)\XSManager\WTGXMLUtil.dll
2013-01-15 10:35 - 2010-04-16 12:35 - 00183976 ____N () C:\Program Files (x86)\XSManager\WTGSMSPCClient.Dll
2013-01-15 10:35 - 2010-04-16 12:35 - 00020136 ____N () C:\Program Files (x86)\XSManager\4GSystems_WTGSMSPCClientGer.dll
2013-01-15 10:35 - 2010-04-12 19:00 - 00024576 ____N () C:\Program Files (x86)\XSManager\WTGDriverInstallX.Dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2012-12-18 21:08 - 2012-12-18 21:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-05-14 12:41 - 2014-05-14 12:41 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-16 14:14 - 2014-06-16 14:14 - 00008704 _____ () C:\Users\C5136164\AppData\Local\Temp\nsw5BE.tmp\newadvsplash.dll
2014-06-16 14:14 - 2014-06-16 14:14 - 00011264 _____ () C:\Users\C5136164\AppData\Local\Temp\nsw5BE.tmp\System.dll
2014-06-16 14:14 - 2014-06-16 14:14 - 00029696 _____ () C:\Users\C5136164\AppData\Local\Temp\nsw5BE.tmp\registry.dll
2014-06-10 10:50 - 2014-06-10 10:50 - 03022960 _____ () E:\ThunderbirdPortable\App\thunderbird\mozjs.dll
2014-06-10 10:50 - 2014-06-10 10:50 - 00158832 _____ () E:\ThunderbirdPortable\App\thunderbird\NSLDAP32V60.dll
2014-06-10 10:50 - 2014-06-10 10:50 - 00023152 _____ () E:\ThunderbirdPortable\App\thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2014 00:27:31 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\C51361640x8007003aThe specified server cannot perform the requested operation.

Error: (06/16/2014 00:23:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/13/2014 05:24:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Faulting module name: libgobject-2.0-0.dll, version: 2.34.3.0, time stamp: 0x5252c9cc
Exception code: 0xc0000005
Fault offset: 0x000257d5
Faulting process id: 0x2a14
Faulting application start time: 0xgpa.exe0
Faulting application path: gpa.exe1
Faulting module path: gpa.exe2
Report Id: gpa.exe3

Error: (06/13/2014 03:53:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Faulting module name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Exception code: 0xc0000005
Fault offset: 0x000316df
Faulting process id: 0x3220
Faulting application start time: 0xgpa.exe0
Faulting application path: gpa.exe1
Faulting module path: gpa.exe2
Report Id: gpa.exe3

Error: (06/13/2014 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Faulting module name: libglib-2.0-0.dll, version: 2.34.3.0, time stamp: 0x5252c9cc
Exception code: 0x40000015
Fault offset: 0x000602d4
Faulting process id: 0x3088
Faulting application start time: 0xgpa.exe0
Faulting application path: gpa.exe1
Faulting module path: gpa.exe2
Report Id: gpa.exe3

Error: (06/13/2014 03:46:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Faulting module name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Exception code: 0xc0000005
Fault offset: 0x000316df
Faulting process id: 0x2b64
Faulting application start time: 0xgpa.exe0
Faulting application path: gpa.exe1
Faulting module path: gpa.exe2
Report Id: gpa.exe3

Error: (06/13/2014 03:38:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Faulting module name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Exception code: 0xc0000005
Fault offset: 0x000316df
Faulting process id: 0x30e8
Faulting application start time: 0xgpa.exe0
Faulting application path: gpa.exe1
Faulting module path: gpa.exe2
Report Id: gpa.exe3

Error: (06/13/2014 03:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Faulting module name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Exception code: 0xc0000005
Fault offset: 0x000316df
Faulting process id: 0x29ac
Faulting application start time: 0xgpa.exe0
Faulting application path: gpa.exe1
Faulting module path: gpa.exe2
Report Id: gpa.exe3

Error: (06/13/2014 02:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Faulting module name: gpa.exe, version: 0.9.4.3302, time stamp: 0x5252cdc8
Exception code: 0xc0000005
Fault offset: 0x000316df
Faulting process id: 0x834
Faulting application start time: 0xgpa.exe0
Faulting application path: gpa.exe1
Faulting module path: gpa.exe2
Report Id: gpa.exe3


System errors:
=============
Error: (06/16/2014 01:46:57 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain GLOBAL due to the following:
%%1722

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/16/2014 00:25:09 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (06/16/2014 00:25:02 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: GLOBAL)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (06/16/2014 00:24:57 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (06/16/2014 00:22:31 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain GLOBAL due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/16/2014 00:18:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/16/2014 11:23:17 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: GLOBAL)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).


Microsoft Office Sessions:
=========================
Error: (06/16/2014 00:27:31 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\C51361640x8007003aThe specified server cannot perform the requested operation.

Error: (06/16/2014 00:23:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/13/2014 05:24:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpa.exe0.9.4.33025252cdc8libgobject-2.0-0.dll2.34.3.05252c9ccc0000005000257d52a1401cf870ef2d4d0d7C:\Program Files (x86)\GNU\GnuPG\gpa.exeC:\Program Files (x86)\GNU\GnuPG\libgobject-2.0-0.dlld50cce42-f30e-11e3-b8af-463500000031

Error: (06/13/2014 03:53:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpa.exe0.9.4.33025252cdc8gpa.exe0.9.4.33025252cdc8c0000005000316df322001cf870e284101eeC:\Program Files (x86)\GNU\GnuPG\gpa.exeC:\Program Files (x86)\GNU\GnuPG\gpa.exe2958bbeb-f302-11e3-b8af-463500000031

Error: (06/13/2014 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpa.exe0.9.4.33025252cdc8libglib-2.0-0.dll2.34.3.05252c9cc40000015000602d4308801cf870df66229feC:\Program Files (x86)\GNU\GnuPG\gpa.exeC:\Program Files (x86)\GNU\GnuPG\libglib-2.0-0.dll5056b6d9-f301-11e3-b8af-463500000031

Error: (06/13/2014 03:46:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpa.exe0.9.4.33025252cdc8gpa.exe0.9.4.33025252cdc8c0000005000316df2b6401cf870cd2d94b51C:\Program Files (x86)\GNU\GnuPG\gpa.exeC:\Program Files (x86)\GNU\GnuPG\gpa.exe2b7604ee-f301-11e3-b8af-463500000031

Error: (06/13/2014 03:38:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpa.exe0.9.4.33025252cdc8gpa.exe0.9.4.33025252cdc8c0000005000316df30e801cf870bd139f382C:\Program Files (x86)\GNU\GnuPG\gpa.exeC:\Program Files (x86)\GNU\GnuPG\gpa.exe04fa6813-f300-11e3-b8af-463500000031

Error: (06/13/2014 03:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpa.exe0.9.4.33025252cdc8gpa.exe0.9.4.33025252cdc8c0000005000316df29ac01cf86ffe28e150dC:\Program Files (x86)\GNU\GnuPG\gpa.exeC:\Program Files (x86)\GNU\GnuPG\gpa.exe0851e360-f2ff-11e3-b8af-463500000031

Error: (06/13/2014 02:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpa.exe0.9.4.33025252cdc8gpa.exe0.9.4.33025252cdc8c0000005000316df83401cf86f5e9cc618fC:\Program Files (x86)\GNU\GnuPG\gpa.exeC:\Program Files (x86)\GNU\GnuPG\gpa.exe1aab43bf-f2f3-11e3-b8af-463500000031


CodeIntegrity Errors:
===================================
  Date: 2012-10-29 11:40:32.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 8079.23 MB
Available physical RAM: 4213.02 MB
Total Pagefile: 16156.66 MB
Available Pagefile: 11758.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:465.76 GB) (Free:184.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:1.92 GB) (Free:1.57 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F7D38178)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 17.06.2014 09:28

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Burningshad 17.06.2014 23:31
Wirklich merkliche Probleme hatte ich bisher nicht. Aber das soll ruhig auch so bleiben ;)
ESET lief unfassbare 12 Stunden :)

Junkware Removal Tool:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by C5136164 on 17.06.2014 at 10:57:30,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_510001_0101_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_510001_0101_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_510001_0101_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_510001_0101_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{52052DF6-619F-4D0A-9976-A893111E279D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52052DF6-619F-4D0A-9976-A893111E279D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\C5136164\AppData\Roaming\mozilla\firefox\profiles\wiftgoih.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2014 at 11:37:22,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=b701cdcd4798e44bb348194a59a27c0f
# engine=18753
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-17 09:56:50
# local_time=2014-06-17 11:56:50 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee VirusScan Enterprise'
# compatibility_mode=5128 16777213 87 100 3642256 108187624 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28468058 154672060 0 0
# scanned=1250616
# found=23
# cleaned=0
# scan_time=43836
sh=554F4F77164B0962DCEE14251424D362F661654E ft=1 fh=c71c0011318a4491 vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PricePeep\pricepeep.dll.vir"
sh=25EFC0339D4AE0225EC5891488ABE13B83B15A92 ft=1 fh=3a4703d38c731a24 vn="möglicherweise Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-bg.exe.vir"
sh=69DD61306D6B5DFD8D385639B20E2DE3F94F63A5 ft=1 fh=c71c001162b8df59 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho.dll.vir"
sh=72ED0A7218A46C65986A10CAD637199C58CD4EDC ft=1 fh=c41c61d165fa4162 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho64.dll.vir"
sh=B3AFB7578C45FB277C317AE350F6CA89137E3778 ft=1 fh=3d74ec295c892f09 vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-buttonutil.exe.vir"
sh=192D529399BB363FF8E112C123750DFAFD0107C6 ft=1 fh=c71c001174bcee28 vn="möglicherweise Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-buttonutil64.dll.vir"
sh=700392452288C1D20E9B7245752B01A2F89CAB35 ft=1 fh=3d74ec29b42c239c vn="möglicherweise Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-buttonutil64.exe.vir"
sh=95678156A83FA59816500F30EC21EF9AD9FA9F14 ft=1 fh=6cf24779b458fa8b vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-chromeinstaller.exe.vir"
sh=5D4CC9D8EBFD1C51E67FE8F7334050E5A7BB1CCA ft=1 fh=b1bbb46b9e8da80f vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-codedownloader.exe.vir"
sh=1304AF6857FF60516E9B237388E8183336365922 ft=1 fh=22f313e847dc3032 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-enabler.exe.vir"
sh=45A24BE8629F7321BEC7B4F47BAB4313983AE528 ft=1 fh=8a23b5724d899aa9 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\TubeSaver-15-updater.exe.vir"
sh=0CA03618E8E08A3C8880267EFE3D0B6402B33C51 ft=1 fh=753f1d5f77cbcc83 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TubeSaver-15\utils.exe.vir"
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\C5136164\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=21C8B384486BD92A09A7E3751F32C2DD2C28BCAF ft=1 fh=ed6b874c90826575 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\C5136164\Downloads\Thunderbird Portable - CHIP-Installer.exe"
sh=DDB1671C5D721BCDBE1F6D2B4B4971FD166DFC82 ft=1 fh=b3d1a20c4710910a vn="Win32/InstalleRex.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\C5136164\Downloads\old\God_Bless_America__2011_.avi.exe"
sh=B5406ABAF22C04B346B765B70CCBE96EBD92BA32 ft=1 fh=726dbab417421b85 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\C5136164\Downloads\old\iLividSetup.exe"
sh=D7EBA06B591DEC862E9C9466D2A3281B8FCE618A ft=1 fh=d53102c8f6e2640d vn="Win32/InstalleRex.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\C5136164\Downloads\old\movreel.exe"
sh=A8691E64E89A5C9ED2DE942606773B647DE6FA4D ft=1 fh=3cd1ab6c4101c7fd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\C5136164\Downloads\old\SoftonicDownloader_for_charles-web-debugging-tool.exe"
sh=487A7532115ABC0EA97ED8B782A5A3A2A726634A ft=0 fh=0000000000000000 vn="möglicherweise Variante von IRC/Cloner.BI Trojaner" ac=I fn="G:\Philipps\Linux-Home\tiny\.wine\drive_c\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\script.ini"
sh=EA831D9104DAE3EAF30AB8F90DBD34EEDC9145A3 ft=0 fh=0000000000000000 vn="IRC/Cloner.BI Trojaner" ac=I fn="G:\Philipps\Linux-Home\tiny\.wine\drive_c\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\a.reg"
sh=E011CB980C237A32DA8ACE17DEC33D098450F068 ft=0 fh=0000000000000000 vn="IRC/Zapchast Trojaner" ac=I fn="G:\Philipps\Linux-Home\tiny\.wine\drive_c\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\mirc.ini"
sh=9F7A20F1F63AAA919166B27755E16CBF284BEBA7 ft=1 fh=e1befb9259c05cd5 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="G:\Philipps\Progz\Installer2\RCplusplus\RCplusplus_Installer.exe"
sh=E461E72C26E2335CEE59186704C5BDAC50FD1200 ft=1 fh=c510ca5fa1685c4e vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="G:\Philipps\Progz\Installer2\RCplusplus\RCplusplus\RCplusplus.exe"
SecurityCheck:
Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by C5136164 (administrator) on WDFN00304443A on 18-06-2014 00:22:05
Running from C:\Users\C5136164\Downloads
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5CredMgrSrv.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
() C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(1E) C:\Program Files\1E\Agent\NightWatchman\NwmSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(1E) C:\Program Files\1E\Agent\WakeUp\WakeUpAgt.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformHost.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobilityService.exe
(1E) C:\Program Files\1E\Agent\NightWatchman\NwmCli.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Dropbox, Inc.) C:\Users\C5136164\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe
(WebToGo Mobiles Internet GmbH) C:\Program Files (x86)\XSManager\XSManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(The TeXnicCenter Team) C:\Program Files\TeXnicCenter\TeXnicCenter.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(PortableApps.com) E:\ThunderbirdPortable\ThunderbirdPortable.exe
(Mozilla Corporation) E:\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Thisisu) C:\Users\C5136164\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239328 2013-12-18] (McAfee, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2907448 2013-12-20] (Synaptics Incorporated)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1171088 2013-10-06] (Highresolution Enterprises)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117160 2013-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [starter4g] => C:\WINDOWS\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoftGridTray] => C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe [854760 2012-09-03] (Microsoft Corporation)
HKLM-x32\...\Run: [ACSW17DE] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe [300832 2013-08-02] (Autonomy Corporation plc)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DcaTray] => C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2012-08-27] (Microsoft Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe",
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 65536
HKLM\...\Policies\Explorer: [NoViewOnDrive] 65536
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\C5136164\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Policies\system: [HideLegacyLogonScripts] 1
HKU\S-1-5-21-74642-3284969411-2123768488-157177\...\Policies\Explorer: [DisallowCPL] 1
AppInit_DLLs: PGPmapih.dll => C:\WINDOWS\system32\PGPmapih.dll [80608 2013-05-23] (Symantec Corporation)
AppInit_DLLs-x32: PGPmapih.dll => C:\WINDOWS\SysWOW64\PGPmapih.dll [52280 2013-05-23] (Symantec Corporation)
AppInit_DLLs-x32: , C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Global Corporate Access.lnk
ShortcutTarget: Global Corporate Access.lnk -> C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobility.exe (iPass, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk
ShortcutTarget: PGP Tray.lnk -> C:\Windows\Installer\{E9659F65-B92B-4884-B852-EEF492E1DA2F}\Icon6560581611.exe ()
Startup: C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\C5136164\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBF0525FBAA45CA01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140429164720.dll (McAfee, Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citrix URL-Redirection Helper - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll (Tracker Software Products (Canada) Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140429164722.dll (McAfee, Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll (Tracker Software Products (Canada) Ltd.)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://c:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} file://c:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: HKLM-x32 {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {49EC7987-E331-44E3-B170-748B58A268B9} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\WINDOWS\TEMP\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {7584c670-2274-4efb-b00b-d6aaba6d3850} file://c:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://c:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {8F6AFB67-F834-4227-94A7-A51377E0678E} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: HKLM-x32 {B8693DEF-98AC-43FC-AA00-E7D728334C80} file://c:/Program Files (x86)/F5 VPN/F5_TMP/ur5250x.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://c:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\WINDOWS\TEMP\f5tmp\f5syschk.cab
DPF: HKLM-x32 {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} file://c:/Program Files (x86)/F5 VPN/F5_TMP/urvncx.cab
DPF: HKLM-x32 {EBDC91CB-F23F-477D-B152-3F7243760D04} file://c:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{FAA2983A-04A7-4639-A08D-2A07A0416D35}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default
FF NetworkProxy: "backup.ftp", "proxy"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "proxy"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "proxy"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "proxy"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: German Dictionary - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: WOT - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2013-12-24]
FF Extension: Adblock Plus - C:\Users\C5136164\AppData\Roaming\Mozilla\Firefox\Profiles\wiftgoih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-07-09]

==================== Services (Whitelisted) =================

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [6789408 2013-08-02] (Autonomy Corporation plc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
R2 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2012-10-29] (Lenovo.)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [611152 2013-12-18] (McAfee, Inc.)
R2 F5 Networks Component Installer; c:\WINDOWS\SysWOW64\F5InstallerService.exe [379312 2013-12-20] (F5 Networks, Inc.) [File not signed]
R2 F5CredMgrSrv; c:\WINDOWS\SysWOW64\F5CredMgrSrv.exe [213624 2013-12-20] (F5 Networks, Inc.)
R2 F5FltSrv; c:\WINDOWS\SysWOW64\F5FltSrv.exe [282272 2012-11-09] (F5 Networks, Inc.)
R2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832 2013-12-18] (McAfee, Inc.)
R2 hpDiscAgent; c:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [997176 2013-11-24] ()
R3 iMobilityService; C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobilityService.exe [30720 2012-10-24] (iPass Inc.) [File not signed]
R2 iPlatformService; C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformService.exe [22528 2012-10-24] (iPass Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2012-10-29] (Lenovo Group Limited)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-04-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-04-29] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NightWatchman; C:\Program Files\1E\Agent\NightWatchman\NwmSvc.exe [1308992 2013-06-25] (1E)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation)
R2 WakeUpAgt; C:\Program Files\1E\Agent\WakeUp\WakeUpAgt.exe [679216 2013-06-25] (1E)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\WINDOWS\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2013-01-15] (Mobile Connector)
S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [30328 2012-11-09] (F5 Networks, Inc.)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [18552 2012-06-13] (F5 Networks, Inc.)
R3 FireNfcp; C:\Windows\system32\drivers\FireNfcp.sys [53728 2014-06-06] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [200616 2013-12-18] (McAfee, Inc.)
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-04-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-04-29] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [520056 2013-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-04-29] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [78960 2013-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-04-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-04-29] (McAfee, Inc.)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [274320 2013-05-23] (Symantec Corporation)
R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [182632 2013-05-23] (Symantec Corporation)
R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [52328 2013-05-23] (Symantec Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [379344 2013-05-23] (Symantec Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [16320 2013-05-23] (Symantec Corporation)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2012-10-29] (Research In Motion Limited)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [766696 2012-09-04] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [272616 2012-09-04] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [26344 2012-09-04] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22760 2012-09-04] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2013-12-20] (Synaptics Incorporated)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [44024 2012-06-13] (F5 Networks, Inc.)
S3 Firehk; system32\DRIVERS\firehk.sys [X]
S3 FirehkMP; system32\DRIVERS\firehk.sys [X]
U4 MDM;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 11:40 - 2014-06-17 11:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 11:37 - 2014-06-17 11:37 - 00001608 _____ () C:\Users\C5136164\Desktop\JRT.txt
2014-06-17 11:03 - 2014-06-17 11:03 - 00854367 _____ () C:\Users\C5136164\Downloads\SecurityCheck.exe
2014-06-17 11:02 - 2014-06-17 11:02 - 02347384 _____ (ESET) C:\Users\C5136164\Downloads\esetsmartinstaller_deu.exe
2014-06-17 10:57 - 2014-06-17 10:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-17 10:46 - 2014-06-17 10:46 - 01016261 _____ (Thisisu) C:\Users\C5136164\Downloads\JRT.exe
2014-06-16 17:11 - 2014-06-16 17:11 - 00242890 _____ () C:\Users\C5136164\Desktop\minPart_maxPart.pptx
2014-06-16 17:11 - 2014-06-16 17:11 - 00000165 ____H () C:\Users\C5136164\Desktop\~$minPart_maxPart.pptx
2014-06-16 14:20 - 2014-06-16 14:29 - 00052177 _____ () C:\Users\C5136164\Downloads\Addition.txt
2014-06-16 14:18 - 2014-06-18 00:22 - 00038384 _____ () C:\Users\C5136164\Downloads\FRST.txt
2014-06-16 14:18 - 2014-06-18 00:22 - 00000000 ____D () C:\FRST
2014-06-16 14:17 - 2014-06-16 14:17 - 02081280 _____ (Farbar) C:\Users\C5136164\Downloads\FRST64.exe
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Thunderbird
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Thunderbird
2014-06-16 12:30 - 2014-06-16 12:30 - 00001946 _____ () C:\Users\C5136164\Desktop\AdwCleaner[S3].txt
2014-06-16 12:22 - 2014-06-16 12:22 - 00000022 _____ () C:\WINDOWS\S.dirmngr
2014-06-16 12:09 - 2014-06-16 12:10 - 01333465 _____ () C:\Users\C5136164\Downloads\adwcleaner_3.212.exe
2014-06-16 11:50 - 2014-06-16 11:50 - 00004326 _____ () C:\Users\C5136164\Desktop\Maleware.txt
2014-06-16 11:12 - 2014-06-17 23:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 11:12 - 2014-06-16 11:12 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 11:12 - 2014-06-16 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-16 11:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-16 11:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-16 11:10 - 2014-06-16 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\C5136164\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 12:02 - 2014-06-14 12:02 - 00112891 _____ () C:\Users\C5136164\oPenGP.asc
2014-06-13 23:14 - 2014-06-13 23:14 - 00011671 _____ () C:\Users\C5136164\AppData\Local\recently-used.xbel
2014-06-13 20:22 - 2014-06-13 20:22 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\.kde
2014-06-13 15:47 - 2014-06-13 15:47 - 00000055 _____ () C:\Users\C5136164\.gtk-bookmarks
2014-06-13 03:05 - 2014-06-13 03:05 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:59 - 2014-06-13 23:14 - 00000000 ____D () C:\Users\C5136164\AppData\Local\gtk-2.0
2014-06-13 02:48 - 2014-06-13 02:48 - 00000000 ____D () C:\Users\C5136164\AppData\Local\GNU
2014-06-13 02:34 - 2014-06-13 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:33 - 2014-06-17 23:25 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\gnupg
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\ProgramData\GNU
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-06-13 02:32 - 2014-06-13 02:33 - 29689992 _____ (g10 Code GmbH) C:\Users\C5136164\Downloads\gpg4win-2.2.1.exe
2014-06-12 22:14 - 2014-06-14 19:18 - 00000000 ____D () C:\Users\C5136164\Desktop\ThunderbirdPortable
2014-06-12 20:28 - 2014-06-12 20:29 - 00961360 _____ (Chip Digital GmbH) C:\Users\C5136164\Downloads\Thunderbird Portable - CHIP-Installer.exe
2014-06-07 14:09 - 2014-06-16 12:27 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\DropboxMaster
2014-06-07 10:34 - 2014-06-07 10:50 - 1315208360 _____ () C:\Users\C5136164\Downloads\game.of.thrones.s04e08.720p._.x264-killers.mkv
2014-05-30 18:40 - 2013-10-31 01:22 - 00420008 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-05-30 18:40 - 2013-10-31 01:02 - 00420008 _____ () C:\WINDOWS\system32\locale.nls
2014-05-24 15:55 - 2014-05-24 16:41 - 1319570502 _____ () C:\Users\C5136164\Downloads\game.of.thrones.s04e07.720p._.x264-killers.mkv

==================== One Month Modified Files and Folders =======

2014-06-18 00:24 - 2014-06-16 14:18 - 00038384 _____ () C:\Users\C5136164\Downloads\FRST.txt
2014-06-18 00:23 - 2013-01-14 12:01 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Temp
2014-06-18 00:22 - 2014-06-16 14:18 - 00000000 ____D () C:\FRST
2014-06-18 00:10 - 2012-10-29 11:03 - 01291804 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-18 00:08 - 2013-01-21 11:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-17 23:25 - 2014-06-13 02:33 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\gnupg
2014-06-17 23:10 - 2014-06-16 11:12 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 22:10 - 2012-10-29 11:02 - 00009704 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-06-17 17:15 - 2013-10-05 18:26 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Dropbox
2014-06-17 11:47 - 2013-03-23 13:56 - 00000000 ____D () C:\Quarantine
2014-06-17 11:41 - 2009-07-14 07:13 - 00785992 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-17 11:40 - 2014-06-17 11:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 11:37 - 2014-06-17 11:37 - 00001608 _____ () C:\Users\C5136164\Desktop\JRT.txt
2014-06-17 11:03 - 2014-06-17 11:03 - 00854367 _____ () C:\Users\C5136164\Downloads\SecurityCheck.exe
2014-06-17 11:02 - 2014-06-17 11:02 - 02347384 _____ (ESET) C:\Users\C5136164\Downloads\esetsmartinstaller_deu.exe
2014-06-17 10:57 - 2014-06-17 10:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-17 10:55 - 2013-01-28 21:37 - 00000600 _____ () C:\Users\C5136164\AppData\Local\PUTTY.RND
2014-06-17 10:46 - 2014-06-17 10:46 - 01016261 _____ (Thisisu) C:\Users\C5136164\Downloads\JRT.exe
2014-06-17 01:30 - 2013-12-20 20:13 - 00000000 ___DC () C:\WINDOWS\ccmcache
2014-06-17 01:30 - 2009-07-14 04:34 - 00530565 _____ () C:\WINDOWS\system32\Drivers\etc\services
2014-06-16 17:11 - 2014-06-16 17:11 - 00242890 _____ () C:\Users\C5136164\Desktop\minPart_maxPart.pptx
2014-06-16 17:11 - 2014-06-16 17:11 - 00000165 ____H () C:\Users\C5136164\Desktop\~$minPart_maxPart.pptx
2014-06-16 17:06 - 2013-01-14 12:03 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Deployment
2014-06-16 16:15 - 2009-07-14 05:20 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-16 14:29 - 2014-06-16 14:20 - 00052177 _____ () C:\Users\C5136164\Downloads\Addition.txt
2014-06-16 14:17 - 2014-06-16 14:17 - 02081280 _____ (Farbar) C:\Users\C5136164\Downloads\FRST64.exe
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Thunderbird
2014-06-16 14:14 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\C5136164\AppData\Local\Thunderbird
2014-06-16 12:36 - 2009-07-14 06:45 - 00019104 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 12:36 - 2009-07-14 06:45 - 00019104 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 12:34 - 2013-12-16 13:50 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-06-16 12:30 - 2014-06-16 12:30 - 00001946 _____ () C:\Users\C5136164\Desktop\AdwCleaner[S3].txt
2014-06-16 12:28 - 2013-10-05 18:31 - 00000000 ___RD () C:\Users\C5136164\Dropbox
2014-06-16 12:27 - 2014-06-07 14:09 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\DropboxMaster
2014-06-16 12:26 - 2011-07-09 13:38 - 00000569 _____ () C:\WINDOWS\SMSCFG.INI
2014-06-16 12:25 - 2013-07-26 19:51 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Skype
2014-06-16 12:22 - 2014-06-16 12:22 - 00000022 _____ () C:\WINDOWS\S.dirmngr
2014-06-16 12:22 - 2010-11-21 05:47 - 00255360 _____ () C:\WINDOWS\PFRO.log
2014-06-16 12:22 - 2009-07-14 07:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-16 12:22 - 2009-07-14 06:51 - 00050794 _____ () C:\WINDOWS\setupact.log
2014-06-16 12:17 - 2013-12-24 16:34 - 00000000 ____D () C:\AdwCleaner
2014-06-16 12:16 - 2013-01-14 12:02 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\SoftGrid Client
2014-06-16 12:12 - 2014-03-12 13:53 - 08396025 _____ () C:\Users\C5136164\Downloads\dict-de_de-frami_2013-12-06.oxt
2014-06-16 12:10 - 2014-06-16 12:09 - 01333465 _____ () C:\Users\C5136164\Downloads\adwcleaner_3.212.exe
2014-06-16 11:50 - 2014-06-16 11:50 - 00004326 _____ () C:\Users\C5136164\Desktop\Maleware.txt
2014-06-16 11:12 - 2014-06-16 11:12 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 11:12 - 2014-06-16 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 11:11 - 2014-06-16 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:10 - 2014-06-16 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\C5136164\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 01:48 - 2012-10-29 11:49 - 00530565 _____ () C:\WINDOWS\system32\Drivers\etc\services.sav
2014-06-15 22:00 - 2012-10-29 11:49 - 00418316 _____ () C:\WINDOWS\sapmsg.ini
2014-06-14 19:18 - 2014-06-12 22:14 - 00000000 ____D () C:\Users\C5136164\Desktop\ThunderbirdPortable
2014-06-14 12:02 - 2014-06-14 12:02 - 00112891 _____ () C:\Users\C5136164\oPenGP.asc
2014-06-14 12:02 - 2013-01-14 12:01 - 00000000 ____D () C:\Users\C5136164
2014-06-13 23:14 - 2014-06-13 23:14 - 00011671 _____ () C:\Users\C5136164\AppData\Local\recently-used.xbel
2014-06-13 23:14 - 2014-06-13 02:59 - 00000000 ____D () C:\Users\C5136164\AppData\Local\gtk-2.0
2014-06-13 20:22 - 2014-06-13 20:22 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\.kde
2014-06-13 15:47 - 2014-06-13 15:47 - 00000055 _____ () C:\Users\C5136164\.gtk-bookmarks
2014-06-13 03:05 - 2014-06-13 03:05 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:48 - 2014-06-13 02:48 - 00000000 ____D () C:\Users\C5136164\AppData\Local\GNU
2014-06-13 02:43 - 2013-01-14 12:48 - 00000000 ____D () C:\Users\C5136164\AppData\Local\TSVNCache
2014-06-13 02:34 - 2014-06-13 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\ProgramData\GNU
2014-06-13 02:33 - 2014-06-13 02:33 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-06-13 02:33 - 2014-06-13 02:32 - 29689992 _____ (g10 Code GmbH) C:\Users\C5136164\Downloads\gpg4win-2.2.1.exe
2014-06-12 20:32 - 2013-06-13 17:04 - 00000000 ____D () C:\Users\C5136164\Tracing
2014-06-12 20:29 - 2014-06-12 20:28 - 00961360 _____ (Chip Digital GmbH) C:\Users\C5136164\Downloads\Thunderbird Portable - CHIP-Installer.exe
2014-06-10 13:11 - 2012-10-29 12:18 - 00172116 __RSH () C:\ProgramData\ntuser.pol
2014-06-07 14:09 - 2013-01-14 12:02 - 00000000 ___RD () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-07 14:08 - 2013-10-05 18:29 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-07 14:08 - 2013-01-14 12:02 - 00044336 __RSH () C:\Users\C5136164\ntuser.pol
2014-06-07 14:07 - 2013-07-26 19:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 14:07 - 2013-07-26 19:51 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 13:57 - 2013-12-20 15:40 - 00000000 ____D () C:\Users\PGP_OSD_Image
2014-06-07 13:56 - 2013-01-14 12:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-07 10:50 - 2014-06-07 10:34 - 1315208360 _____ () C:\Users\C5136164\Downloads\game.of.thrones.s04e08.720p._.x264-killers.mkv
2014-06-06 17:34 - 2013-01-14 12:48 - 00000000 ____D () C:\Users\C5136164\Documents\PhD
2014-06-06 02:08 - 2014-05-16 10:48 - 00053728 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\FireNfcp.sys
2014-06-01 15:43 - 2011-07-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-30 18:59 - 2011-07-09 14:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-30 18:59 - 2009-07-14 04:34 - 00000478 _____ () C:\WINDOWS\win.ini
2014-05-27 13:16 - 2012-10-29 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2014-05-27 13:16 - 2012-10-29 12:17 - 00000000 ____D () C:\Program Files\Microsoft Lync
2014-05-27 13:16 - 2012-10-29 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Lync
2014-05-27 13:06 - 2014-03-06 16:18 - 00000000 ____D () C:\PhilippG
2014-05-24 16:41 - 2014-05-24 15:55 - 1319570502 _____ () C:\Users\C5136164\Downloads\game.of.thrones.s04e07.720p._.x264-killers.mkv
2014-05-19 10:29 - 2014-05-17 15:12 - 00000162 _____ () C:\Users\C5136164\Downloads\game.of.thrones.s04e03.720p._.x264-killers.mkv
2014-05-19 10:29 - 2014-05-17 15:11 - 00000162 _____ () C:\Users\C5136164\Downloads\game.of.thrones.s04e02.720p._.x264-2hd.mkv
2014-05-19 02:36 - 2013-02-09 16:41 - 00000000 ____D () C:\Users\C5136164\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\C5136164\AppData\Local\Temp\22E5.tmpcrt.dll
C:\Users\C5136164\AppData\Local\Temp\2CD5.tmpcrt.dll
C:\Users\C5136164\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthjdtm.dll
C:\Users\C5136164\AppData\Local\Temp\i4jdel0.exe
C:\Users\C5136164\AppData\Local\Temp\npp.6.5.Installer.exe
C:\Users\C5136164\AppData\Local\Temp\preflight_DADeselected_acknowledge.exe
C:\Users\C5136164\AppData\Local\Temp\preflight_SUP_acknowledge.exe
C:\Users\C5136164\AppData\Local\Temp\preflight_TLMFAIL_acknowledge.exe
C:\Users\C5136164\AppData\Local\Temp\Tsu4AFBF24C.dll
C:\Users\C5136164\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\C5136164\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\C5136164\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\C5136164\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:25

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 18.06.2014 18:05
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Burningshad 19.06.2014 16:49
Danke!

Es freut mich natürlich dass nun alles sauber sein soll, aber ich muss gestehen ich würde doch gerne wissen was sich hinter den Namen "PUP.Optional.PricePeep.A", "Malware.Trace", "Toolbar.CrossRider.V", "IRC/Cloner.BI Trojaner" und "IRC/Zapchast Trojaner" verbrigt, auf die die Scanner angesprungen sind.

Immer hin habe ich nach deiner Anleitung hin nun eine reihe an bunten Programmen installiert, bei denen - wenn es nach mir geht - jedes einzelne statt Viren/Trojaner zu erkennen und unschädlich zu machen ebenso neue hätte einführen können. ;)

schrauber 20.06.2014 18:06
Zitat:
bei denen - wenn es nach mir geht - jedes einzelne statt Viren/Trojaner zu erkennen und unschädlich zu machen ebenso neue hätte einführen können
klar, ich verteile natürlich malware.

Schon mal Google bemüht? PUP ist Potenziell unerwünschtes Programm, fällt also wie alle andern Funde in den Bereich nervige Adware :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131