System Befall, Dropper & Spy & Atraps etc.

decay · 25.06.2013, 13:50

Hallo Zusammen

Seit gestern funktionierten die Verknüpfungen in meiner Taskleiste (Windows 8, 64 Bit) nicht mehr. Die Meldung war irgendwie, dass das File nicht mehr existiert (ist aber alles noch vorhanden im C:\Programme). Als ich dann im Start Menu nach Internet Explorer suchte, merkte ich per Zufall das im "C:\Users\user\Documents\Downloads" Ordner ganz viele Exes lagen mit folgendem Namens Schema: "Software-crack.exe" alles von installierten Programmen wie zB "Internet Explorer-crack.exe". Da wurde mir eigendlich klar, dass ich mir was eingefangen habe. Des weiteren war meine "Libraries" (Eigene Bilder usw) nicht mehr verknüpft im Explorer.

Da ich nicht gerade ein Anfänger bin habe ich selber ein wenig versucht.
1. AntiVir installiert und SystemScann gemacht. (ja ich weiss, das klingt nicht gerade als ob ich ne Ahnung habe

)
2. Trojan Remove laufen gelassen

->
AntiVir hat folgendes gefunden:

Zitat:

Typ: Datei
Quelle: C:\Users\user\AppData\Roaming\Microsoft\ssvagent.exe
Status: Infiziert
Quarantäne-Objekt: 54d12512.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.66
Virendefinitionsdatei: 7.11.86.198
Meldung: TR/MSIL.Crypt.hek.9
Datum/Uhrzeit: 6/25/2013, 13:49

Typ: Datei
Quelle: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2GSPZOJ\jqs[1].exe
Status: Infiziert
Quarantäne-Objekt: 782d1f99.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.66
Virendefinitionsdatei: 7.11.86.198
Meldung: TR/Dropper.Gen
Datum/Uhrzeit: 6/25/2013, 13:49

Typ: Datei
Quelle: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z91V2L2J\System-Cleaner[1]
Status: Infiziert
Quarantäne-Objekt: 4c450abb.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.66
Virendefinitionsdatei: 7.11.86.198
Meldung: TR/ATRAPS.Gen
Datum/Uhrzeit: 6/25/2013, 13:49

Typ: Datei
Quelle: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z91V2L2J\pack200[1]
Status: Infiziert
Quarantäne-Objekt: 1e0a504b.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.66
Virendefinitionsdatei: 7.11.86.198
Meldung: TR/Spy.Gen
Datum/Uhrzeit: 6/25/2013, 13:49

Typ: Datei
Quelle: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TO0DVYE\System-Cleaner2[1]
Status: Infiziert
Quarantäne-Objekt: 3da932af.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.66
Virendefinitionsdatei: 7.11.86.198
Meldung: TR/ATRAPS.Gen
Datum/Uhrzeit: 6/25/2013, 13:49

War aber nicht der erste Scan. Hat schon mal was gefunden. Jedoch habe ich das Log nicht mehr. Sorry. Nun habe ich aber nochmals laufen lassen und wurde nichts mehr gefunden.

Trojan Remove hat ein File "cmiadapter.exe" im AutoStart gefunden und dies entfernt

Zitat:

***** THE SYSTEM HAS BEEN RESTARTED *****
6/25/2013 12:29:36 PM: Trojan Remover has been restarted
C:\Users\user\AppData\Local\Temp\cmiadapter.exe has been deleted (if it existed)
Unable to rename C:\Users\user\AppData\Local\Temp\cmiadapter.exe to C:\Users\user\AppData\Local\Temp\cmiadapter.exe.vir
(C:\Users\user\AppData\Local\Temp\cmiadapter.exe does not appear to exist)
6/25/2013 12:29:36 PM: Trojan Remover closed
************************************************************

Die Frage ist nun, wie kann ich sichergehen, dass mein System komplett befreit ist? Habe irgendwie kein gutes Gefühl.

Viele Dank und Gruss
Dani

schrauber · 25.06.2013, 13:53

Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

decay · 25.06.2013, 13:57

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by user (administrator) on 25-06-2013 14:54:32
Running from C:\Users\user\Downloads
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\SwyxIt!.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\CLMgr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(revosec AG) C:\Program Files (x86)\HSR strongSwan VPN Applet\vpn-monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\XDesProc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-21] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-21] (IDT, Inc.)
HKCU\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-05-02] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_1ABF0AAAE77143D9BEC33D3DB85BACDA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-06-15] (Google Inc.)
HKCU\...\Winlogon: [Shell] C:\Windows\explorer.exe,  [2380944 2012-10-11] (Microsoft Corporation) <==== ATTENTION 
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HSR strongSwan VPN Applet] "C:\Program Files (x86)\HSR strongSwan VPN Applet\vpn-monitor.exe" [53248 2011-07-22] (revosec AG)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1653008 2013-06-17] (Simply Super Software)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKU\administrator\...\Policies\system: [NoDispScrSavPage] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\FocalFilterHelper.lnk
ShortcutTarget: FocalFilterHelper.lnk -> C:\Program Files (x86)\FocalFilter\FocalFilterHelper.exe (Microsoft)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SwyxIt!.lnk
ShortcutTarget: SwyxIt!.lnk -> C:\Program Files (x86)\SwyxIt!\SwyxIt!.exe (Swyx Solutions AG)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn.wksbern.ch/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com   
Tcpip\Parameters: [DhcpNameServer] 192.168.139.60 192.168.139.53

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Quickrr YouTube Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedffnakfddkfhhkccpehhckeldpfdgh\1.1_0
CHR Extension: (Go to IMDb) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipkcplmpmhcmfgkgahliaabodplkjio\1.2.6_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.65_0
CHR Extension: (nCage) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmfljfohghaepamnfokgggaejlmfol\1.0_0
CHR Extension: (Grooveshark) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnlkcnlmlenciieopglodnbpedpejeel\1.0_0
CHR Extension: (Grooveshark Control) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjhlhcmfkkhnikmehakaceciakbppoij\2.4.0_0
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0
CHR Extension: (Google Mail Checker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.612.433.5_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2012-07-26] (Microsoft Corporation)
R2 CrmSqlStartupSvc; C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [26800 2013-03-22] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [134696 2012-01-27] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-27] (DT Soft Ltd)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-11] (Intel Corporation)
R3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1864328 2012-10-04] ()
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-25 14:54 - 2013-06-25 14:54 - 01931854 ____A (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-06-25 14:54 - 2013-06-25 14:54 - 00000000 ____D C:\FRST
2013-06-25 12:48 - 2013-06-25 12:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-06-25 12:46 - 2013-06-25 12:46 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-25 12:46 - 2013-06-25 12:46 - 00002066 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 12:46 - 2013-06-25 12:46 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 12:46 - 2013-06-25 12:46 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 12:46 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 12:46 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 12:46 - 2013-02-26 16:56 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 11:41 - 2013-06-25 11:41 - 00181846 ____A C:\Users\user\Downloads\OTL.Txt
2013-06-25 11:41 - 2013-06-25 11:41 - 00154710 ____A C:\Users\user\Downloads\Extras.Txt
2013-06-25 11:39 - 2013-06-25 11:39 - 00602112 ____A (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2013-06-25 11:38 - 2013-06-25 11:39 - 02218636 ____A C:\Users\user\Downloads\tdsskiller.zip
2013-06-25 11:25 - 2013-06-25 11:31 - 00000000 ____D C:\Users\user\Doctor Web
2013-06-25 11:24 - 2013-06-25 11:25 - 122590576 ____A C:\Users\user\Downloads\6u7v3wte.exe
2013-06-25 11:23 - 2013-06-25 11:24 - 207636488 ____A (Doctor Web, Ltd.) C:\Users\user\Downloads\drweb-700-win-space-201302071602.exe
2013-06-25 11:15 - 2013-06-25 11:16 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_PersonalSettingsDeployer_5_1_0_0
2013-06-25 11:15 - 2013-06-25 11:15 - 00013190 ____A C:\Users\user\Downloads\CrmTranslations_PersonalSettingsDeployer_5_1_0_0.zip
2013-06-25 10:11 - 2013-06-25 10:11 - 00001344 ____A C:\Windows\IE10_main.log
2013-06-25 10:10 - 2013-06-25 10:11 - 51415040 ____A (Microsoft Corporation) C:\Users\user\Downloads\IE10-Windows6.1-x64-de-de.exe
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\Users\user\Documents\Simply Super Software
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Simply Super Software
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-25 09:53 - 2013-06-25 09:53 - 20553576 ____A (Simply Super Software                                       ) C:\Users\user\Downloads\trjsetup687.exe
2013-06-25 09:33 - 2013-06-25 09:33 - 102323272 ____A C:\Users\user\Downloads\avira_free3640_antivirus_de.exe
2013-06-24 16:39 - 2013-06-25 09:36 - 00000000 ____D C:\Users\user\AppData\Roaming\WinUpdtr
2013-06-20 10:24 - 2013-06-20 10:24 - 01888525 ____A C:\Users\user\Downloads\AutoNumbering.zip
2013-06-20 08:52 - 2013-06-20 08:52 - 01290288 ____A C:\Users\user\Desktop\EmployerHistory.zip
2013-06-19 11:37 - 2013-06-19 11:39 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations__AddonName__5_1_0_0
2013-06-19 11:37 - 2013-06-19 11:37 - 00015392 ____A C:\Users\user\Downloads\CrmTranslations__AddonName__5_1_0_0.zip
2013-06-19 06:31 - 2013-06-19 06:31 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-06-18 17:01 - 2013-06-18 17:01 - 50449456 ____A (Microsoft Corporation) C:\Users\user\Downloads\dotNetFx40_Full_x86_x64.exe
2013-06-18 17:01 - 2013-06-18 17:01 - 13711712 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk (3).exe
2013-06-18 17:00 - 2013-06-18 17:00 - 13711712 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk (2).exe
2013-06-18 16:49 - 2013-06-18 16:49 - 13928288 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk (1).exe
2013-06-18 16:29 - 2013-06-18 16:29 - 13928288 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk.exe
2013-06-18 15:06 - 2013-06-18 15:06 - 00429903 ____A C:\Users\user\Downloads\BatchTaskService_5_0_0_managed (2).zip
2013-06-17 13:58 - 2013-06-17 13:58 - 01290682 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0 (2).zip
2013-06-17 10:54 - 2013-06-17 10:54 - 01290210 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed (3).zip
2013-06-17 10:41 - 2013-06-17 10:41 - 00124804 ____A C:\Users\user\Downloads\importlog_EmployerHistory_5_1_0_0.xml
2013-06-16 21:37 - 2013-06-16 21:37 - 00173042 ____A C:\Users\user\Downloads\simpsons-s24e04.nzb
2013-06-15 14:02 - 2013-06-15 14:02 - 00000000 ____D C:\Users\user\Desktop\HSR
2013-06-15 13:39 - 2013-06-15 13:39 - 00001191 ____A C:\Users\user\Downloads\Downloads - Shortcut.lnk
2013-06-15 13:35 - 2013-06-15 13:35 - 04246016 ____A C:\Users\user\Downloads\anyconnect-win-3.1.02040-pre-deploy-k9.msi
2013-06-15 13:35 - 2013-06-15 13:35 - 00135772 ____A C:\Users\user\Downloads\hsr-strongSwan-vpn-setup.exe
2013-06-15 13:35 - 2013-06-15 13:35 - 00000000 ____D C:\Program Files (x86)\HSR strongSwan VPN Applet
2013-06-15 13:31 - 2013-06-15 13:31 - 72694869 ____A C:\Users\user\Downloads\SE2.zip
2013-06-15 13:31 - 2013-06-15 13:31 - 101287851 ____A C:\Users\user\Downloads\Math2_I.zip
2013-06-15 13:30 - 2013-06-15 13:30 - 01757022 ____A C:\Users\user\Downloads\Math1_I.zip
2013-06-15 13:29 - 2013-06-15 13:30 - 28565869 ____A C:\Users\user\Downloads\VSS.zip
2013-06-15 13:28 - 2013-06-15 13:28 - 00180238 ____A C:\Users\user\Downloads\An2I.zip
2013-06-15 01:23 - 2013-06-15 01:23 - 00000581 ____A C:\Users\user\Downloads\ufc 160.nzb
2013-06-14 22:44 - 2013-06-14 22:44 - 01203375 ____A C:\Users\user\Downloads\Jurassic Park 1993.nzb
2013-06-14 21:29 - 2013-06-14 21:29 - 00169467 ____A C:\Users\user\Downloads\simpsons-s24e03.nzb
2013-06-14 16:04 - 2013-06-14 16:04 - 00000727 ____A C:\Users\user\Downloads\ErrorDetails (1).txt
2013-06-14 15:58 - 2013-06-14 15:58 - 00000727 ____A C:\Users\user\Downloads\ErrorDetails.txt
2013-06-14 10:12 - 2013-06-14 10:12 - 00359325 ____A C:\Users\user\Downloads\BatchTaskService_5_0_0_managed (1).zip
2013-06-13 16:50 - 2013-06-13 16:50 - 01290133 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed (2).zip
2013-06-13 15:37 - 2013-06-13 15:37 - 01290133 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed (1).zip
2013-06-13 15:27 - 2013-06-13 15:29 - 00013636 ____H C:\Users\user\Desktop\~WRL3370.tmp
2013-06-13 14:44 - 2013-06-13 14:44 - 01290165 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed.zip
2013-06-13 11:59 - 2013-06-13 11:59 - 01276740 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0 (1).zip
2013-06-13 11:13 - 2013-06-13 11:13 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (3)
2013-06-13 11:12 - 2013-06-13 11:12 - 00012968 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (3).zip
2013-06-13 11:09 - 2013-06-13 11:10 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (2)
2013-06-13 11:09 - 2013-06-13 11:09 - 00012966 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (2).zip
2013-06-13 11:06 - 2013-06-13 11:06 - 00012967 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (1).zip
2013-06-13 11:06 - 2013-06-13 11:06 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (1)
2013-06-13 11:04 - 2013-06-13 11:04 - 01276705 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0.zip
2013-06-13 11:00 - 2013-06-13 11:00 - 00012964 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0.zip
2013-06-13 11:00 - 2013-06-13 11:00 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0
2013-06-13 08:51 - 2013-06-20 08:48 - 00000000 ____D C:\Users\user\AppData\Local\Paint.NET
2013-06-13 08:51 - 2013-06-13 08:51 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-06-13 08:51 - 2013-06-13 08:51 - 00000000 ____D C:\Program Files\Paint.NET
2013-06-13 08:50 - 2013-06-13 08:50 - 03730109 ____A C:\Users\user\Downloads\Paint.NET.3.5.10.Install.zip
2013-06-12 10:17 - 2013-06-12 10:17 - 20964352 ____A C:\Users\user\Downloads\CRM+Sitemap+Editor.msi
2013-06-11 17:22 - 2013-06-12 16:41 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2013-06-11 11:22 - 2013-06-11 11:22 - 00000000 ___HD C:\Windows\$CrmUninstallKB2791312_Client_1033$
2013-06-11 11:21 - 2013-06-11 11:22 - 51957520 ____A (Microsoft Corporation) C:\Users\user\Downloads\CRM2011-Client-KB2791312-ENU-amd64.exe
2013-06-11 10:51 - 2013-06-11 10:53 - 89247552 ____A (Microsoft Corporation) C:\Users\user\Downloads\CRM2011-Client-ENU-amd64 (1).exe
2013-06-11 10:26 - 2013-06-11 11:12 - 00000000 ____D C:\tmp
2013-06-11 10:20 - 2013-06-11 10:22 - 87531128 ____A (Microsoft Corporation) C:\Users\user\Downloads\CRM2011-Client-ENU-i386.exe
2013-06-10 14:58 - 2013-06-10 14:58 - 03214338 ____A C:\Users\user\Desktop\PersonalSettingsDeployer.zip
2013-06-10 14:54 - 2013-06-10 14:54 - 00113680 ____A C:\Users\user\Downloads\PersonalSettingsDeployer_5_1_0_0_managed (1).zip
2013-06-10 14:54 - 2013-06-10 14:54 - 00000000 ____D C:\Users\user\Downloads\PersonalSettingsDeployer_5_1_0_0_managed
2013-06-10 14:43 - 2013-06-10 14:43 - 00113680 ____A C:\Users\user\Downloads\PersonalSettingsDeployer_5_1_0_0_managed.zip
2013-06-10 14:29 - 2013-06-10 14:29 - 00002324 ____A C:\Users\Public\Desktop\RadControls for Silverlight Q3 2011 SP1 Demos.lnk
2013-06-10 14:29 - 2013-06-10 14:29 - 00000000 ____D C:\Program Files (x86)\Telerik
2013-06-10 14:22 - 2013-06-10 14:27 - 152354816 ____A C:\Users\user\Downloads\RadControls_for_Silverlight4_2011_3_1220_Dev.msi
2013-06-10 14:21 - 2013-06-10 14:21 - 06074880 ____A (Telerik AD) C:\Users\user\Downloads\TelerikControlPanelSetup_2013_1_530.exe
2013-06-10 13:49 - 2013-06-03 14:14 - 00000106 ____A C:\Users\user\Desktop\SwyxRestart.bat
2013-06-09 13:14 - 2013-06-09 13:14 - 00081215 ____A C:\Users\user\Downloads\ASTRIX.nzb
2013-06-09 13:14 - 2013-06-09 13:14 - 00068122 ____A C:\Users\user\Downloads\ELEMENT OF CRIME .nzb
2013-06-09 12:08 - 2013-06-09 12:08 - 00404323 ____A C:\Users\user\Downloads\scrubs s09e01.nzb
2013-06-09 00:54 - 2013-06-09 00:54 - 00328858 ____A C:\Users\user\Downloads\breaking.bad.s05e04.720p.bluray.x264-demand.sample.mkv.nzb
2013-06-09 00:54 - 2013-06-09 00:54 - 00065296 ____A C:\Users\user\Downloads\breaking.bad.s05e04.bdrip.xvid-demand-sample.avi.nzb
2013-06-08 20:46 - 2013-06-08 20:46 - 00056294 ____A C:\Users\user\Downloads\simpsons-s24e02.nzb
2013-06-06 16:00 - 2013-06-06 16:00 - 00000000 ____D C:\ProgramData\Simpler Software
2013-06-06 15:44 - 2013-06-06 15:46 - 68916879 ____A C:\Users\user\Downloads\CRM Solution Manager.vsix
2013-06-04 16:56 - 2013-06-04 16:57 - 93052152 ____A (Microsoft Corporation) C:\Users\user\Downloads\MicrosoftDynamicsCRM2011SDK.exe
2013-06-04 13:06 - 2013-06-04 13:06 - 08126480 ____A (Hewlett-Packard Company                                     ) C:\Users\user\Downloads\sp61141.exe
2013-06-04 13:02 - 2013-06-04 13:02 - 01201944 ____A (Hewlett-Packard                                             ) C:\Users\user\Downloads\sp52509 (1).exe
2013-06-03 15:54 - 2013-06-03 15:54 - 01420505 ____A C:\Users\user\Downloads\CopyObjects (1).zip
2013-06-03 09:48 - 2013-06-03 09:48 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (4).zip
2013-06-03 09:47 - 2013-06-03 09:47 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (3).zip
2013-06-02 20:30 - 2013-06-02 20:30 - 00501088 ____A C:\Users\user\Downloads\ufc 153.nzb
2013-06-02 18:49 - 2013-06-02 18:49 - 00317989 ____A C:\Users\user\Downloads\Breaking.Bad.S05e04 .nzb
2013-06-02 17:49 - 2013-06-02 17:49 - 00000000 ____D C:\Users\user\angular-phonecat
2013-06-02 17:47 - 2013-06-02 17:47 - 00000000 ____D C:\Users\user\AppData\Roaming\npm-cache
2013-06-02 17:47 - 2013-06-02 17:47 - 00000000 ____D C:\Users\user\AppData\Roaming\npm
2013-06-02 14:40 - 2013-06-02 14:40 - 00001114 ____A C:\Users\Public\Desktop\Git Bash.lnk
2013-06-02 14:40 - 2013-06-02 14:40 - 00000000 ____D C:\Program Files (x86)\Git
2013-06-02 14:34 - 2013-06-02 14:34 - 15367901 ____A (The Git Development Community                               ) C:\Users\user\Downloads\Git-1.8.1.2-preview20130201.exe
2013-06-02 14:03 - 2013-06-02 14:03 - 00000000 ____D C:\Program Files\nodejs
2013-06-02 14:02 - 2013-06-02 14:02 - 06295552 ____A C:\Users\user\Downloads\node-v0.10.9-x64.msi
2013-06-02 13:19 - 2013-06-02 13:19 - 03354352 ____A C:\Users\user\Downloads\Cloud Atlas 2012 (1).nzb
2013-06-01 14:05 - 2013-06-01 14:05 - 01137426 ____A C:\Users\user\Downloads\Silver Linings german (1).nzb
2013-05-31 21:29 - 2013-05-31 21:29 - 00054197 ____A C:\Users\user\Downloads\simpsons-s24e01.nzb
2013-05-29 23:43 - 2013-05-29 23:43 - 01002173 ____A C:\Users\user\Downloads\09. Präsentation.pptx
2013-05-29 18:48 - 2013-05-29 18:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft FxCop
2013-05-29 17:08 - 2013-05-29 17:08 - 01494242 ____A C:\Users\user\Downloads\MeetingManagement_5_1_0_0_managed (4).zip
2013-05-28 13:28 - 2013-05-28 13:28 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (2).zip
2013-05-28 13:27 - 2013-05-28 13:27 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (1).zip
2013-05-28 09:50 - 2013-05-28 09:50 - 00721829 ____A C:\Users\user\Downloads\Quick_Report.zip
2013-05-28 09:14 - 2013-05-28 09:14 - 01494234 ____A C:\Users\user\Downloads\MeetingManagement_5_1_0_0_managed (3).zip
2013-05-27 22:27 - 2013-05-27 22:27 - 00028261 ____A C:\Users\user\Downloads\Adobe Photoshop CS6 Extended German Portable-R4e.nzb
2013-05-27 22:19 - 2013-05-27 22:19 - 00605587 ____A C:\Users\user\Downloads\PS-Sprachdateien-PSARTIX-.zip
2013-05-27 22:17 - 2013-05-27 22:17 - 00207186 ____A C:\Users\user\Downloads\Adobe Photoshop CS6 Extended 13.1.2 aktiviert. by soV1-soko.nzb
2013-05-27 22:12 - 2013-05-27 22:12 - 00000000 ____D C:\Windows\System32\Drivers\etc\New folder
2013-05-27 22:10 - 2013-05-27 22:10 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-27 22:10 - 2013-05-27 22:10 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2013-05-27 22:10 - 2013-05-27 22:10 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-05-27 22:09 - 2013-05-27 22:09 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-05-27 22:08 - 2013-05-27 22:08 - 13901152 ____A (Disc Soft Ltd) C:\Users\user\Downloads\DTLite4471-0333.exe
2013-05-27 21:24 - 2013-05-27 21:25 - 05113760 ____A C:\Users\user\Downloads\WhatsApp_2_9_6145.sis
2013-05-27 21:15 - 2013-05-27 21:15 - 00288132 ____A C:\Users\user\Downloads\Breaking.Bad.S05e03.nzb
2013-05-27 18:34 - 2013-05-27 18:34 - 03471276 ____A C:\Users\user\Downloads\WhatsApp_2_8_14.sis
2013-05-26 20:23 - 2013-05-26 20:42 - 00000000 ____D C:\Users\user\Downloads\cinderella-man_english-132116
2013-05-26 20:23 - 2013-05-26 20:23 - 00000000 ____D C:\Users\user\Downloads\cinderella-man_english-63057
2013-05-26 20:19 - 2013-05-26 20:20 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-05-26 20:19 - 2013-05-26 20:19 - 00001035 ____A C:\Users\user\Desktop\KMPlayer.lnk
2013-05-26 20:19 - 2013-05-26 20:19 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV
2013-05-26 20:18 - 2013-05-26 20:19 - 32642064 ____A C:\Users\user\Desktop\KMPlayer_3-6-0-87.exe
2013-05-26 20:18 - 2013-05-26 20:18 - 00393040 ____A (Softonic                                        ) C:\Users\user\Downloads\SoftonicDownloader_fuer_kmplayer.exe
2013-05-26 20:17 - 2013-05-26 20:17 - 00000000 ____D C:\Users\user\Downloads\cinderella-man_english-459727
2013-05-26 20:16 - 2013-05-26 20:16 - 00058092 ____A C:\Users\user\Downloads\cinderella-man_english-459727.zip
2013-05-26 20:16 - 2013-05-26 20:16 - 00048554 ____A C:\Users\user\Downloads\cinderella-man_english-63057.zip
2013-05-26 20:14 - 2013-05-26 20:14 - 00058054 ____A C:\Users\user\Downloads\cinderella-man_english-132116.zip
2013-05-26 20:07 - 2013-06-14 22:52 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-05-26 19:58 - 2013-05-26 19:58 - 00792231 ____A C:\Users\user\Downloads\cloud atlas german (1).nzb
2013-05-26 19:56 - 2013-05-26 19:56 - 02041984 ____A C:\Users\user\Downloads\cloud atlas german.nzb
2013-05-26 19:48 - 2013-05-26 19:48 - 02815138 ____A C:\Users\user\Downloads\cloud atlas.nzb
2013-05-26 19:12 - 2013-05-26 19:12 - 02215866 ____A C:\Users\user\Downloads\Cloud Atlas 2012.nzb
2013-05-26 19:09 - 2013-05-26 19:09 - 06541845 ____A C:\Users\user\Downloads\Cloud.Atlas.2012. (4).nzb
2013-05-26 19:09 - 2013-05-26 19:09 - 00034811 ____A C:\Users\user\Downloads\Cloud.Atlas.2012. (5).nzb
2013-05-26 19:08 - 2013-05-26 19:08 - 06530001 ____A C:\Users\user\Downloads\Cloud.Atlas.2012. (3).nzb
2013-05-26 19:07 - 2013-05-26 19:07 - 02989721 ____A C:\Users\user\Downloads\cloud.atlas.2012. (2).nzb
2013-05-26 19:05 - 2013-05-26 19:05 - 02824514 ____A C:\Users\user\Downloads\cloud.atlas.2012. (1).nzb
2013-05-26 19:03 - 2013-05-26 19:03 - 06507284 ____A C:\Users\user\Downloads\Cloud.Atlas.2012..nzb

==================== One Month Modified Files and Folders =======

2013-06-25 14:54 - 2013-06-25 14:54 - 01931854 ____A (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-06-25 14:54 - 2013-06-25 14:54 - 00000000 ____D C:\FRST
2013-06-25 14:20 - 2013-04-30 15:36 - 00000000 ____D C:\Users\user\Documents\Outlook Files
2013-06-25 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-25 12:52 - 2013-04-30 13:53 - 01095637 ____A C:\Windows\WindowsUpdate.log
2013-06-25 12:48 - 2013-06-25 12:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-06-25 12:46 - 2013-06-25 12:46 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-25 12:46 - 2013-06-25 12:46 - 00002066 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 12:46 - 2013-06-25 12:46 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 12:46 - 2013-06-25 12:46 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 12:46 - 2012-07-26 09:28 - 01019360 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 12:41 - 2013-04-30 15:06 - 00000584 ____A C:\Windows\System32\config\netlogon.ftl
2013-06-25 12:41 - 2013-03-16 10:16 - 00387756 ____A C:\Windows\PFRO.log
2013-06-25 11:41 - 2013-06-25 11:41 - 00181846 ____A C:\Users\user\Downloads\OTL.Txt
2013-06-25 11:41 - 2013-06-25 11:41 - 00154710 ____A C:\Users\user\Downloads\Extras.Txt
2013-06-25 11:39 - 2013-06-25 11:39 - 00602112 ____A (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2013-06-25 11:39 - 2013-06-25 11:38 - 02218636 ____A C:\Users\user\Downloads\tdsskiller.zip
2013-06-25 11:31 - 2013-06-25 11:25 - 00000000 ____D C:\Users\user\Doctor Web
2013-06-25 11:28 - 2013-04-30 13:52 - 00000000 ____D C:\users\dkell_000
2013-06-25 11:25 - 2013-06-25 11:24 - 122590576 ____A C:\Users\user\Downloads\6u7v3wte.exe
2013-06-25 11:25 - 2013-04-30 15:25 - 00000000 ____D C:\users\user
2013-06-25 11:24 - 2013-06-25 11:23 - 207636488 ____A (Doctor Web, Ltd.) C:\Users\user\Downloads\drweb-700-win-space-201302071602.exe
2013-06-25 11:16 - 2013-06-25 11:15 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_PersonalSettingsDeployer_5_1_0_0
2013-06-25 11:15 - 2013-06-25 11:15 - 00013190 ____A C:\Users\user\Downloads\CrmTranslations_PersonalSettingsDeployer_5_1_0_0.zip
2013-06-25 10:11 - 2013-06-25 10:11 - 00001344 ____A C:\Windows\IE10_main.log
2013-06-25 10:11 - 2013-06-25 10:10 - 51415040 ____A (Microsoft Corporation) C:\Users\user\Downloads\IE10-Windows6.1-x64-de-de.exe
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\Users\user\Documents\Simply Super Software
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Simply Super Software
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-25 09:54 - 2013-06-25 09:54 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-25 09:53 - 2013-06-25 09:53 - 20553576 ____A (Simply Super Software                                       ) C:\Users\user\Downloads\trjsetup687.exe
2013-06-25 09:38 - 2013-04-30 15:28 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 09:36 - 2013-06-24 16:39 - 00000000 ____D C:\Users\user\AppData\Roaming\WinUpdtr
2013-06-25 09:33 - 2013-06-25 09:33 - 102323272 ____A C:\Users\user\Downloads\avira_free3640_antivirus_de.exe
2013-06-25 09:31 - 2013-05-20 17:26 - 00001154 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452433561-764224518-794008597-1113UA.job
2013-06-25 09:13 - 2012-07-26 09:21 - 00045119 ____A C:\Windows\setupact.log
2013-06-25 09:11 - 2013-04-30 15:28 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 09:11 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 09:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Sysprep
2013-06-24 08:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-20 17:31 - 2013-05-20 17:26 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452433561-764224518-794008597-1113Core.job
2013-06-20 13:28 - 2013-05-02 20:08 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-06-20 10:24 - 2013-06-20 10:24 - 01888525 ____A C:\Users\user\Downloads\AutoNumbering.zip
2013-06-20 08:52 - 2013-06-20 08:52 - 01290288 ____A C:\Users\user\Desktop\EmployerHistory.zip
2013-06-20 08:48 - 2013-06-13 08:51 - 00000000 ____D C:\Users\user\AppData\Local\Paint.NET
2013-06-20 07:39 - 2013-04-30 15:29 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 15:35 - 2013-05-03 16:25 - 00000000 ____D C:\Cybersystems
2013-06-19 13:39 - 2013-04-30 15:25 - 00000000 ____D C:\Users\user\Documents\Visual Studio 2012
2013-06-19 11:39 - 2013-06-19 11:37 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations__AddonName__5_1_0_0
2013-06-19 11:37 - 2013-06-19 11:37 - 00015392 ____A C:\Users\user\Downloads\CrmTranslations__AddonName__5_1_0_0.zip
2013-06-19 06:56 - 2013-05-07 09:21 - 00002272 ___AH C:\Users\user\Documents\Default.rdp
2013-06-19 06:31 - 2013-06-19 06:31 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-06-18 17:01 - 2013-06-18 17:01 - 50449456 ____A (Microsoft Corporation) C:\Users\user\Downloads\dotNetFx40_Full_x86_x64.exe
2013-06-18 17:01 - 2013-06-18 17:01 - 13711712 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk (3).exe
2013-06-18 17:00 - 2013-06-18 17:00 - 13711712 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk (2).exe
2013-06-18 16:49 - 2013-06-18 16:49 - 13928288 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk (1).exe
2013-06-18 16:29 - 2013-06-18 16:29 - 13928288 ____A (Microsoft Corporation) C:\Users\user\Downloads\silverlight_sdk.exe
2013-06-18 15:06 - 2013-06-18 15:06 - 00429903 ____A C:\Users\user\Downloads\BatchTaskService_5_0_0_managed (2).zip
2013-06-17 13:58 - 2013-06-17 13:58 - 01290682 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0 (2).zip
2013-06-17 10:54 - 2013-06-17 10:54 - 01290210 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed (3).zip
2013-06-17 10:41 - 2013-06-17 10:41 - 00124804 ____A C:\Users\user\Downloads\importlog_EmployerHistory_5_1_0_0.xml
2013-06-16 21:37 - 2013-06-16 21:37 - 00173042 ____A C:\Users\user\Downloads\simpsons-s24e04.nzb
2013-06-16 16:41 - 2013-05-03 16:25 - 00000000 ____D C:\Cloud
2013-06-15 14:02 - 2013-06-15 14:02 - 00000000 ____D C:\Users\user\Desktop\HSR
2013-06-15 13:47 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\NDF
2013-06-15 13:39 - 2013-06-15 13:39 - 00001191 ____A C:\Users\user\Downloads\Downloads - Shortcut.lnk
2013-06-15 13:37 - 2013-05-01 17:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Azureus
2013-06-15 13:35 - 2013-06-15 13:35 - 04246016 ____A C:\Users\user\Downloads\anyconnect-win-3.1.02040-pre-deploy-k9.msi
2013-06-15 13:35 - 2013-06-15 13:35 - 00135772 ____A C:\Users\user\Downloads\hsr-strongSwan-vpn-setup.exe
2013-06-15 13:35 - 2013-06-15 13:35 - 00000000 ____D C:\Program Files (x86)\HSR strongSwan VPN Applet
2013-06-15 13:31 - 2013-06-15 13:31 - 72694869 ____A C:\Users\user\Downloads\SE2.zip
2013-06-15 13:31 - 2013-06-15 13:31 - 101287851 ____A C:\Users\user\Downloads\Math2_I.zip
2013-06-15 13:30 - 2013-06-15 13:30 - 01757022 ____A C:\Users\user\Downloads\Math1_I.zip
2013-06-15 13:30 - 2013-06-15 13:29 - 28565869 ____A C:\Users\user\Downloads\VSS.zip
2013-06-15 13:28 - 2013-06-15 13:28 - 00180238 ____A C:\Users\user\Downloads\An2I.zip
2013-06-15 01:23 - 2013-06-15 01:23 - 00000581 ____A C:\Users\user\Downloads\ufc 160.nzb
2013-06-14 22:52 - 2013-05-26 20:07 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-06-14 22:44 - 2013-06-14 22:44 - 01203375 ____A C:\Users\user\Downloads\Jurassic Park 1993.nzb
2013-06-14 21:29 - 2013-06-14 21:29 - 00169467 ____A C:\Users\user\Downloads\simpsons-s24e03.nzb
2013-06-14 16:04 - 2013-06-14 16:04 - 00000727 ____A C:\Users\user\Downloads\ErrorDetails (1).txt
2013-06-14 15:58 - 2013-06-14 15:58 - 00000727 ____A C:\Users\user\Downloads\ErrorDetails.txt
2013-06-14 10:12 - 2013-06-14 10:12 - 00359325 ____A C:\Users\user\Downloads\BatchTaskService_5_0_0_managed (1).zip
2013-06-13 16:50 - 2013-06-13 16:50 - 01290133 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed (2).zip
2013-06-13 15:37 - 2013-06-13 15:37 - 01290133 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed (1).zip
2013-06-13 15:29 - 2013-06-13 15:27 - 00013636 ____H C:\Users\user\Desktop\~WRL3370.tmp
2013-06-13 14:44 - 2013-06-13 14:44 - 01290165 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0_managed.zip
2013-06-13 11:59 - 2013-06-13 11:59 - 01276740 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0 (1).zip
2013-06-13 11:13 - 2013-06-13 11:13 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (3)
2013-06-13 11:12 - 2013-06-13 11:12 - 00012968 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (3).zip
2013-06-13 11:10 - 2013-06-13 11:09 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (2)
2013-06-13 11:09 - 2013-06-13 11:09 - 00012966 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (2).zip
2013-06-13 11:06 - 2013-06-13 11:06 - 00012967 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (1).zip
2013-06-13 11:06 - 2013-06-13 11:06 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0 (1)
2013-06-13 11:04 - 2013-06-13 11:04 - 01276705 ____A C:\Users\user\Downloads\EmployerHistory_5_1_0_0.zip
2013-06-13 11:00 - 2013-06-13 11:00 - 00012964 ____A C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0.zip
2013-06-13 11:00 - 2013-06-13 11:00 - 00000000 ____D C:\Users\user\Downloads\CrmTranslations_EmployerHistory_5_1_0_0
2013-06-13 08:51 - 2013-06-13 08:51 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-06-13 08:51 - 2013-06-13 08:51 - 00000000 ____D C:\Program Files\Paint.NET
2013-06-13 08:50 - 2013-06-13 08:50 - 03730109 ____A C:\Users\user\Downloads\Paint.NET.3.5.10.Install.zip
2013-06-12 16:41 - 2013-06-11 17:22 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2013-06-12 10:17 - 2013-06-12 10:17 - 20964352 ____A C:\Users\user\Downloads\CRM+Sitemap+Editor.msi
2013-06-11 17:22 - 2013-03-20 13:43 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-11 11:22 - 2013-06-11 11:22 - 00000000 ___HD C:\Windows\$CrmUninstallKB2791312_Client_1033$
2013-06-11 11:22 - 2013-06-11 11:21 - 51957520 ____A (Microsoft Corporation) C:\Users\user\Downloads\CRM2011-Client-KB2791312-ENU-amd64.exe
2013-06-11 11:22 - 2013-03-20 12:54 - 00001566 ____A C:\Windows\CrmClient.mif
2013-06-11 11:22 - 2013-03-20 12:54 - 00000000 ____D C:\Program Files\Microsoft Dynamics CRM
2013-06-11 11:12 - 2013-06-11 10:26 - 00000000 ____D C:\tmp
2013-06-11 10:53 - 2013-06-11 10:51 - 89247552 ____A (Microsoft Corporation) C:\Users\user\Downloads\CRM2011-Client-ENU-amd64 (1).exe
2013-06-11 10:22 - 2013-06-11 10:20 - 87531128 ____A (Microsoft Corporation) C:\Users\user\Downloads\CRM2011-Client-ENU-i386.exe
2013-06-10 14:58 - 2013-06-10 14:58 - 03214338 ____A C:\Users\user\Desktop\PersonalSettingsDeployer.zip
2013-06-10 14:54 - 2013-06-10 14:54 - 00113680 ____A C:\Users\user\Downloads\PersonalSettingsDeployer_5_1_0_0_managed (1).zip
2013-06-10 14:54 - 2013-06-10 14:54 - 00000000 ____D C:\Users\user\Downloads\PersonalSettingsDeployer_5_1_0_0_managed
2013-06-10 14:43 - 2013-06-10 14:43 - 00113680 ____A C:\Users\user\Downloads\PersonalSettingsDeployer_5_1_0_0_managed.zip
2013-06-10 14:29 - 2013-06-10 14:29 - 00002324 ____A C:\Users\Public\Desktop\RadControls for Silverlight Q3 2011 SP1 Demos.lnk
2013-06-10 14:29 - 2013-06-10 14:29 - 00000000 ____D C:\Program Files (x86)\Telerik
2013-06-10 14:27 - 2013-06-10 14:22 - 152354816 ____A C:\Users\user\Downloads\RadControls_for_Silverlight4_2011_3_1220_Dev.msi
2013-06-10 14:21 - 2013-06-10 14:21 - 06074880 ____A (Telerik AD) C:\Users\user\Downloads\TelerikControlPanelSetup_2013_1_530.exe
2013-06-09 13:14 - 2013-06-09 13:14 - 00081215 ____A C:\Users\user\Downloads\ASTRIX.nzb
2013-06-09 13:14 - 2013-06-09 13:14 - 00068122 ____A C:\Users\user\Downloads\ELEMENT OF CRIME .nzb
2013-06-09 12:08 - 2013-06-09 12:08 - 00404323 ____A C:\Users\user\Downloads\scrubs s09e01.nzb
2013-06-09 00:54 - 2013-06-09 00:54 - 00328858 ____A C:\Users\user\Downloads\breaking.bad.s05e04.720p.bluray.x264-demand.sample.mkv.nzb
2013-06-09 00:54 - 2013-06-09 00:54 - 00065296 ____A C:\Users\user\Downloads\breaking.bad.s05e04.bdrip.xvid-demand-sample.avi.nzb
2013-06-08 20:46 - 2013-06-08 20:46 - 00056294 ____A C:\Users\user\Downloads\simpsons-s24e02.nzb
2013-06-06 16:00 - 2013-06-06 16:00 - 00000000 ____D C:\ProgramData\Simpler Software
2013-06-06 15:46 - 2013-06-06 15:44 - 68916879 ____A C:\Users\user\Downloads\CRM Solution Manager.vsix
2013-06-04 16:57 - 2013-06-04 16:56 - 93052152 ____A (Microsoft Corporation) C:\Users\user\Downloads\MicrosoftDynamicsCRM2011SDK.exe
2013-06-04 16:45 - 2013-05-21 11:35 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-04 13:06 - 2013-06-04 13:06 - 08126480 ____A (Hewlett-Packard Company                                     ) C:\Users\user\Downloads\sp61141.exe
2013-06-04 13:02 - 2013-06-04 13:02 - 01201944 ____A (Hewlett-Packard                                             ) C:\Users\user\Downloads\sp52509 (1).exe
2013-06-03 15:54 - 2013-06-03 15:54 - 01420505 ____A C:\Users\user\Downloads\CopyObjects (1).zip
2013-06-03 14:14 - 2013-06-10 13:49 - 00000106 ____A C:\Users\user\Desktop\SwyxRestart.bat
2013-06-03 09:48 - 2013-06-03 09:48 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (4).zip
2013-06-03 09:47 - 2013-06-03 09:47 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (3).zip
2013-06-02 20:30 - 2013-06-02 20:30 - 00501088 ____A C:\Users\user\Downloads\ufc 153.nzb
2013-06-02 18:49 - 2013-06-02 18:49 - 00317989 ____A C:\Users\user\Downloads\Breaking.Bad.S05e04 .nzb
2013-06-02 17:49 - 2013-06-02 17:49 - 00000000 ____D C:\Users\user\angular-phonecat
2013-06-02 17:47 - 2013-06-02 17:47 - 00000000 ____D C:\Users\user\AppData\Roaming\npm-cache
2013-06-02 17:47 - 2013-06-02 17:47 - 00000000 ____D C:\Users\user\AppData\Roaming\npm
2013-06-02 14:40 - 2013-06-02 14:40 - 00001114 ____A C:\Users\Public\Desktop\Git Bash.lnk
2013-06-02 14:40 - 2013-06-02 14:40 - 00000000 ____D C:\Program Files (x86)\Git
2013-06-02 14:34 - 2013-06-02 14:34 - 15367901 ____A (The Git Development Community                               ) C:\Users\user\Downloads\Git-1.8.1.2-preview20130201.exe
2013-06-02 14:03 - 2013-06-02 14:03 - 00000000 ____D C:\Program Files\nodejs
2013-06-02 14:02 - 2013-06-02 14:02 - 06295552 ____A C:\Users\user\Downloads\node-v0.10.9-x64.msi
2013-06-02 13:19 - 2013-06-02 13:19 - 03354352 ____A C:\Users\user\Downloads\Cloud Atlas 2012 (1).nzb
2013-06-01 14:05 - 2013-06-01 14:05 - 01137426 ____A C:\Users\user\Downloads\Silver Linings german (1).nzb
2013-06-01 01:50 - 2012-07-26 07:26 - 00524288 __ASH C:\Windows\System32\config\BBI
2013-05-31 21:29 - 2013-05-31 21:29 - 00054197 ____A C:\Users\user\Downloads\simpsons-s24e01.nzb
2013-05-29 23:43 - 2013-05-29 23:43 - 01002173 ____A C:\Users\user\Downloads\09. Präsentation.pptx
2013-05-29 23:43 - 2013-04-30 15:25 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2013-05-29 18:48 - 2013-05-29 18:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft FxCop
2013-05-29 17:08 - 2013-05-29 17:08 - 01494242 ____A C:\Users\user\Downloads\MeetingManagement_5_1_0_0_managed (4).zip
2013-05-28 13:28 - 2013-05-28 13:28 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (2).zip
2013-05-28 13:27 - 2013-05-28 13:27 - 00721829 ____A C:\Users\user\Downloads\Quick_Report (1).zip
2013-05-28 09:50 - 2013-05-28 09:50 - 00721829 ____A C:\Users\user\Downloads\Quick_Report.zip
2013-05-28 09:14 - 2013-05-28 09:14 - 01494234 ____A C:\Users\user\Downloads\MeetingManagement_5_1_0_0_managed (3).zip
2013-05-28 08:57 - 2013-04-30 13:53 - 00000000 ____D C:\Users\dkell_000\AppData\Roaming\Adobe
2013-05-27 22:27 - 2013-05-27 22:27 - 00028261 ____A C:\Users\user\Downloads\Adobe Photoshop CS6 Extended German Portable-R4e.nzb
2013-05-27 22:19 - 2013-05-27 22:19 - 00605587 ____A C:\Users\user\Downloads\PS-Sprachdateien-PSARTIX-.zip
2013-05-27 22:17 - 2013-05-27 22:17 - 00207186 ____A C:\Users\user\Downloads\Adobe Photoshop CS6 Extended 13.1.2 aktiviert. by soV1-soko.nzb
2013-05-27 22:12 - 2013-05-27 22:12 - 00000000 ____D C:\Windows\System32\Drivers\etc\New folder
2013-05-27 22:10 - 2013-05-27 22:10 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-27 22:10 - 2013-05-27 22:10 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2013-05-27 22:10 - 2013-05-27 22:10 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-05-27 22:09 - 2013-05-27 22:09 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-05-27 22:08 - 2013-05-27 22:08 - 13901152 ____A (Disc Soft Ltd) C:\Users\user\Downloads\DTLite4471-0333.exe
2013-05-27 21:25 - 2013-05-27 21:24 - 05113760 ____A C:\Users\user\Downloads\WhatsApp_2_9_6145.sis
2013-05-27 21:15 - 2013-05-27 21:15 - 00288132 ____A C:\Users\user\Downloads\Breaking.Bad.S05e03.nzb
2013-05-27 18:34 - 2013-05-27 18:34 - 03471276 ____A C:\Users\user\Downloads\WhatsApp_2_8_14.sis
2013-05-26 20:42 - 2013-05-26 20:23 - 00000000 ____D C:\Users\user\Downloads\cinderella-man_english-132116
2013-05-26 20:23 - 2013-05-26 20:23 - 00000000 ____D C:\Users\user\Downloads\cinderella-man_english-63057
2013-05-26 20:20 - 2013-05-26 20:19 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-05-26 20:19 - 2013-05-26 20:19 - 00001035 ____A C:\Users\user\Desktop\KMPlayer.lnk
2013-05-26 20:19 - 2013-05-26 20:19 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV
2013-05-26 20:19 - 2013-05-26 20:18 - 32642064 ____A C:\Users\user\Desktop\KMPlayer_3-6-0-87.exe
2013-05-26 20:18 - 2013-05-26 20:18 - 00393040 ____A (Softonic                                        ) C:\Users\user\Downloads\SoftonicDownloader_fuer_kmplayer.exe
2013-05-26 20:17 - 2013-05-26 20:17 - 00000000 ____D C:\Users\user\Downloads\cinderella-man_english-459727
2013-05-26 20:16 - 2013-05-26 20:16 - 00058092 ____A C:\Users\user\Downloads\cinderella-man_english-459727.zip
2013-05-26 20:16 - 2013-05-26 20:16 - 00048554 ____A C:\Users\user\Downloads\cinderella-man_english-63057.zip
2013-05-26 20:14 - 2013-05-26 20:14 - 00058054 ____A C:\Users\user\Downloads\cinderella-man_english-132116.zip
2013-05-26 19:58 - 2013-05-26 19:58 - 00792231 ____A C:\Users\user\Downloads\cloud atlas german (1).nzb
2013-05-26 19:56 - 2013-05-26 19:56 - 02041984 ____A C:\Users\user\Downloads\cloud atlas german.nzb
2013-05-26 19:48 - 2013-05-26 19:48 - 02815138 ____A C:\Users\user\Downloads\cloud atlas.nzb
2013-05-26 19:12 - 2013-05-26 19:12 - 02215866 ____A C:\Users\user\Downloads\Cloud Atlas 2012.nzb
2013-05-26 19:09 - 2013-05-26 19:09 - 06541845 ____A C:\Users\user\Downloads\Cloud.Atlas.2012. (4).nzb
2013-05-26 19:09 - 2013-05-26 19:09 - 00034811 ____A C:\Users\user\Downloads\Cloud.Atlas.2012. (5).nzb
2013-05-26 19:08 - 2013-05-26 19:08 - 06530001 ____A C:\Users\user\Downloads\Cloud.Atlas.2012. (3).nzb
2013-05-26 19:07 - 2013-05-26 19:07 - 02989721 ____A C:\Users\user\Downloads\cloud.atlas.2012. (2).nzb
2013-05-26 19:05 - 2013-05-26 19:05 - 02824514 ____A C:\Users\user\Downloads\cloud.atlas.2012. (1).nzb
2013-05-26 19:03 - 2013-05-26 19:03 - 06507284 ____A C:\Users\user\Downloads\Cloud.Atlas.2012..nzb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 11:45

==================== End Of Log ============================

--- --- ---

addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2013 01
Ran by user at 2013-06-25 14:54:58
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Tools for .Net 3.5 (x32 Version: 3.11.50727)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe CSI CS4 (x32 Version: 1)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)
Adobe Setup (x32 Version: 2.0)
Avira Free Antivirus (x32 Version: 13.0.0.3640)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0)
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.00495)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Definition update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
Entity Framework Designer for Visual Studio 2012 - enu (x32 Version: 11.1.20702.00)
Fiddler (x32 Version: 4.4.3.8)
FocalFilter (x32 Version: 0.9.00)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (Version: 11.1.3128.0)
Git version 1.8.1.2-preview20130201 (x32 Version: 1.8.1.2-preview20130201)
Google Chrome (x32 Version: 27.0.1453.116)
Google Talk Plugin (x32 Version: 4.0.3.13724)
Google Update Helper (x32 Version: 1.3.21.145)
HP HD Webcam Driver (x32 Version: 6.0.1112.2_WHQL)
HSR strongSwan VPN (x32)
IDT Audio (x32 Version: 1.0.6428.0)
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel(R) Network Connections Drivers (Version: 17.2)
IrfanView (remove only) (x32 Version: 4.35)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 21 (64-bit) (Version: 1.7.0.210)
JetBrains ReSharper 7.0.1 (x32 Version: 7.0.1098)
JMicron 1394 Filter Driver (x32 Version: 1.00.25.03)
JMicron Flash Media Controller Driver (x32 Version: 1.0.72.4)
LocalESPC (x32 Version: 8.59.25584)
LocalESPCui for en-us (x32 Version: 8.59.25584)
Logitech Solar App 1.10 (Version: 1.10.3)
Logitech Unifying Software 2.10 (Version: 2.10.37)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (x32 Version: 3.0.30710.0)
Microsoft ASP.NET MVC 3 (x32 Version: 3.0.20105.0)
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools (x32 Version: 4.0.20710.0)
Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20710.0)
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (x32 Version: 1.0.20710.0)
Microsoft ASP.NET Web Pages (x32 Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools (x32 Version: 2.0.20710.0)
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20710.0)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022)
Microsoft Document Explorer 2008 (x32)
Microsoft Dynamics CRM 2011 English (United States) Language Pack (Version: 5.0.9690.1992)
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.1992)
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.3448)
Microsoft Dynamics CRM Developer Toolkit for Visual Studio 2012 (x32 Version: 1.0.0)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft LightSwitch for Visual Studio 2012 Core (x32 Version: 11.0.50727)
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU (x32 Version: 11.0.50727)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft NuGet - Visual Studio 2012 (x32 Version: 2.0.30625.9003)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office Language Pack 2013  - German/Deutsch (Version: 15.0.4420.1017)
Microsoft Office O MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Online Services Sign-in Assistant (Version: 7.250.4287.0)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Platform Ready Test Tool 4.1 (Version: 4.1)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.50709.17929)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 11.0.50709.17929)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Project Language Pack 2013  - German/Deutsch (Version: 15.0.4420.1017)
Microsoft Project MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Project MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Project Professional 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Report Viewer 2012 Runtime (x32 Version: 11.0.2100.60)
Microsoft Report Viewer Add-On for Visual Studio 2012 (x32 Version: 11.1.2802.16)
Microsoft ReportViewer 2010 Redistributable (x32 Version: 10.0.30319)
Microsoft SharePoint Designer MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK - Deutsch (x32 Version: 4.0.60310.0)
Microsoft Silverlight 4 SDK (x32 Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK (x32 Version: 5.0.61118.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0)
Microsoft SQL Server 2012 (64-bit)
Microsoft SQL Server 2012 Command Line Utilities  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Data-Tier App Framework  (x32 Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client  (Version: 11.1.3000.0)
Microsoft SQL Server 2012 Policies  (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Setup (English) (Version: 11.1.3128.0)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.1.3128.0)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.1.3000.0)
Microsoft SQL Server 2012 T-SQL Language Service  (x32 Version: 11.0.2100.60)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8082.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8082.0)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (x32 Version: 11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (x32 Version: 11.1.20627.00)
Microsoft SQL Server Database Publishing Wizard 1.3 (x32 Version: 10.0.1600.22)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.51.2500.0)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft System CLR Types for SQL Server 2012 (x32 Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.1.3000.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visio Language Pack 2013  - German/Deutsch (Version: 15.0.4420.1017)
Microsoft Visio MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Visio MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017)
Microsoft VisMUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Extended Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (x32 Version: 1)
Microsoft Visual Studio 2008 Standard Edition - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio 2008 Standard Edition - ENU (x32)
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140) (x32 Version: 1)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727)
Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2012 Devenv (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core amd64 (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core x86 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft Visual Studio Premium 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Premium 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Premium 2012 (x32 Version: 11.0.50727.1)
Microsoft Visual Studio Professional 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio Web Authoring Component (x32 Version: 12.0.4518.1066)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - enu (x32 Version: 10.3.20225.0)
Microsoft Web Developer Tools - Visual Studio 2012 (x32 Version: 1.0.30710.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (Version: 6.1.5294.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (Version: 6.1.5294.17011)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft X MUI (German) 2013 (Version: 15.0.4420.1017)
Node.js (Version: 0.10.9)
Notepad++ (x32 Version: 6.3.2)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017)
Paint.NET v3.5.10 (Version: 3.60.0)
Pandora Service (x32)
Pidgin (x32 Version: 2.10.7)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1)
Prerequisites for SSDT  (x32 Version: 11.0.2100.60)
SABnzbd 0.7.11 (x32 Version: 0.7.11)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (Version: 11.1.3000.0)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Snagit 10 (x32 Version: 10.0.0)
SpeedFan (remove only) (x32)
SQL Server 2012 Client Tools (Version: 11.1.3000.0)
SQL Server 2012 Common Files (Version: 11.1.3000.0)
SQL Server 2012 Management Studio (Version: 11.1.3000.0)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Suite Shared Configuration CS4 (x32 Version: 1.0)
SwyxIt! (Version: 8.01.0678.0)
Synaptics Pointing Device Driver (Version: 16.3.9.0)
TeamViewer 8 (x32 Version: 8.0.18930)
Telerik RadControls for Silverlight Q3 2011 SP1 (x32 Version: 11.3.1220.0)
The KMPlayer (remove only) (x32 Version: 3.6.0.87)
Tomb Raider (x32)
Trojan Remover 6.8.7 (x32 Version: 6.8.7)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2760512) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2760556) 64-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2727105) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768333) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768349) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768355) 64-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2727079) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2768356) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2752090) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2767856) 64-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514) (x32 Version: 11.0.51219)
Update for Microsoft Visual Studio Web Authoring Component (KB945140) (x32)
Update for Microsoft Word 2013 (KB2760244) 64-Bit Edition
Update for Microsoft Word 2013 (KB2767854) 64-Bit Edition
Update Rollup 10 for Microsoft Dynamics CRM for Outlook (KB2710577-v2) (Version: 5.0.9690.2740)
Update Rollup 13 for Microsoft Dynamics CRM for Outlook (KB2791312) (Version: 5.0.9690.3448)
Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (Version: 5.0.9690.1992)
VC Runtimes MSI (x32 Version: 9.0.21022)
Visual C++ 2008 IA64 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
Visual C++ 2008 x64 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148) (x32 Version: 9.0.30729.4148)
Visual C++ 2008 x64 Runtime - (v9.0.30729.6161) (x32 Version: 9.0.30729.6161)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148) (x32 Version: 9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161) (x32 Version: 9.0.30729.6161)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Visual Studio .NET Prerequisites - English (Version: 9.0.30729)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727)
Visual Studio 2012 Prerequisites (Version: 11.0.50727)
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.8514.0)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Vuze (Version: 4.9.0.0)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (x32 Version: 4.1.61829.0)
Web Deployment Tool (Version: 1.1.0618)
Windows App Certification Kit Native Components (Version: 8.59.25584)
Windows App Certification Kit x64 (x32 Version: 8.59.25584)
Windows Runtime Intellisense Content - en-us (x32 Version: 8.59.25584)
Windows Software Development Kit (x32 Version: 8.59.25584)
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WiX Toolset v3.6 Core (x32 Version: 3.6.3303.0)
WiX Toolset v3.6 Managed SDK (x32 Version: 3.6.3303.0)
WiX Toolset v3.6 Native 2008 SDK (x32 Version: 3.6.3303.0)
WiX Toolset v3.6 Native 2010 SDK (x32 Version: 3.6.3303.0)
WiX Toolset v3.6 Native 2012 SDK (x32 Version: 3.6.3303.0)
WiX Toolset v3.6 Visual Studio Integration (x32 Version: 3.6.3303.0)
WiX Toolset v3.6.3303.1 (x32 Version: 3.6.3303.1)
Wuala (HKCU Version: 1.0.428.0)
Wuala CBFS (x32 Version: 3.2.107.0)
Wuala OverlayIcons (x32 Version: 1.0.0.2)

==================== Restore Points  =========================


==================== Scheduled Tasks (whitelisted) =============

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1A9E6BDA-1338-4DDB-B236-80763EB10433} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {22653051-A11E-4629-94A0-3CC0536E57A7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2ADD9AE8-58FF-4AD5-88E6-8249537A6D5A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C035560-17C7-4F94-8B66-4E0AC4941110} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2135461466-4272244216-2557293097-1007
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {491B4BCC-39A6-49C4-B411-D62377D6CDBB} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {494B211B-3B26-4135-9E0C-4327564542A2} - \Optimize Start Menu Cache Files-S-1-5-21-2135461466-4272244216-2557293097-1001 No Task File
Task: {4AEBD039-F06F-4FE6-B2DF-F2128EA4E22A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5F847277-0948-4890-B6B4-4477408F50A7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {64149816-7744-4911-BE24-159ACEE6F1A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3452433561-764224518-794008597-1113Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
Task: {6ADF5C82-C54B-496B-B51A-D1289B626BEC} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {920DC5D8-7D53-4A99-89AD-7A227AC691F9} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2135461466-4272244216-2557293097-1008 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {984D52C4-CA85-4B9C-B4DF-B982F1F12719} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3452433561-764224518-794008597-1113 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9DAC7F30-9328-4179-A4CD-AC0955959EDF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB04220B-3148-4FB5-B817-0E24D08E6EE3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3452433561-764224518-794008597-1113UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AB7962BA-BA36-44D0-9AF7-308EA51511AE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B082CF94-C08C-4866-87BE-462B56B33003} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3452433561-764224518-794008597-1113
Task: {B3F531E7-DF06-4472-B493-02B60E9D4D0F} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C44E692D-256A-4FF1-B0AF-B703A9BABAB8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D416E205-A351-4393-B1F3-1DD969E6E760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {D47A0BB9-03C7-421D-83C7-187A58A57268} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E2422427-AA82-47DB-B635-12CAB9254EAF} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2135461466-4272244216-2557293097-1008
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E5AA8F01-AD7A-4FFD-91CD-9787ACC41BF1} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3452433561-764224518-794008597-500 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F9AD0EEE-DEC7-40BC-9225-9EAD7A752F73} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-01-30] (Synaptics Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452433561-764224518-794008597-1113Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452433561-764224518-794008597-1113UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2013 02:54:42 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:42Z. Error Code: 0x80040154.

Error: (06/25/2013 02:54:12 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:12Z. Error Code: 0x80040154.

Error: (06/25/2013 02:53:42 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:42Z. Error Code: 0x80040154.

Error: (06/25/2013 02:53:12 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:12Z. Error Code: 0x80040154.

Error: (06/25/2013 02:52:42 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:42Z. Error Code: 0x80040154.

Error: (06/25/2013 02:52:12 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:12Z. Error Code: 0x80040154.

Error: (06/25/2013 02:51:42 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:42Z. Error Code: 0x80040154.

Error: (06/25/2013 02:51:12 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:12Z. Error Code: 0x80040154.

Error: (06/25/2013 02:50:42 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:42Z. Error Code: 0x80040154.

Error: (06/25/2013 02:50:12 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2013-06-26T07:28:12Z. Error Code: 0x80040154.


System errors:
=============
Error: (06/25/2013 00:41:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/25/2013 00:32:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/25/2013 00:29:57 PM) (Source: DCOM) (User: OFFICEZURICH)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/25/2013 00:29:57 PM) (Source: DCOM) (User: OFFICEZURICH)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/25/2013 00:26:52 PM) (Source: DCOM) (User: OFFICEZURICH)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/25/2013 00:26:52 PM) (Source: DCOM) (User: OFFICEZURICH)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/25/2013 00:26:52 PM) (Source: DCOM) (User: OFFICEZURICH)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/25/2013 00:26:52 PM) (Source: DCOM) (User: OFFICEZURICH)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/25/2013 00:26:52 PM) (Source: DCOM) (User: OFFICEZURICH)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/25/2013 10:39:34 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\user\AppData\Local\Temp\trutil.sys


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-25 10:39:34.585
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:39:34.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:39:33.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:39:33.930
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:39:33.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:35:53.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:35:53.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:35:53.183
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:35:53.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 10:35:52.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 8125.47 MB
Available physical RAM: 4011.7 MB
Total Pagefile: 15549.47 MB
Available Pagefile: 11145.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:233.12 GB) (Free:27.92 GB) NTFS (Disk=0 Partition=2)
Drive g: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.99 GB) FAT32 (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 9FEC20DA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================

schrauber · 25.06.2013, 14:26

Zitat:

Hosts: 127.0.0.1 activate.adobe.com

Dateien, wie Crack.exe, Keygen.exe oder Patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten

decay · 25.06.2013, 14:34

na gut erwischt! ich habe diesen Eintrag vor langem mal selber da rein geschrieben um was zu testen. der Befall hat aber bestimmt nichts damit zu tun da dazumal ja kein "crack" verwendet wurde sondern lediglich das hostfile von Hand erweitert.
aber falls das keine letzte Antwort bleibt: Danke trotzdem für den Versuch!

schrauber · 25.06.2013, 15:19

Ändert leider nix an der Tatsache dass ich den Support hier einstellen muss.

25.06.2013, 15:19	#6
schrauber /// the machine /// TB-Ausbilder	System Befall, Dropper & Spy & Atraps etc. Ändert leider nix an der Tatsache dass ich den Support hier einstellen muss. __________________ --> System Befall, Dropper & Spy & Atraps etc.

System Befall, Dropper & Spy & Atraps etc.

Plagegeister aller Art und deren Bekämpfung: System Befall, Dropper & Spy & Atraps etc.