Windows 8: Cisco VPN und SavnSh(i)are

raphaels · 01.09.2013, 15:08

Wollte mich Cisco Vpn zu einem Server veribnden der dies nicht zu ließ (obwohl es via iPad noch mit diesem User und den gleichen Settings noch immer geht)
Meldung: Virensoftware nicht aktuell.

Daher mit Windows Defender und Essentials gescannt und SavnShare gefunde und Essentials behauptete SavnShare deinstalliert zu haben. war wohl ein Versuch, denn:

Die BrowserPlugIns von SavnShare hab ich dann in den Browsern selbst deaktivert und deinstalliert. SavnSh(i)are wurde leider noch im Control Panel als Software angezeigt.

Herkömmliche deinstallation via Control Panel nicht möglich.

Dann mit Microsoft FixIt versucht zu deinstallieren. Nicht machbar, auch nicht via manuell in Fixit eingegebenen Registry Schlüssel.

Daher RegEdit aufgerufen und manuell alle Einträge rausgelöscht wo "SavenSh*" vor kommt.
Und alle "für mich relevanten" Dateien in dem Pfad (unter "Program Data").

Software nun weg, aber noch immer die Fehlermeldung von CiscoVPN:
No authorized AntiVirus application found / Bzw. Your Virus update is older than 15 days (stimmt aber nicht, da Defender up2date ist. oder ist der zu wenig?)

Ergo versucht mit Spyhunter zu arbeiten der gleich mehrere hunderte angzeigt hat, allerdings meiner Meinung nach eher PhantomMalware da ich dieses Verhalten gar nicht hatte.

Hab dann gefunden, bevor ich Spyhunter gekauft habe, dass er selber ein Virus oder einfach schlecht ist und darum mich wieder an euch gewandt - wie schon mal 2006

Danke für euren Support. raphael

cosinus · 01.09.2013, 16:22

Hallo und

Zitat:

Adobe Photoshop CS5 (x32 Version: 12.0)
91.204.192.11 at-vpn01.redbull.com

Sieht nach einem gewerblich genutzten System aus

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

raphaels · 01.09.2013, 16:32

hi,
bin bei keiner firma, sondern bin freelancer für eine firma, daher kein it- support für mich

. ok, freiwillige spende machbar. 20 euro passt?
al
raphael

cosinus · 01.09.2013, 16:34

Hast du den Kasten mal komplett gelesen?
Es geht auch um den farblich geposteten Teil!

raphaels · 01.09.2013, 16:39

ja, habe ich, drum möchte ich ja wissen ob ich überhaupt malware oben habe?

kritische kundendaten und schon gar nicht bankdaten hab ich mmN nicht oben.
oder ist das so zu verstehen, dass ihr überhaupt niemanden helft der seinen pc in einem erweiterten beruflichen kontext verwendet?

cosinus · 01.09.2013, 17:10

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

raphaels · 01.09.2013, 17:45

Danke, hoffe es passt so:

1. ADWCleaner:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 01/09/2013 at 18:23:01
# Updated 24/08/2013 by Xplode
# Operating System : Windows 8 Pro with Media Center  (64 bits)
# Username : raphaels - BETTERYTEST
# Running from : C:\Users\raphaels\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\raphaels\AppData\Roaming\pdfforge

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\raphaels\AppData\Roaming\Mozilla\Firefox\Profiles\ldge40b7.default\prefs.js ]

Line Deleted : user_pref("extensions.lll.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=74055d&[...]

-\\ Google Chrome v

[ File : C:\Users\raphaels\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2272 octets] - [01/09/2013 18:22:28]
AdwCleaner[S0].txt - [2147 octets] - [01/09/2013 18:23:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2207 octets] ##########

--- --- ---

2. JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by raphaels on 01.09.2013 at 18:28:08,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2013 at 18:33:01,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by raphaels (administrator) on BETTERYTEST on 01-09-2013 18:39:06
Running from C:\Users\raphaels\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NetSupport Ltd) C:\programme\Netsupport Manager\client32.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NetSupport Ltd) C:\programme\Netsupport Manager\client32.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
(Dropbox, Inc.) C:\Users\raphaels\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [BoxSyncHelper] - C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-02-21] (Box, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [Box Edit] - C:\Users\raphaels\AppData\Local\Box Edit\Box Edit.exe [460744 2012-10-19] (Box)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
MountPoints2: {9e61f13c-9585-11e2-be83-b4749f95dfde} - "E:\PMCsetup.exe" 
MountPoints2: {9e61f36a-9585-11e2-be83-b4749f95dfde} - "F:\PMCsetup.exe" 
MountPoints2: {d21aecb5-5428-11e2-be73-b4749f95dfde} - "F:\ting.exe" 
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LauncherCX17NF] - C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2434528 2011-05-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DocuPrint  CX17NF RUN] - C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [361952 2011-05-30] ()
HKLM-x32\...\Run: [StatusAutoRunCX17NF] - C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [4480984 2011-07-19] ()
HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2013-03-28] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527312 2012-01-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] - C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532352 2013-07-16] (MyHeritage)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\Administrator\...\Run: [Box Edit] - C:\Users\Administrator\AppData\Local\Box Edit\Box Edit.exe [x]
HKU\Administrator\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [AdobeBridge] -  [x]
HKU\Gast\...\Run: [Box Edit] - C:\Users\Gast\AppData\Local\Box Edit\Box Edit.exe [x]
HKU\Gast\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Gast\...\Run: [AdobeBridge] -  [x]
HKU\raphdul\...\Run: [Box Edit] - C:\Users\raphdul\AppData\Local\Box Edit\Box Edit.exe [x]
HKU\raphdul\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\raphdul\...\Run: [AdobeBridge] -  [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk
ShortcutTarget: Snagit 9.lnk -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Unofficial Apple Wireless Keyboard Support.lnk
ShortcutTarget: Unofficial Apple Wireless Keyboard Support.lnk -> C:\Program Files (x86)\Unofficial Apple Wireless Keyboard Support\UAWKS.exe ()
Startup: C:\Users\raphaels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\raphaels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\raphaels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://portal.bawagpsk.com/SNX/CSHELL/extender.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 91.204.192.11	at-vpn01.redbull.com
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 195.34.133.21

FireFox:
========
FF ProfilePath: C:\Users\raphaels\AppData\Roaming\Mozilla\Firefox\Profiles\ldge40b7.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\raphaels\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKCU: box.com/BoxEdit - C:\Users\raphaels\AppData\Local\Box Edit\npBoxEdit.dll (Box)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://podio.com/tasks/", "hxxp://google.at/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (YouTube) - C:\Users\raphaels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\raphaels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\raphaels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\raphaels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [101336 2011-07-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 Client32; "C:\programme\Netsupport Manager\client32.exe" /* * client32.ini [x]

==================== Drivers (Whitelisted) ====================

S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 nskbfltr; C:\WINDOWS\system32\drivers\nskbfltr.sys [27680 2007-07-09] (Windows (R) Codename Longhorn DDK provider)
R3 nskbfltr; C:\WINDOWS\system32\drivers\nskbfltr.sys [27680 2007-07-09] (Windows (R) Codename Longhorn DDK provider)
R1 PCISys; C:\Windows\System32\drivers\pcisys.sys [21536 2009-06-02] (NetSupport Ltd)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 VNA; C:\Windows\system32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [x]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [x]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 18:28 - 2013-09-01 18:28 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-01 18:22 - 2013-09-01 18:23 - 00000000 ___DC C:\AdwCleaner
2013-09-01 18:22 - 2013-09-01 18:22 - 00994642 ____C C:\Users\raphaels\Desktop\adwcleaner.exe
2013-09-01 18:21 - 2013-09-01 18:21 - 01027511 ____C (Thisisu) C:\Users\raphaels\Desktop\JRT.exe
2013-09-01 17:59 - 2013-09-01 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-01 17:59 - 2013-09-01 17:59 - 00000250 ____C C:\Users\raphaels\Desktop\defogger_enable.log
2013-09-01 17:59 - 2013-09-01 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 17:57 - 2013-09-01 18:12 - 00000000 ___DC C:\Users\raphaels\Desktop\mbar
2013-09-01 17:57 - 2013-09-01 17:57 - 12907592 ____C (Malwarebytes Corp.) C:\Users\raphaels\Downloads\mbar-1.07.0.1005.exe
2013-09-01 16:23 - 2013-09-01 16:23 - 00000546 _____ C:\WINDOWS\SysWOW64\bufferpool.txt
2013-09-01 15:50 - 2013-09-01 15:50 - 00004116 ____C C:\Users\raphaels\Desktop\Gmer.txt
2013-09-01 15:40 - 2013-09-01 15:40 - 00057478 ____C C:\Users\raphaels\Desktop\Addition.txt
2013-09-01 15:36 - 2013-09-01 15:36 - 01590206 ____C (Farbar) C:\Users\raphaels\Desktop\FRST64.exe
2013-09-01 15:36 - 2013-09-01 15:36 - 00050477 ____C C:\Users\raphaels\Desktop\Defogger.exe
2013-09-01 15:36 - 2013-09-01 15:36 - 00000478 ____C C:\Users\raphaels\Desktop\defogger_disable.log
2013-09-01 15:32 - 2013-09-01 15:32 - 00377856 ____C C:\Users\raphaels\Desktop\gmer_2.1.19163.exe
2013-09-01 15:30 - 2013-09-01 15:30 - 00000000 ___DC C:\FRST
2013-09-01 15:16 - 2013-09-01 15:16 - 00000000 ____C C:\autoexec.bat
2013-09-01 15:15 - 2013-09-01 15:27 - 00000000 ____D C:\WINDOWS\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-01 15:15 - 2013-09-01 15:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-01 14:59 - 2013-09-01 15:04 - 00000000 ___DC C:\MATS
2013-09-01 14:47 - 2013-09-01 18:23 - 04904320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-01 14:47 - 2013-09-01 14:47 - 00000000 ____D C:\WINDOWS\pss
2013-08-30 14:16 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-08-30 14:16 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-08-30 14:16 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2013-08-30 14:16 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2013-08-30 14:16 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2013-08-30 14:16 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-08-30 14:16 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-08-30 14:16 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-08-30 14:16 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-08-30 14:16 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-08-30 14:16 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-30 14:16 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-08-30 14:16 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-08-30 14:16 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2013-08-30 14:16 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-30 14:16 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-08-30 14:16 - 2013-07-03 01:51 - 04039680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-08-30 14:16 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-08-30 14:16 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2013-08-30 14:16 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-08-30 14:16 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-08-30 14:16 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-08-30 14:16 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-08-30 14:16 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-08-30 14:16 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-08-30 14:16 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2013-08-30 14:16 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-08-30 14:16 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-08-30 14:16 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-08-30 14:16 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-08-30 14:16 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-08-30 14:16 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2013-08-30 14:16 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2013-08-30 14:16 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2013-08-30 14:16 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-08-30 14:16 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-08-30 14:16 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-08-30 14:16 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-08-30 14:16 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-08-30 14:16 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-08-30 14:16 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2013-08-30 14:16 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2013-08-30 14:16 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2013-08-30 07:08 - 2013-08-30 15:08 - 00003165 ____C C:\Users\raphaels\Desktop\themen.txt
2013-08-29 21:05 - 2013-08-29 21:05 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-08-29 21:05 - 2013-08-29 21:05 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-08-29 10:42 - 2013-08-29 10:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-28 11:13 - 2013-08-28 11:13 - 00289368 _____ C:\WINDOWS\Minidump\082813-19453-01.dmp
2013-08-25 09:09 - 2013-08-25 09:09 - 00000000 ___DC C:\Users\raphaels\Documents\SmartScore Sample Files
2013-08-25 09:09 - 2013-08-25 09:09 - 00000000 ____D C:\Users\raphaels\SmartScore
2013-08-23 22:02 - 2013-08-23 22:02 - 00000132 _____ C:\Users\raphaels\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-08-23 21:52 - 2013-08-23 21:52 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\MusE
2013-08-23 21:52 - 2013-08-23 21:52 - 00000000 ____D C:\Users\raphaels\AppData\Local\MusE
2013-08-23 21:50 - 2013-08-23 21:50 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visiv
2013-08-23 21:50 - 2013-08-23 21:50 - 00000000 ____D C:\Program Files (x86)\visiv-co-uk
2013-08-23 21:36 - 2013-08-23 21:36 - 00000724 _____ C:\WINDOWS\wacam.TMP
2013-08-23 21:14 - 2013-08-28 16:35 - 00000000 ____D C:\ProgramData\Syscon
2013-08-23 21:12 - 2013-08-23 23:10 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\capella-software
2013-08-23 21:11 - 2013-08-23 21:11 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\AudiverisLtd
2013-08-23 21:11 - 2013-08-23 21:11 - 00000000 ____D C:\Program Files (x86)\capella-software
2013-08-23 14:13 - 2013-08-23 14:13 - 00233686 ____C C:\Users\raphaels\Desktop\WIP - Merged Traceability Matrix July 31.xlsx
2013-08-22 13:26 - 2013-08-23 21:32 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\ACAMPREF
2013-08-22 13:25 - 2001-02-16 15:51 - 00000724 _____ C:\WINDOWS\wacam.ini
2013-08-22 13:24 - 2013-08-23 22:03 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\Swiftdata
2013-08-20 13:34 - 2013-08-20 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 11:13 - 2013-08-19 11:23 - 00000000 ___DC C:\MAILS
2013-08-15 16:03 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-08-15 16:03 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2013-08-15 16:03 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2013-08-15 16:03 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2013-08-15 16:03 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2013-08-15 16:02 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-15 16:02 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-15 16:02 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-15 16:02 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-15 16:02 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-15 16:02 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-15 16:02 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-15 16:02 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-15 16:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-08-15 16:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-08-15 16:02 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-08-15 16:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-08-15 16:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-08-15 16:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-08-15 16:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-08-15 16:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-08-15 16:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-08-15 16:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-08-15 16:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-08-15 16:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-08-15 16:02 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-08-15 16:01 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-08-15 16:01 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-08-15 16:01 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-08-15 16:01 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-08-15 16:01 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-08-15 16:01 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2013-08-15 16:01 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2013-08-15 16:01 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-08-15 16:01 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-08-15 16:01 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2013-08-15 16:01 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 __SDC C:\Users\raphaels\Documents\Meine Datenquellen
2013-08-12 14:49 - 2013-08-15 17:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-08 14:28 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-08-08 14:28 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-08-08 14:28 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-08-08 14:28 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-08-08 14:28 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-08-08 14:28 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-08-08 14:28 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-08-08 14:28 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-08-08 14:28 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-08-08 14:28 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-08-08 14:28 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-08-08 14:28 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-08-08 14:28 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-08-08 14:28 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-08-08 14:28 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-08-08 14:28 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-08-08 14:28 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-08-08 14:28 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-08-08 14:28 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-08-08 14:28 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-08-08 14:28 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-08-08 14:28 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-08-08 14:28 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-08-08 14:28 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-08-08 14:28 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-08-08 14:28 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-08-08 14:28 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-08-08 14:28 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-08-08 14:28 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-08-08 14:20 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2013-08-08 14:20 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-08-08 14:20 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2013-08-08 14:20 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-08-08 14:18 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2013-08-08 14:18 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-08-08 14:18 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-08-08 14:18 - 2013-05-04 09:30 - 00058312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-08-08 14:18 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-08-08 14:18 - 2013-05-04 08:59 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-08-08 14:18 - 2013-05-04 08:59 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-08-08 14:18 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2013-08-08 14:18 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2013-08-08 14:18 - 2013-05-04 08:59 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-08-08 14:18 - 2013-05-04 08:59 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-08-08 14:18 - 2013-05-04 08:59 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-08-08 14:18 - 2013-05-04 08:59 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-08-08 14:18 - 2013-05-04 08:59 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-08-08 14:18 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2013-08-08 14:18 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2013-08-08 14:18 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2013-08-08 14:18 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-08-08 14:18 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-08-08 14:18 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-08-08 14:18 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-08-08 14:18 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-08-08 14:18 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-08-08 14:18 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2013-08-08 14:18 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-08-08 14:18 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2013-08-08 14:18 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2013-08-08 14:18 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2013-08-08 14:18 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2013-08-08 14:18 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-08-08 14:18 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2013-08-08 14:18 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2013-08-08 14:18 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2013-08-08 14:18 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2013-08-08 14:18 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2013-08-08 14:18 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2013-08-08 14:18 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2013-08-08 14:18 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2013-08-08 14:18 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2013-08-08 14:17 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-08-08 14:17 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-08-08 14:17 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2013-08-08 14:17 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2013-08-08 14:17 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2013-08-08 14:17 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2013-08-08 14:17 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-08-08 14:17 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2013-08-08 10:08 - 2013-08-09 08:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-09-01 18:35 - 2013-09-01 18:33 - 00000637 ____C C:\Users\raphaels\Desktop\JRT.txt
2013-09-01 18:28 - 2013-09-01 18:28 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-01 18:28 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat
2013-09-01 18:28 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat
2013-09-01 18:28 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-01 18:25 - 2012-11-03 12:31 - 01663027 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-01 18:24 - 2013-02-14 13:47 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\Skype
2013-09-01 18:24 - 2012-11-03 13:01 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\Dropbox
2013-09-01 18:23 - 2013-09-01 18:22 - 00000000 ___DC C:\AdwCleaner
2013-09-01 18:23 - 2013-09-01 14:47 - 04904320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-01 18:23 - 2013-03-14 16:23 - 00000016 _____ C:\WINDOWS\system32\pcisys.ntk
2013-09-01 18:23 - 2012-11-03 12:29 - 00018344 _____ C:\WINDOWS\PFRO.log
2013-09-01 18:23 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-01 18:23 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-09-01 18:22 - 2013-09-01 18:22 - 00994642 ____C C:\Users\raphaels\Desktop\adwcleaner.exe
2013-09-01 18:21 - 2013-09-01 18:21 - 01027511 ____C (Thisisu) C:\Users\raphaels\Desktop\JRT.exe
2013-09-01 18:14 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-01 18:12 - 2013-09-01 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-01 18:12 - 2013-09-01 17:57 - 00000000 ___DC C:\Users\raphaels\Desktop\mbar
2013-09-01 18:11 - 2012-11-03 15:06 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-01 17:59 - 2013-09-01 17:59 - 00000250 ____C C:\Users\raphaels\Desktop\defogger_enable.log
2013-09-01 17:59 - 2013-09-01 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 17:59 - 2012-11-03 12:31 - 00000000 ____D C:\Users\raphaels
2013-09-01 17:57 - 2013-09-01 17:57 - 12907592 ____C (Malwarebytes Corp.) C:\Users\raphaels\Downloads\mbar-1.07.0.1005.exe
2013-09-01 16:32 - 2012-11-03 12:55 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2103582903-2867648326-1393466837-1000
2013-09-01 16:23 - 2013-09-01 16:23 - 00000546 _____ C:\WINDOWS\SysWOW64\bufferpool.txt
013-09-01 15:50 - 2013-09-01 15:50 - 00004116 ____C C:\Users\raphaels\Desktop\Gmer.txt
2013-09-01 15:40 - 2013-09-01 15:40 - 00057478 ____C C:\Users\raphaels\Desktop\Addition.txt
2013-09-01 15:36 - 2013-09-01 15:36 - 01590206 ____C (Farbar) C:\Users\raphaels\Desktop\FRST64.exe
2013-09-01 15:36 - 2013-09-01 15:36 - 00050477 ____C C:\Users\raphaels\Desktop\Defogger.exe
2013-09-01 15:36 - 2013-09-01 15:36 - 00000478 ____C C:\Users\raphaels\Desktop\defogger_disable.log
2013-09-01 15:32 - 2013-09-01 15:32 - 00377856 ____C C:\Users\raphaels\Desktop\gmer_2.1.19163.exe
2013-09-01 15:30 - 2013-09-01 15:30 - 00000000 ___DC C:\FRST
2013-09-01 15:27 - 2013-09-01 15:15 - 00000000 ____D C:\WINDOWS\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-01 15:16 - 2013-09-01 15:16 - 00000000 ____C C:\autoexec.bat
2013-09-01 15:15 - 2013-09-01 15:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-01 15:04 - 2013-09-01 14:59 - 00000000 ___DC C:\MATS
2013-09-01 14:47 - 2013-09-01 14:47 - 00000000 ____D C:\WINDOWS\pss
2013-09-01 14:42 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-01 14:42 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-09-01 14:33 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-31 11:23 - 2012-11-03 15:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 11:21 - 2012-07-26 07:26 - 00000167 _____ C:\WINDOWS\win.ini
2013-08-31 11:09 - 2012-09-23 16:41 - 00000000 ___DC C:\Users\raphaels\Documents\Fax
2013-08-31 11:06 - 2013-03-13 11:42 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-08-30 15:08 - 2013-08-30 07:08 - 00003165 ____C C:\Users\raphaels\Desktop\themen.txt
2013-08-30 14:14 - 2013-05-16 11:31 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\SAP
2013-08-30 14:14 - 2013-05-16 11:29 - 00000000 ___DC C:\Users\raphaels\Documents\SAP
2013-08-30 14:14 - 2013-05-16 11:29 - 00000000 ____D C:\Users\raphaels\AppData\Local\SAP
2013-08-30 09:19 - 2013-07-26 08:46 - 00002081 _____ C:\WINDOWS\setupact.log
2013-08-29 21:29 - 2012-11-03 17:22 - 00000600 _____ C:\Users\raphaels\AppData\Roaming\winscp.rnd
2013-08-29 21:05 - 2013-08-29 21:05 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-08-29 21:05 - 2013-08-29 21:05 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-08-29 12:15 - 2013-05-08 12:58 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\Box Sync
2013-08-29 10:42 - 2013-08-29 10:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-28 17:15 - 2013-06-21 10:16 - 00001604 ____C C:\Users\raphaels\Desktop\bawag.txt
2013-08-28 16:35 - 2013-08-23 21:14 - 00000000 ____D C:\ProgramData\Syscon
2013-08-28 11:13 - 2013-08-28 11:13 - 00289368 _____ C:\WINDOWS\Minidump\082813-19453-01.dmp
2013-08-28 11:13 - 2013-06-10 09:10 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-26 13:48 - 2013-06-25 09:41 - 00082792 _____ C:\Users\raphaels\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-25 09:09 - 2013-08-25 09:09 - 00000000 ___DC C:\Users\raphaels\Documents\SmartScore Sample Files
2013-08-25 09:09 - 2013-08-25 09:09 - 00000000 ____D C:\Users\raphaels\SmartScore
2013-08-23 23:10 - 2013-08-23 21:12 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\capella-software
2013-08-23 22:03 - 2013-08-22 13:24 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\Swiftdata
2013-08-23 22:02 - 2013-08-23 22:02 - 00000132 _____ C:\Users\raphaels\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-08-23 21:52 - 2013-08-23 21:52 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\MusE
2013-08-23 21:52 - 2013-08-23 21:52 - 00000000 ____D C:\Users\raphaels\AppData\Local\MusE
2013-08-23 21:50 - 2013-08-23 21:50 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visiv
2013-08-23 21:50 - 2013-08-23 21:50 - 00000000 ____D C:\Program Files (x86)\visiv-co-uk
2013-08-23 21:36 - 2013-08-23 21:36 - 00000724 _____ C:\WINDOWS\wacam.TMP
2013-08-23 21:32 - 2013-08-22 13:26 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\ACAMPREF
2013-08-23 21:11 - 2013-08-23 21:11 - 00000000 ____D C:\Users\raphaels\AppData\Roaming\AudiverisLtd
2013-08-23 21:11 - 2013-08-23 21:11 - 00000000 ____D C:\Program Files (x86)\capella-software
2013-08-23 14:13 - 2013-08-23 14:13 - 00233686 ____C C:\Users\raphaels\Desktop\WIP - Merged Traceability Matrix July 31.xlsx
2013-08-22 17:16 - 2012-11-03 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-20 13:35 - 2013-08-20 13:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 07:55 - 2013-02-09 14:35 - 00000000 ____D C:\Users\raphaels\AppData\Local\Deployment
2013-08-19 11:23 - 2013-08-19 11:13 - 00000000 ___DC C:\MAILS
2013-08-18 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-08-16 17:42 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-16 17:42 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-16 15:05 - 2013-06-25 09:34 - 00000000 ___DC C:\Users\raphaels\Documents\PDF Architect Files
2013-08-15 17:34 - 2013-08-12 14:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-15 17:31 - 2012-12-13 09:18 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 __SDC C:\Users\raphaels\Documents\Meine Datenquellen
2013-08-12 10:13 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-12 10:13 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-08-12 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-12 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-12 10:13 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2013-08-12 10:13 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2013-08-09 08:00 - 2013-08-08 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-08 09:16 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing

Files to move or delete:
====================
C:\Users\raphaels\AppData\Local\Temp\Quarantine.exe
C:\Users\raphaels\AppData\Local\Temp\SHSetup.exe
C:\Users\raphaels\AppData\Local\Temp\SkypeSetup.exe
C:\Users\raphaels\AppData\Local\Temp\UNINSTAL.EXE
C:\Users\raphaels\AppData\Local\Temp\VSDC259.tmp\Setup.exe
C:\Users\raphaels\AppData\Local\Temp\VSD8BFA.tmp\Setup.exe
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sqliteman-1.2.2-win32.zip\Sqliteman-1.2.2\sqliteman.exe
C:\Users\raphaels\AppData\Local\Temp\Temp1_sqlitebrowser_200_b1_win.zip\sqlitebrowser_200_b1_win\SQLite Database Browser 2.0 b1.exe
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista64\R4EEA64A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista64\R4EED64A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista64\R4EEG64A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista64\R4EEL64A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista64\R4EEP64A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista\R4EEA32A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista\R4EED32A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista\R4EEG32A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista\R4EEL32A.dll
C:\Users\raphaels\AppData\Local\Temp\Temp1_Sound_6.0.1.6400.ZIP\Sounddrv\Vista\R4EEP32A.dll
C:\Users\raphaels\AppData\Local\Temp\nspD8D0.tmp\spext.dll
C:\Users\raphaels\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\raphaels\AppData\Local\Temp\jna-raphaels\jna4862293494016916940.dll
C:\Users\raphaels\AppData\Local\Temp\62FB.tmp\inst.exe
C:\Users\raphaels\AppData\Local\Temp\54A.tmp\inst.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-30 07:45

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-09-2013
Ran by raphaels at 2013-09-01 18:39:36
Running from C:\Users\raphaels\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Photoshop CS5 (x32 Version: 12.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.2 (x32 Version: 2.0.2)
Bonjour (Version: 3.0.0.10)
Box Edit (x32 Version: 1.1.29)
Box Sync (64 bit) (Version: 3.4.20.0)
Cisco AnyConnect Diagnostics and Reporting Tool (x32 Version: 3.0.5080)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.5080)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080)
Cisco WebEx Meetings (HKCU)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox (HKCU Version: 2.0.22)
EPSON AcuLaser CX17NF_WF (x32 Version: 1.010.00)
FareMaster (x32 Version: 1.0.0)
FFmpeg v0.6.2 for Audacity (x32)
Finale 2009 (x32 Version: 14.2.r3.0)
Fitbit Connect (x32 Version: 1.0.0.2578)
GenoPro 2.5.4.1 (x32)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
iTunes (Version: 11.0.3.42)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
LAME v3.99.3 (for Windows) (x32)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Visio Professional 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (x32 Version: 8.0.50727.4053)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (x32 Version: 9.0)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML4.0 redistributable (x32 Version: 4.0.0.0)
MyHeritage Family Tree Builder (x32 Version: 7.0.0.7118)
NetSupport Manager (x32 Version: 10.60.0006)
Notepad++ (x32 Version: 6.3.2)
Office Timeline 2012 (x32 Version: 2.0.9)
PDF Architect (x32 Version: 1.1.83.9982)
PDF Settings CS5 (x32 Version: 10.0)
PDFCreator (x32 Version: 1.7.0)
Philips Songbird (x32 Version: 2.6.1 Build: 6.1.2265)
rosoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
SAP GUI for Windows 7.20 (x32 Version: 7.20 Compilation 2)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SharpEye Music Reader 2 (x32)
Skype™ 6.5 (x32 Version: 6.5.158)
Snagit 9.1 (x32 Version: 9.1.0.206)
TeamViewer 7 (x32 Version: 7.0.15723)
Total Commander (Remove or Repair) (x32)
Unofficial Apple Wireless Keyboard Support (x32)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
VideoPad Video Editor (x32)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WinSCP 5.1 (x32 Version: 5.1)
XMind (x32 Version: 3.3.0)

==================== Restore Points  =========================

01-09-2013 13:04:03 Wiederherstellungspunkt vor Der Name ist nicht verfügbar. wurde mithilfe der Problembehandlung für die Programminstallation und -deinstallation entfernt.

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-09-01 15:13 - 00000864 ____A C:\WINDOWS\system32\Drivers\etc\hosts

91.204.192.11	at-vpn01.redbull.com


==================== Scheduled Tasks (whitelisted) =============

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {12BB22D3-323D-4B90-9D1E-BB6B34FC18FF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {27825CEF-9182-4A06-A98F-B9E203370B97} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {67CD7B7B-5EEB-4B20-9A52-7A7A82C2C12F} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2103582903-2867648326-1393466837-1000
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {ACEC3961-ACF4-4D13-8565-01946ACE591A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B4CB333C-D5CE-4A8B-9625-F65F3A988ADF} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rs@pernau.at => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C0356A5D-06B4-40C9-8F85-CDA42AE352AD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D5577502-EFF6-4CA3-A2B8-ABD82D21775E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6683E4A-34AB-4F21-8810-0481E007C712} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F395BAB4-5F42-4010-9A82-E311F5B3E37B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2012-07-26] (Microsoft Corporation)
Task: {FAB64460-7696-4912-B9B8-B87C9DC4A814} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2012-11-03] (NCH Software)
Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync

==================== Loaded Modules (whitelisted) =============

2012-11-03 22:36 - 2012-09-20 08:30 - 01743872 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\combase.dll
2012-11-19 09:15 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCORE.dll
2013-08-30 14:16 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINMMBASE.dll
2012-07-26 01:31 - 2012-07-26 05:07 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\profext.dll
2012-11-02 23:34 - 2012-11-02 23:35 - 00828872 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50727.1_x64__8wekyb3d8bbwe\MSVCR110.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 00054176 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\wllog.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 03425184 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll
2012-11-19 09:15 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\shcore.dll
2012-07-26 01:33 - 2012-07-26 05:07 - 00175616 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2012-11-03 22:36 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\twinapi.dll
2012-11-03 22:36 - 2012-09-20 08:33 - 00866304 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 00229792 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\shared\bici.dll
2012-07-26 01:59 - 2012-07-26 05:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\threadpoolwinrt.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 01938336 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll
2012-07-26 04:01 - 2012-07-26 05:07 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.dll
2013-01-12 12:17 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\System32\wpnapps.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 00054688 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll
2012-07-26 01:22 - 2012-07-26 05:06 - 00601600 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
2013-03-15 14:55 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 01413536 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Eas.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 01366944 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 00657824 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernChat\App\Components\ConversationSystem\Dll\microsoft.windowslive.chat.chatsystem.dll
2012-11-02 23:40 - 2012-11-02 23:40 - 00644000 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.PresenceIM.dll
2013-04-15 09:05 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
2013-04-15 09:05 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2012-07-26 02:06 - 2012-07-26 05:05 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\CryptoWinRT.dll
2012-07-26 02:08 - 2012-07-26 05:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\NTASN1.dll
2012-07-26 01:43 - 2012-07-26 05:07 - 00371200 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.dll
2012-07-26 01:45 - 2012-07-26 05:06 - 00300032 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\NInput.dll
2012-07-26 02:06 - 2012-07-26 05:06 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mskeyprotect.dll
2012-07-26 01:57 - 2012-07-26 05:07 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\VAULTCLI.dll
2012-07-26 02:10 - 2012-07-26 05:05 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\DPAPI.dll
2013-01-10 11:32 - 2012-11-26 06:20 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2012-07-26 03:51 - 2012-07-26 05:05 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\elscore.dll
2012-07-26 01:58 - 2012-07-26 05:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll
2012-07-26 01:41 - 2012-07-26 05:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2012-07-26 02:06 - 2012-07-26 05:07 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\SystemEventsBrokerClient.dll
2012-07-26 02:10 - 2012-07-26 05:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\DPAPI.dll
2013-08-08 14:18 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\System32\Bcp47Langs.dll
2013-01-12 12:17 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2012-07-26 02:28 - 2012-07-26 05:05 - 00096256 _____ (Microsoft Corporation) C:\Windows\System32\AuthBroker.dll
2012-10-10 03:22 - 2012-12-14 02:42 - 00110592 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2012-10-10 03:22 - 2012-12-14 02:42 - 00064000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrDEU.lrc
2012-10-10 03:22 - 2012-10-10 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-19 09:15 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\System32\SHCORE.dll
2012-07-26 01:32 - 2012-07-26 05:06 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\PrintIsolationProxy.dll
2012-07-26 05:33 - 2012-09-20 10:21 - 00918016 _____ (Microsoft Corporation) C:\WINDOWS\system32\spool\DRIVERS\x64\3\unidrvui.dll
2012-07-26 02:31 - 2012-11-06 06:18 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
2012-07-26 02:35 - 2012-07-26 05:06 - 01752064 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\opcservices.dll
2012-07-26 01:31 - 2012-07-26 05:08 - 02974208 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\xpsservices.dll
2012-11-03 15:41 - 2010-03-29 21:30 - 00060288 _____ (Microsoft Corporation) C:\WINDOWS\system32\spool\DRIVERS\x64\3\SendToOneNoteUI.DLL
2012-11-19 09:15 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\SHCORE.dll
2012-11-19 09:15 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2012-11-03 22:36 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.dll
2013-08-08 14:18 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2012-07-26 01:33 - 2012-07-26 05:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
2013-05-21 10:04 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\System32\wpncore.dll
2012-07-26 04:06 - 2012-07-26 05:07 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\sppc.dll
2012-07-25 22:22 - 2012-12-14 02:42 - 12858368 _____ (Intel Corporation) C:\WINDOWS\SYSTEM32\igd10umd64.dll
2012-07-26 02:05 - 2012-07-26 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\dcomp.dll
2012-07-26 01:54 - 2012-07-26 05:05 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\System32\IDStore.dll
2012-07-26 01:31 - 2012-07-26 05:08 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\System32\wlidprov.dll
2012-07-26 01:24 - 2012-07-26 05:05 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\InputSwitch.dll
2012-07-26 04:22 - 2012-07-26 05:05 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ElsLad.dll
2012-07-26 02:04 - 2012-07-26 05:07 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\windows.globalization.fontgroups.dll
2012-11-03 22:36 - 2012-09-20 08:33 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\System32\wpnprv.dll
2012-07-26 02:05 - 2012-07-26 05:07 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\wcmapi.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2013-04-15 09:04 - 2013-03-02 04:44 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2012-07-26 02:26 - 2012-07-26 05:07 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2012-07-26 03:22 - 2012-07-26 05:05 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL
2012-11-03 22:36 - 2012-09-20 08:32 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2012-07-26 03:37 - 2012-07-26 05:06 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\System32\NcaApi.dll
2012-07-26 01:33 - 2012-07-26 05:06 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2012-07-26 01:54 - 2012-07-26 05:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\BluetoothApis.dll
2013-08-08 14:17 - 2013-04-23 00:08 - 10004120 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
2013-08-12 10:38 - 2013-08-12 10:38 - 15577088 _____ (Microsoft Corporation) C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\mscorlib\a77d877c214d5c7b4adbe2b8a9da3cf2\mscorlib.ni.dll
2013-02-21 19:49 - 2013-02-21 19:49 - 00009216 _____ (Box, Inc.) C:\Program Files\Box Sync\BoxIconOverlayHandler.dll
2013-02-10 14:41 - 2012-10-09 05:09 - 01574496 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
2013-02-21 19:49 - 2013-02-21 19:49 - 00091136 _____ (Box, Inc.) C:\Program Files\Box Sync\BoxUtils.dll
2013-08-19 09:48 - 2013-08-19 09:48 - 10656256 _____ (Microsoft Corporation) C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System\22ec5ef7e68231f7589fdc57aa925444\System.ni.dll
2013-08-19 09:51 - 2013-08-19 09:51 - 06964736 _____ (Microsoft Corporation) C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Xml\b6416bffcc5166d6abaa6529e3226e12\System.Xml.ni.dll
2013-08-19 09:51 - 2013-08-19 09:51 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Configuration\5f19037c26173104aadba1036cc21633\System.Configuration.ni.dll
2013-02-18 16:09 - 2012-11-02 07:18 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2012-07-26 04:13 - 2012-07-26 05:05 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\System32\drprov.dll
2012-07-26 02:04 - 2012-07-26 05:06 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\System32\ntlanman.dll
2012-07-26 03:37 - 2012-07-26 05:05 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\System32\davclnt.dll
2012-07-26 02:59 - 2012-07-26 05:05 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\dlnashext.dll
2013-03-15 14:55 - 2013-02-02 10:23 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlroamextension.dll
2013-08-15 16:01 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\apprepapi.dll
2012-07-26 04:19 - 2012-07-26 05:06 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\pcacli.dll
2013-08-30 14:16 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\WINMMBASE.dll
2012-11-19 09:15 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\SHCORE.DLL

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Gast\.DS_Store:AFP_AfpInfo


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-01 18:23:31.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-01 14:55:46.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-01 14:43:16.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 11:13:10.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-22 17:16:02.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-16 20:18:21.505
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-12 10:13:43.192
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-08 09:16:36.893
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-16 15:32:48.002
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-10 09:10:46.925
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 4009.54 MB
Available physical RAM: 2751.05 MB
Total Pagefile: 8105.54 MB
Available Pagefile: 6684.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACEisBack) (Fixed) (Total:66.96 GB) (Free:14.98 GB) NTFS
Drive d: (TEMP_PART01) (Fixed) (Total:24.88 GB) (Free:6.46 GB) NTFS
Drive f: (ALERL) (Removable) (Total:59.61 GB) (Free:57.33 GB) FAT32
Drive g: (MUSIK_PICS) (Removable) (Total:60.44 GB) (Free:7.6 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119 GB) (Disk ID: F77DF0EC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=67 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)

========================================================
Disk: 2 (Size: 60 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=60 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 60 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=60 GB) - (Type=0C)

==================== End Of Log ============================

cosinus · 01.09.2013, 17:55

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

raphaels · 01.09.2013, 20:53

MBAM hat nichts gefunden.

Eset hat 1 issue gemeldet

Anbei:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6ecbbc88d91189439c459e2933f82900
# engine=14974
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-01 07:41:23
# local_time=2013-09-01 09:41:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 94 19127 19403 11722 0
# compatibility_mode=5893 16776574 100 94 19108 5347958 0 0
# scanned=308212
# found=1
# cleaned=0
# scan_time=9008
sh=7DAB5D61B0153BB852AB823C9FFE366F6179DED0 ft=0 fh=0000000000000000 vn="PHP/C99Shell.NAJ trojan" ac=I fn="C:\totalcmd\testhtml\html.php"

cosinus · 02.09.2013, 10:08

Sieht soweit ok aus. Deine Kiste ist malwarefrei. Der letzte Fund von ESET scheint imho ein Fehlalarm gewesen zu sein.
Wenn die VPN-Verbindung nicht hinhaut müsstest du dich mal beim zuständigen Helpdesk melden, die können dir weiterhelfen weil dir ihr Netz am besten kennen.

raphaels · 02.09.2013, 10:21

Mhm, ok Danke, bitte um info wo ich das Geld hinüberweisen darf.
al
raphael

01.09.2013, 16:34	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 8: Cisco VPN und SavnSh(i)are Hast du den Kasten mal komplett gelesen? Es geht auch um den farblich geposteten Teil! __________________ Logfiles bitte immer in CODE-Tags posten

02.09.2013, 10:08	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 8: Cisco VPN und SavnSh(i)are Sieht soweit ok aus. Deine Kiste ist malwarefrei. Der letzte Fund von ESET scheint imho ein Fehlalarm gewesen zu sein. Wenn die VPN-Verbindung nicht hinhaut müsstest du dich mal beim zuständigen Helpdesk melden, die können dir weiterhelfen weil dir ihr Netz am besten kennen. __________________ Logfiles bitte immer in CODE-Tags posten

Windows 8: Cisco VPN und SavnSh(i)are

Plagegeister aller Art und deren Bekämpfung: Windows 8: Cisco VPN und SavnSh(i)are