Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus/ Trojaner TR/Patched.Ren.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.02.2014, 11:42   #1
accr
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Hallo!

Ich scheine einen Virus/ Trojaner auf meinem Rechner zu haben. Gemerkt habe ich es dadurch, dass anscheinend von einem meiner Email Accounts ganz viele Spams verschickt wurden, denn ich habe tausende 'Returned-Mail'- Nachrichten zurückbekommen... Das hat inzwischen aufgehört, weil ich mein Email-Passwort geändert habe.

Inzwischen habe ich auch schon Avira, Malwarebytes und Ad-Aware Antivirus nacheinander laufen lassen. Alle 3 Programme haben was gefunden und ich habe einige Files gelöscht bzw. in Quarantäne verschoben, aber es kommen immer wieder neue. Gerade hat Avira wieder files mit der Endung Patched.Ren.Gen gefunden.

Ich freue mich über jede Hilfe! Vielen Dank!

Alt 21.02.2014, 12:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.02.2014, 14:55   #3
accr
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Hallo!
Vielen Dank für die schnelle Antwort! Von Malwarebytes habe ich noch einen Logfile vom 17.2.:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.17.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
RuhlandA :: ZUE-W-9860 [Administrator]

17.02.2014 15:58:55
mbam-log-2014-02-17 (15-58-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 492953
Laufzeit: 3 Stunde(n), 37 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {2C6C8DCA-0989-11E2-89CD-028037EC0200} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Am 19.2. habe ich noch mal einen vollständigen Scan mit Malwarebytes durchgeführt und da hat er nichts mehr gefunden.

Vom 18.2. habe ich folgenden Report von Ad-Aware:

<?xml version="1.0"?>
-<Summary> <ScanInfo EndTime="20140218T212727.571907" StartTime="20140218T164027.571907" ScanType="Full" ScanMode="Manual"/> -<InfectedObjects> <InfectedObject ThreatName="Trojan.GenericKD.1043001" ThreatType="Virus" ObjectStatus="Moved" InnerObject="" ParentContainers="" ObjectPath="C:\Users\roella\AppData\Local\Microsoft\Outlook\zwick - default.ost" ObjectType="File"/> <InfectedObject ThreatName="Trojan.Spy.Zbot.FJS" ThreatType="Virus" ObjectStatus="ScanFailed" InnerObject="" ParentContainers="" ObjectPath="C:\Users\ruhlanda\AppData\Local\Microsoft\Outlook\Anna.Ruhland@zwick.de - neu.ost" ObjectType="File"/> <InfectedObject ThreatName="Trojan.GenericKD.1195510" ThreatType="Virus" ObjectStatus="Moved" InnerObject="" ParentContainers="" ObjectPath="C:\Users\ruhlanda\AppData\Local\Microsoft\Outlook\zwick - default.ost" ObjectType="File"/> </InfectedObjects> </Summary>

Hier der FRST text vom Farbar Tool:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by RuhlandA (administrator) on ZUE-W-9860 on 21-02-2014 15:48:02
Running from C:\Users\ruhlanda\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Service.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Mobile Broadband Service\WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Tray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gctrl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\eTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Microsoft Corporation) C:\Users\ruhlanda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Wisdom Software Inc. ) C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [00THotkey] - C:\Windows\system32\00THotkey.exe
HKLM\...\Run: [000StTHK] - C:\Windows\system32\000StTHK.exe [24576 2001-06-23] ()
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSHIBA_3G_UTY] - C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [1598848 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Discovery User Input] - C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [241664 2011-12-16] ()
HKLM\...\Run: [NetInstall NiTray] - C:\Program Files\NetInst\eTray.exe [67112 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [258512 2012-01-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [SkyDrive] - C:\Users\ruhlanda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-20] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Policies\Explorer: [RecycleBinSize] 1
AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll => C:\Program Files\netinst\NiAMH.dll [61480 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
IFEO\dinotify.exe: [Debugger] C:\Program Files\NetInst\dinotdbg.exe
Startup: C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: zue-s-87:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-02-17]

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVir Security Management Center Agent; C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe [1128705 2013-11-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [342480 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-01-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [463824 2012-01-31] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CrmSqlStartupSvc; C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [24240 2014-01-16] (Microsoft Corporation)
R2 DiscoveryClientAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1539136 2011-12-16] ()
R2 DiscoveryIPTransferAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601152 2011-12-16] ()
R2 DSM_Remote_Service; C:\Program Files\netinst\DSM_Remote_Service.exe [4168744 2013-02-22] (FrontRange)
R2 ersupext; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 esiCore; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [132392 2009-11-13] (Juniper Networks)
R3 LanProbe; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe [236032 2011-12-16] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [127384 2009-12-18] (TOSHIBA CORPORATION)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
R2 WMCoreService; C:\Program Files\Mobile Broadband Service\WMCore.exe [700928 2009-12-10] ()

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2012-01-31] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-01-31] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [26952 2013-03-25] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2009-11-19] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2009-11-19] (Ericsson AB)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-28] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 t36gbus; C:\Windows\System32\DRIVERS\t36gbus.sys [285056 2009-06-26] (MCCI Corporation)
R3 t36gmdfl; C:\Windows\System32\DRIVERS\t36gmdfl.sys [14976 2009-06-26] (MCCI Corporation)
R3 t36gmdm; C:\Windows\System32\DRIVERS\t36gmdm.sys [374016 2009-06-26] (MCCI Corporation)
R3 t36gmgmt; C:\Windows\System32\DRIVERS\t36gmgmt.sys [357376 2009-06-26] (MCCI Corporation)
R3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps.sys [82984 2009-07-10] (Ericsson AB)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [227880 2009-11-25] (Ericsson AB)
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 15:48 - 2014-02-21 15:48 - 00017545 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-21 15:47 - 2014-02-21 15:48 - 00000000 ____D () C:\FRST
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-21 15:39 - 2014-02-21 15:39 - 01142784 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 16:24 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-02-18 16:24 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-02-18 16:24 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-02-18 16:24 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-02-18 16:24 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-02-18 16:22 - 2010-02-11 08:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-02-18 16:21 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-18 16:21 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-18 16:21 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-18 16:21 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-18 16:21 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-18 16:21 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 16:21 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 16:21 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 16:21 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-18 16:21 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 16:19 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-18 16:19 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-18 16:17 - 2014-02-19 15:42 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-18 16:13 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-18 16:13 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-18 16:13 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-02-18 16:13 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-02-18 16:13 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-02-18 16:13 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-02-18 16:13 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-02-18 16:13 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-02-18 16:12 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-18 16:12 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-18 16:12 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-18 16:12 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-18 16:12 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-18 16:12 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-02-18 16:12 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-18 16:12 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-18 16:12 - 2012-11-23 03:48 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-02-18 16:12 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-18 16:12 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-18 16:12 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-02-18 16:11 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-18 16:11 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-18 16:11 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-18 16:11 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-02-18 16:11 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-02-18 16:11 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-18 16:11 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-18 16:11 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-02-18 16:11 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-02-18 16:11 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-02-18 16:11 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-18 16:11 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-02-18 16:10 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-18 16:10 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-18 16:10 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-18 16:10 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-18 16:10 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-18 16:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 16:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-18 16:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-18 16:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-18 16:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-18 16:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-18 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-18 16:10 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-02-18 16:10 - 2013-03-19 05:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-18 16:10 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-02-18 16:10 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-18 16:10 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-02-18 16:08 - 2013-02-27 06:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-18 16:08 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-02-18 16:08 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-02-18 16:08 - 2012-05-05 08:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-02-18 16:07 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-17 22:54 - 2014-02-17 22:54 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Lavasoft
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:37 - 2014-02-20 20:28 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-17 16:34 - 2014-02-17 16:35 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\adawarebp
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-17 16:33 - 2014-02-17 16:35 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-09 23:19 - 2014-02-11 00:33 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-04 23:25 - 2014-02-10 01:06 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-04 16:24 - 2014-02-04 17:08 - 00045304 _____ () C:\Users\ruhlanda\Desktop\Gleitzeitkonten NEU Anna.xlsx
2014-02-01 18:50 - 2014-02-20 13:26 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-01 18:32 - 2014-02-01 19:33 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-29 17:14 - 2014-02-13 16:00 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip

==================== One Month Modified Files and Folders =======

2014-02-21 15:48 - 2014-02-21 15:48 - 00017545 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-21 15:48 - 2014-02-21 15:47 - 00000000 ____D () C:\FRST
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-21 15:42 - 2013-09-03 20:18 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Screenshots
2014-02-21 15:39 - 2014-02-21 15:39 - 01142784 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-21 15:34 - 2012-02-08 11:59 - 1246921728 _____ () C:\Users\ruhlanda\Desktop\Archiv ab 26.06.09.pst
2014-02-21 15:32 - 2013-10-15 09:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 11:19 - 2012-02-07 14:20 - 01212063 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 20:43 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 20:43 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 20:37 - 2013-08-20 07:26 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Dropbox
2014-02-20 20:33 - 2010-11-20 22:01 - 01639394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 20:28 - 2014-02-17 16:37 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-20 20:27 - 2012-02-07 14:21 - 00000000 ____D () C:\Program Files\netinst
2014-02-20 20:27 - 2010-11-20 22:48 - 00814108 _____ () C:\Windows\PFRO.log
2014-02-20 20:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 20:27 - 2009-07-14 05:39 - 00147196 _____ () C:\Windows\setupact.log
2014-02-20 13:26 - 2014-02-01 18:50 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-20 13:26 - 2013-08-19 16:12 - 00113760 _____ () C:\Users\ruhlanda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-19 16:21 - 2009-07-14 05:33 - 00435832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-19 16:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-19 16:14 - 2012-02-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 15:59 - 2012-02-07 15:10 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-19 15:58 - 2012-04-17 12:16 - 00001566 _____ () C:\Windows\CrmClient.mif
2014-02-19 15:57 - 2012-04-17 12:15 - 00000000 ____D () C:\Program Files\Microsoft Dynamics CRM
2014-02-19 15:42 - 2014-02-18 16:17 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-19 13:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 17:25 - 2010-11-21 01:28 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-18 16:46 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 16:32 - 2013-09-24 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 16:24 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-18 12:12 - 2012-05-13 15:09 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 12:09 - 2012-10-08 07:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Users\Public\FreePDF
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Program Files\FreePDF_XP
2014-02-18 12:05 - 2012-11-22 21:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-18 12:05 - 2012-11-22 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-18 10:49 - 2012-05-08 11:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 22:54 - 2014-02-17 22:54 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Lavasoft
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:35 - 2014-02-17 16:34 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\adawarebp
2014-02-17 16:35 - 2014-02-17 16:33 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-17 15:43 - 2012-02-14 08:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 15:40 - 2012-02-14 08:39 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 23:08 - 2014-02-16 23:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-13 16:00 - 2014-01-29 17:14 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-02-11 00:33 - 2014-02-09 23:19 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-10 01:06 - 2014-02-04 23:25 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-05 09:58 - 2014-02-18 16:21 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-18 16:21 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-18 16:21 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-18 16:21 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-18 16:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-18 16:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-18 16:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-18 16:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-18 16:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-18 16:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2012-02-07 14:49 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-04 17:08 - 2014-02-04 16:24 - 00045304 _____ () C:\Users\ruhlanda\Desktop\Gleitzeitkonten NEU Anna.xlsx
2014-02-03 15:30 - 2012-02-08 12:20 - 00000000 ____D () C:\Privat
2014-02-01 19:46 - 2014-01-08 15:08 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder iPhone 8.1.14
2014-02-01 19:33 - 2014-02-01 18:32 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip
2014-01-24 19:13 - 2013-12-19 16:07 - 00000000 ____D () C:\HVB eFIN 4
2014-01-24 18:31 - 2013-05-27 13:02 - 00000138 _____ () C:\Windows\ODBC.INI

Some content of TEMP:
====================
C:\Users\enteoRuntime\AppData\Local\Temp\InstallAX.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 11:19

==================== End Of Log ============================
         
--- --- ---



Und hier Addition txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-02-2014
Ran by RuhlandA at 2014-02-21 15:48:32
Running from C:\Users\ruhlanda\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
AAVUpdateManager (Version: 16.00.0000 - Akademische Arbeitsgemeinschaft)
Ad-Aware Antivirus (Version: 11.1.5354.0 - Lavasoft)
Ad-Aware Security Add-on (Version: 3.8.0.2 - Lavasoft)
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
Apple Application Support (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avira Management Console Agent (Version:  - Avira Operations GmbH & Co. KG)
Avira Professional Security (Version: 12.0.0.1236 - Avira)
axRTF (Version: 1.0.0.0 - Zwick / Roell AG)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.04(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon iR Toolbox 4.9.1.1.ir02 (Version: 1.1.0 - Canon)
Canon iR1018/1022/1023 (Version:  - )
Canon MG5300 series MP Drivers (Version:  - )
Cisco AnyConnect Secure Mobility Client  (Version: 3.0.10057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057 - Cisco Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
HVB eFIN 4 (Version:  - )
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2189 - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
Juniper Installer Service (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.3.36355 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU Version: 7.4.0.25351 - Juniper Networks)
Kalender-Excel-8.9 (Version: 8.9 - MSDatec)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 English (United States) Language Pack (Version: 5.0.9690.3911 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.1992 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.3911 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband service (Version: 6.1.11.2 - Ericsson AB)
Mozilla Firefox 27.0.1 (x86 de) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Oracle Data Provider for .NET Help (Version: 11.2.010 - Oracle Corporation)
Pixum Fotobuch (Version:  - )
Secunia PSI (3.0.0.9016) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
TOSHIBA Mobile Broadband Device  (Version: 6.1.13.7 - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (Version: 1.4.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.4.1 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Manager (Version: 6.1.13.101 - TOSHIBA CORPORATION)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update Rollup 16 for Microsoft Dynamics CRM for Outlook (KB2872369) (Version: 5.0.9690.3911 - Microsoft Corporation)
Update Rollup 4 for Microsoft Dynamics CRM for Outlook (KB2556167) (Version:  - Microsoft Corporation)
Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (Version: 5.0.9690.1992 - Microsoft Corporation)
Update Rollup 7 for Microsoft Dynamics CRM for Outlook (KB2600643) (Version: 5.0.9690.2165 - Microsoft Corporation)
Update Rollup 8 for Microsoft Dynamics CRM for Outlook (KB2600644) (Version: 5.0.9690.2243 - Microsoft Corporation)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
VMware Movie Decoder (Version: 1.00.0000 - VMware, Inc.)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 16.5 (Version: 16.5.10095 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 5.1 Free (Version: 5.1 - Wisdom Software Inc.)

==================== Restore Points  =========================

19-02-2014 14:41:24 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2CEA7DE9-05CD-4236-8477-3756D1645933} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-02-04 14:23 - 2009-10-01 13:07 - 00011264 _____ () C:\Windows\System32\KOAZXJ_L.dll
2013-02-04 14:23 - 2009-11-02 15:14 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOAZXJ_O.DLL
2012-06-21 11:14 - 2012-01-31 08:24 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-06-04 07:57 - 2012-03-27 11:33 - 00126721 _____ () C:\Program Files\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 16:08 - 2011-12-16 11:26 - 01539136 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
2012-02-07 16:08 - 2011-12-16 11:27 - 00601152 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\netinst\zlib1.dll
2014-02-20 20:27 - 2014-02-20 20:27 - 00006144 _____ () C:\Program Files\netinst\sdesk.dll
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\NetInst\zlib1.dll
2014-01-23 16:26 - 2014-01-23 16:26 - 00651232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
2014-01-23 16:33 - 2014-01-23 16:33 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 03053416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 01928008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00477544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00244088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00228728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00210280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00244592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00502112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00268656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00274808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00181600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00105320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00472944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 01858408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00223088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00422752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00241504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
2013-07-17 17:10 - 2013-07-17 17:10 - 00565640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
2009-12-10 11:07 - 2009-12-10 11:07 - 00700928 ____R () C:\Program Files\Mobile Broadband Service\WMCore.exe
2009-03-25 20:08 - 2009-03-25 20:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Service\MBMDebug.dll
2012-02-07 16:08 - 2011-12-16 11:27 - 00236032 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-11-18 17:18 - 2010-11-18 17:18 - 11205120 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 03643224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
2014-01-23 16:33 - 2014-01-23 16:33 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00308064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00789360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-02-16 23:08 - 2014-02-16 23:08 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-04 22:05 - 2014-02-04 22:05 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ffdwnd => C:\Users\roella\AppData\Local\Mozilla\Firefox\firefox.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetInstall NiTray => "C:\Program Files\NetInst\eTray.exe"
MSCONFIG\startupreg: niagnt32 => C:\Program Files\NetInst\niagnt32.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 03:32:50 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von ZUE-W-9860 (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.

Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11341

Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11341

Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10327

Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10327

Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298

Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298

Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/21/2014 03:35:06 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (02/21/2014 03:32:21 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne ZUE aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (02/21/2014 11:21:15 AM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (02/21/2014 11:18:24 AM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (02/21/2014 11:16:03 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne ZUE aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (02/20/2014 08:37:25 PM) (Source: Microsoft-Windows-GroupPolicy) (User: ZUE)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (02/20/2014 08:30:33 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (02/20/2014 08:28:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/20/2014 08:28:29 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/20/2014 08:27:27 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.


Microsoft Office Sessions:
=========================
Error: (02/21/2014 03:32:50 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: ZUE-W-9860 (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.

Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11341

Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11341

Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10327

Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10327

Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298

Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298

Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 2928.43 MB
Available physical RAM: 1343.83 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 3406.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.84 GB) (Free:29.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:14.93 GB) (Free:8.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 44AFAEEC)
Partition 1: (Not Active) - (Size=251 MB) - (Type=1B)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=278 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Vielen Dank!!
__________________

Alt 21.02.2014, 15:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Zitat:
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
Warum laufen zwei Virenscanner bei dir?
Sowas sollte man niemald machen, denn zwei Wächter im Hintergrund kommen sich gegenseitig in die Quere. Du hebelst die Sicherheit damit aus. Im Endeffekt hast du einen langsameren und unsicheren Rechner im Vergleich zu einem der "nur" einen Scanner mit Wächter verwendet.

Umgehend einen der beiden deinstallieren. Ich würde sogar beide deinstallieren und wenn wir hier durch sind auf Avast Free oder MSE umsteigen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2014, 17:36   #5
accr
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



ich habe Ad-Aware deinstalliert!


Alt 21.02.2014, 18:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Lesestoff:
Warum wir Avira nicht mehr empfehlen
Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird diese Toolbar von uns als "schädlich" eingestuft. Mehr Informationen.

Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen.

Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen.



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Virus/ Trojaner TR/Patched.Ren.Gen

Alt 25.02.2014, 22:40   #7
accr
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Hallo!

Ich habe die mbar.exe laufen lassen. Das Programm hat nichts gefunden. Ein Cleanup war nicht nötig.

Alt 25.02.2014, 23:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Log bitte immer posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2014, 10:58   #9
accr
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.25.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
RuhlandA :: ZUE-W-9860 [administrator]

25.02.2014 22:04:37
mbar-log-2014-02-25 (22-04-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 328492
Time elapsed: 22 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 26.02.2014, 13:07   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2014, 15:19   #11
accr
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Vielen Dank für die ganze Hilfe! Habe alle 3 Schritte ausgefürt:

1. Schritt: adwCleaner

Code:
ATTFilter
# AdwCleaner v3.019 - Bericht erstellt am 26/02/2014 um 16:01:56
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : RuhlandA - ZUE-W-9860
# Gestartet von : C:\Users\ruhlanda\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Zwick\AppData\Roaming\Mozilla\Firefox\Profiles\cghmzgkk.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Uninstall.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\Software\caphyon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\prefs.js ]


[ Datei : C:\Users\Zwick\AppData\Roaming\Mozilla\Firefox\Profiles\cghmzgkk.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2351 octets] - [26/02/2014 16:00:34]
AdwCleaner[S0].txt - [2272 octets] - [26/02/2014 16:01:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2332 octets] ##########
         
2. Schritt: JRT - Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by RuhlandA on 26.02.2014 at 16:10:57,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\ruhlanda\AppData\Roaming\mozilla\firefox\profiles\7jnmv00a.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\ruhlanda\AppData\Roaming\mozilla\firefox\profiles\7jnmv00a.default\minidumps [61 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2014 at 16:12:49,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
3. Schritt: Frisches Log mit FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by RuhlandA (administrator) on ZUE-W-9860 on 26-02-2014 16:17:32
Running from C:\Users\ruhlanda\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Service.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Mobile Broadband Service\WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Tray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gctrl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\eTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [00THotkey] - C:\Windows\system32\00THotkey.exe
HKLM\...\Run: [000StTHK] - C:\Windows\system32\000StTHK.exe [24576 2001-06-23] ()
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSHIBA_3G_UTY] - C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [1598848 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Discovery User Input] - C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [241664 2011-12-16] ()
HKLM\...\Run: [NetInstall NiTray] - C:\Program Files\NetInst\eTray.exe [67112 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [258512 2012-01-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [SkyDrive] - C:\Users\ruhlanda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-20] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Policies\Explorer: [RecycleBinSize] 1
AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll => C:\Program Files\netinst\NiAMH.dll [61480 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
IFEO\dinotify.exe: [Debugger] C:\Program Files\NetInst\dinotdbg.exe
Startup: C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: zue-s-87:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVir Security Management Center Agent; C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe [1128705 2013-11-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [342480 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-01-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [463824 2012-01-31] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CrmSqlStartupSvc; C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [24240 2014-01-16] (Microsoft Corporation)
R2 DiscoveryClientAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1539136 2011-12-16] ()
R2 DiscoveryIPTransferAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601152 2011-12-16] ()
R2 DSM_Remote_Service; C:\Program Files\netinst\DSM_Remote_Service.exe [4168744 2013-02-22] (FrontRange)
R2 ersupext; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 esiCore; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [132392 2009-11-13] (Juniper Networks)
R3 LanProbe; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe [236032 2011-12-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [127384 2009-12-18] (TOSHIBA CORPORATION)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
R2 WMCoreService; C:\Program Files\Mobile Broadband Service\WMCore.exe [700928 2009-12-10] ()

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2012-01-31] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-01-31] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [26952 2013-03-25] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2009-11-19] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2009-11-19] (Ericsson AB)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-21] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-28] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 t36gbus; C:\Windows\System32\DRIVERS\t36gbus.sys [285056 2009-06-26] (MCCI Corporation)
R3 t36gmdfl; C:\Windows\System32\DRIVERS\t36gmdfl.sys [14976 2009-06-26] (MCCI Corporation)
R3 t36gmdm; C:\Windows\System32\DRIVERS\t36gmdm.sys [374016 2009-06-26] (MCCI Corporation)
R3 t36gmgmt; C:\Windows\System32\DRIVERS\t36gmgmt.sys [357376 2009-06-26] (MCCI Corporation)
R3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps.sys [82984 2009-07-10] (Ericsson AB)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [227880 2009-11-25] (Ericsson AB)
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 16:17 - 2014-02-26 16:17 - 00000000 ____D () C:\Users\ruhlanda\Desktop\FRST-OlderVersion
2014-02-26 16:12 - 2014-02-26 16:12 - 00001045 _____ () C:\Users\ruhlanda\Desktop\JRT.txt
2014-02-26 16:10 - 2014-02-26 16:10 - 01037734 _____ (Thisisu) C:\Users\ruhlanda\Desktop\JRT.exe
2014-02-26 16:10 - 2014-02-26 16:10 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 16:00 - 2014-02-26 16:02 - 00000000 ____D () C:\AdwCleaner
2014-02-26 15:59 - 2014-02-26 15:59 - 01241834 _____ () C:\Users\ruhlanda\Desktop\adwcleaner.exe
2014-02-25 13:13 - 2014-02-25 13:29 - 00016248 _____ () C:\Users\ruhlanda\Desktop\Zeitnachweis Arbeitszeit Zwick RMR (2).xlsx
2014-02-21 21:42 - 2014-02-25 23:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-21 21:42 - 2014-02-25 22:04 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-21 21:42 - 2014-02-21 21:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-21 21:41 - 2014-02-25 23:41 - 00000000 ____D () C:\Users\ruhlanda\Desktop\mbar
2014-02-21 21:40 - 2014-02-21 21:40 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ruhlanda\Desktop\mbar-1.07.0.1009.exe
2014-02-21 16:10 - 2012-02-11 06:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-02-21 15:48 - 2014-02-26 16:17 - 00015295 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-21 15:48 - 2014-02-21 15:49 - 00032995 _____ () C:\Users\ruhlanda\Desktop\Addition.txt
2014-02-21 15:47 - 2014-02-26 16:17 - 00000000 ____D () C:\FRST
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-21 15:39 - 2014-02-26 16:17 - 01143808 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 16:24 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-02-18 16:24 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-02-18 16:24 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-02-18 16:24 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-02-18 16:24 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-02-18 16:22 - 2010-02-11 08:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-02-18 16:21 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-18 16:21 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-18 16:21 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-18 16:21 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-18 16:21 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-18 16:21 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 16:21 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 16:21 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 16:21 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-18 16:21 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 16:19 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-18 16:19 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-18 16:17 - 2014-02-19 15:42 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-18 16:13 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-18 16:13 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-18 16:13 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-02-18 16:13 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-02-18 16:13 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-02-18 16:13 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-02-18 16:13 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-02-18 16:13 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-02-18 16:12 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-18 16:12 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-18 16:12 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-18 16:12 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-18 16:12 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-18 16:12 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-02-18 16:12 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-18 16:12 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-18 16:12 - 2012-11-23 03:48 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-02-18 16:12 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-18 16:12 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-18 16:12 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-02-18 16:11 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-18 16:11 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-18 16:11 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-18 16:11 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-02-18 16:11 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-02-18 16:11 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-18 16:11 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-18 16:11 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-02-18 16:11 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-02-18 16:11 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-02-18 16:11 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-18 16:11 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-02-18 16:10 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-18 16:10 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-18 16:10 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-18 16:10 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-18 16:10 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-18 16:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 16:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-18 16:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-18 16:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-18 16:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-18 16:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-18 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-18 16:10 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-02-18 16:10 - 2013-03-19 05:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-18 16:10 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-02-18 16:10 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-18 16:10 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-02-18 16:08 - 2013-02-27 06:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-18 16:08 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-02-18 16:08 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-02-18 16:08 - 2012-05-05 08:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-02-18 16:07 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-18 12:12 - 2014-02-21 16:18 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:33 - 2014-02-21 18:37 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-09 23:19 - 2014-02-11 00:33 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-04 23:25 - 2014-02-10 01:06 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-01 18:50 - 2014-02-20 13:26 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-01 18:32 - 2014-02-01 19:33 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-29 17:14 - 2014-02-13 16:00 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip

==================== One Month Modified Files and Folders =======

2014-02-26 16:17 - 2014-02-26 16:17 - 00000000 ____D () C:\Users\ruhlanda\Desktop\FRST-OlderVersion
2014-02-26 16:17 - 2014-02-21 15:48 - 00015295 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-26 16:17 - 2014-02-21 15:47 - 00000000 ____D () C:\FRST
2014-02-26 16:17 - 2014-02-21 15:39 - 01143808 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-26 16:12 - 2014-02-26 16:12 - 00001045 _____ () C:\Users\ruhlanda\Desktop\JRT.txt
2014-02-26 16:10 - 2014-02-26 16:10 - 01037734 _____ (Thisisu) C:\Users\ruhlanda\Desktop\JRT.exe
2014-02-26 16:10 - 2014-02-26 16:10 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 16:10 - 2012-02-07 14:20 - 01374770 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 16:05 - 2013-10-15 09:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 16:05 - 2013-08-20 07:26 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Dropbox
2014-02-26 16:04 - 2012-02-07 14:21 - 00000000 ____D () C:\Program Files\netinst
2014-02-26 16:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 16:03 - 2010-11-20 22:48 - 01018150 _____ () C:\Windows\PFRO.log
2014-02-26 16:03 - 2009-07-14 05:39 - 00147532 _____ () C:\Windows\setupact.log
2014-02-26 16:02 - 2014-02-26 16:00 - 00000000 ____D () C:\AdwCleaner
2014-02-26 15:59 - 2014-02-26 15:59 - 01241834 _____ () C:\Users\ruhlanda\Desktop\adwcleaner.exe
2014-02-26 12:07 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 12:07 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 23:41 - 2014-02-21 21:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 23:41 - 2014-02-21 21:41 - 00000000 ____D () C:\Users\ruhlanda\Desktop\mbar
2014-02-25 23:41 - 2012-02-08 11:59 - 1246921728 _____ () C:\Users\ruhlanda\Desktop\Archiv ab 26.06.09.pst
2014-02-25 22:04 - 2014-02-21 21:42 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-25 13:29 - 2014-02-25 13:13 - 00016248 _____ () C:\Users\ruhlanda\Desktop\Zeitnachweis Arbeitszeit Zwick RMR (2).xlsx
2014-02-21 21:42 - 2014-02-21 21:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-21 21:40 - 2014-02-21 21:40 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ruhlanda\Desktop\mbar-1.07.0.1009.exe
2014-02-21 18:37 - 2014-02-17 16:33 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-21 17:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-21 17:05 - 2012-11-22 21:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:05 - 2012-11-22 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 16:53 - 2014-01-08 15:08 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder iPhone 8.1.14
2014-02-21 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-21 16:31 - 2010-11-20 22:01 - 01647522 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-21 16:18 - 2014-02-18 12:12 - 00000000 ___RD () C:\Program Files\Skype
2014-02-21 16:18 - 2012-05-13 15:09 - 00000000 ____D () C:\ProgramData\Skype
2014-02-21 16:03 - 2013-09-03 20:18 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Screenshots
2014-02-21 15:49 - 2014-02-21 15:48 - 00032995 _____ () C:\Users\ruhlanda\Desktop\Addition.txt
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-20 13:26 - 2014-02-01 18:50 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-20 13:26 - 2013-08-19 16:12 - 00113760 _____ () C:\Users\ruhlanda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:21 - 2009-07-14 05:33 - 00435832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-19 16:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-19 16:14 - 2012-02-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 15:59 - 2012-02-07 15:10 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-19 15:58 - 2012-04-17 12:16 - 00001566 _____ () C:\Windows\CrmClient.mif
2014-02-19 15:57 - 2012-04-17 12:15 - 00000000 ____D () C:\Program Files\Microsoft Dynamics CRM
2014-02-19 15:42 - 2014-02-18 16:17 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 17:25 - 2010-11-21 01:28 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-18 16:46 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 16:32 - 2013-09-24 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 16:24 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-18 12:09 - 2012-10-08 07:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Users\Public\FreePDF
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Program Files\FreePDF_XP
2014-02-18 10:49 - 2012-05-08 11:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-17 15:43 - 2012-02-14 08:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 15:40 - 2012-02-14 08:39 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 23:08 - 2014-02-16 23:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-13 16:00 - 2014-01-29 17:14 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-02-11 00:33 - 2014-02-09 23:19 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-10 01:06 - 2014-02-04 23:25 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-05 09:58 - 2014-02-18 16:21 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-18 16:21 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-18 16:21 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-18 16:21 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-18 16:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-18 16:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-18 16:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-18 16:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-18 16:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-18 16:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2012-02-07 14:49 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-03 15:30 - 2012-02-08 12:20 - 00000000 ____D () C:\Privat
2014-02-01 19:33 - 2014-02-01 18:32 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip

Some content of TEMP:
====================
C:\Users\enteoRuntime\AppData\Local\Temp\InstallAX.exe
C:\Users\ruhlanda\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 11:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-02-2014 01
Ran by RuhlandA at 2014-02-26 16:19:04
Running from C:\Users\ruhlanda\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM\...\{E8C23EBE-EE3C-4299-9DB9-601AB3751454}) (Version: 16.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Management Console Agent (HKLM\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version:  - Avira Operations GmbH & Co. KG)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 12.0.0.1236 - Avira)
axRTF (HKLM\...\{F1DBF78A-7E9A-4602-8E16-C5728230D787}) (Version: 1.0.0.0 - Zwick / Roell AG)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iR Toolbox 4.9.1.1.ir02 (HKLM\...\{2643914A-E2C2-4180-8396-59B8E1EAFA2F}) (Version: 1.1.0 - Canon)
Canon iR1018/1022/1023 (HKLM\...\{5830B3AB-D08F-4a6d-9925-F95860EE2954}) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.10057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057 - Cisco Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HVB eFIN 4 (HKLM\...\HVB eFIN 4) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Juniper Installer Service (HKLM\...\{447D8B58-880C-4627-BF57-9C408219313E}) (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.3.36355 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.4.0.25351 - Juniper Networks)
Kalender-Excel-8.9 (HKLM\...\Kalender-Excel-8.9_is1) (Version: 8.9 - MSDatec)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 English (United States) Language Pack (Version: 5.0.9690.3911 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (HKLM\...\Microsoft CRM Client) (Version: 5.0.9690.3911 - Microsoft Corporation)
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.1992 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband service (HKLM\...\{C2D206A3-1B8E-4DE5-8330-871AD23D4D77}) (Version: 6.1.11.2 - Ericsson AB)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.2.010 - Oracle Corporation)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version:  - )
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TOSHIBA Mobile Broadband Device  (HKLM\...\{B03E7DD6-21F9-444D-8CFE-EBE44EC1B407}) (Version: 6.1.13.7 - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.4.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.4.1 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Manager (HKLM\...\{6A631D31-1FD6-46B5-9337-3485C3CBB002}) (Version: 6.1.13.101 - TOSHIBA CORPORATION)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Rollup 16 for Microsoft Dynamics CRM for Outlook (KB2872369) (HKLM\...\KB2872369_Client_1033) (Version: 5.0.9690.3911 - Microsoft Corporation)
Update Rollup 4 for Microsoft Dynamics CRM for Outlook (KB2556167) (HKLM\...\KB2556167_Client_1033) (Version:  - Microsoft Corporation)
Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (HKLM\...\KB2600640_Client_1033) (Version: 5.0.9690.1992 - Microsoft Corporation)
Update Rollup 7 for Microsoft Dynamics CRM for Outlook (KB2600643) (HKLM\...\KB2600643_Client_1033) (Version: 5.0.9690.2165 - Microsoft Corporation)
Update Rollup 8 for Microsoft Dynamics CRM for Outlook (KB2600644) (HKLM\...\KB2600644_Client_1033) (Version: 5.0.9690.2243 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMware Movie Decoder (HKLM\...\{D8E9CA51-F0C2-4FBC-95C6-BECC8C83F04D}) (Version: 1.00.0000 - VMware, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 5.1 Free (HKLM\...\{66F28964-CE41-459A-A4FF-A6BBD1374282}) (Version: 5.1 - Wisdom Software Inc.)

==================== Restore Points  =========================

19-02-2014 14:41:24 Windows Update
21-02-2014 15:10:23 Windows Update
21-02-2014 17:36:03 AA11

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2CEA7DE9-05CD-4236-8477-3756D1645933} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-02-04 14:23 - 2009-10-01 13:07 - 00011264 _____ () C:\Windows\System32\KOAZXJ_L.dll
2013-02-04 14:23 - 2009-11-02 15:14 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOAZXJ_O.DLL
2012-06-21 11:14 - 2012-01-31 08:24 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-06-04 07:57 - 2012-03-27 11:33 - 00126721 _____ () C:\Program Files\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 16:08 - 2011-12-16 11:26 - 01539136 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
2012-02-07 16:08 - 2011-12-16 11:27 - 00601152 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\netinst\zlib1.dll
2014-02-26 16:04 - 2014-02-26 16:04 - 00006144 _____ () C:\Program Files\netinst\sdesk.dll
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\NetInst\zlib1.dll
2009-12-10 11:07 - 2009-12-10 11:07 - 00700928 ____R () C:\Program Files\Mobile Broadband Service\WMCore.exe
2009-03-25 20:08 - 2009-03-25 20:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Service\MBMDebug.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11205120 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2012-02-07 16:08 - 2011-12-16 11:27 - 00236032 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-16 23:08 - 2014-02-16 23:08 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ffdwnd => C:\Users\roella\AppData\Local\Mozilla\Firefox\firefox.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetInstall NiTray => "C:\Program Files\NetInst\eTray.exe"
MSCONFIG\startupreg: niagnt32 => C:\Program Files\NetInst\niagnt32.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 2928.43 MB
Available physical RAM: 1730.5 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 4334.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.84 GB) (Free:29.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 44AFAEEC)
Partition 1: (Not Active) - (Size=251 MB) - (Type=1B)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=278 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 26.02.2014, 15:54   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2014, 23:38   #13
accr
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



Das sind gute Nachrichten

Hier der Malware Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.26.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
RuhlandA :: ZUE-W-9860 [Administrator]

Schutz: Aktiviert

26.02.2014 17:01:03
mbam-log-2014-02-26 (17-01-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322691
Laufzeit: 8 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und hier der Eset log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62d7278950950847bd22dc299d6ff746
# engine=17238
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-26 05:53:39
# local_time=2014-02-26 06:53:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1802 16775165 100 100 7584 164112124 353 0
# compatibility_mode=5893 16776573 100 94 245682 145068410 0 0
# scanned=55912
# found=0
# cleaned=0
# scan_time=3296
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62d7278950950847bd22dc299d6ff746
# engine=17241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-26 11:11:27
# local_time=2014-02-27 12:11:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1802 16775165 100 100 18310 164131192 3985 0
# compatibility_mode=5893 16776573 100 94 268350 145087478 0 0
# scanned=175569
# found=0
# cleaned=0
# scan_time=7155
         

Alt 26.02.2014, 23:53   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus/ Trojaner TR/Patched.Ren.Gen - Standard

Virus/ Trojaner TR/Patched.Ren.Gen



TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virus/ Trojaner TR/Patched.Ren.Gen
accounts, ad-aware, antivirus, files, gelöscht, gemerkt, geändert, laufen, malwarebytes, programme, pum.hijack.desktop, pup.optional.sweetim.a, quarantäne, schei, spams, tr/patched.ren.gen, trojaner, verschickt, verschoben, zwischen



Ähnliche Themen: Virus/ Trojaner TR/Patched.Ren.Gen


  1. Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (5)
  2. Virus: Win64/Patched.A in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 23.07.2014 (19)
  3. Trojaner eingefangen: TR/Patched.Ren.Gen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (39)
  4. W32/patched.uc Virus
    Log-Analyse und Auswertung - 02.06.2013 (3)
  5. Hilfe habe meinen ersten Virus: W32/Patched.uc
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (5)
  6. Virus Win64/Patched.A in c:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 29.05.2013 (11)
  7. W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 23.05.2013 (54)
  8. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  9. Wer kennt diesen Virus: win32:patched-WQ
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (2)
  10. Trojanisches Pferd TR/ATRAPS.GEN & Virus W32/PATCHED.UB
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  11. W32/Patched.UB virus
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. W32/Generic.worm!p2p, W32.Patched.UB. Fehlermeldung beim Start von Windows und Virus den ich nicht gelöscht bekomme.
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (4)
  13. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  14. avira antivirus premium meldet in c:\windows\system32\services.exe Virus w32/patched.ub
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (22)
  15. Trojaner TR/Patched.GR.10 ?
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (28)
  16. TR/Patched.GR.10 in explorer.exe & TR/Patched.KL.238 in winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  17. Trojan.Dmservinf.A bzw. WIN32/Patched.BU Virus (dmserver.dll)
    Mülltonne - 09.11.2008 (0)

Zum Thema Virus/ Trojaner TR/Patched.Ren.Gen - Hallo! Ich scheine einen Virus/ Trojaner auf meinem Rechner zu haben. Gemerkt habe ich es dadurch, dass anscheinend von einem meiner Email Accounts ganz viele Spams verschickt wurden, denn ich - Virus/ Trojaner TR/Patched.Ren.Gen...
Archiv
Du betrachtest: Virus/ Trojaner TR/Patched.Ren.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.