| |
| |||||||
Log-Analyse und Auswertung: Virus/ Trojaner TR/Patched.Ren.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.02.2014, 12:42
| #1 |
 |  Virus/ Trojaner TR/Patched.Ren.Gen Hallo! Ich scheine einen Virus/ Trojaner auf meinem Rechner zu haben. Gemerkt habe ich es dadurch, dass anscheinend von einem meiner Email Accounts ganz viele Spams verschickt wurden, denn ich habe tausende 'Returned-Mail'- Nachrichten zurückbekommen... Das hat inzwischen aufgehört, weil ich mein Email-Passwort geändert habe. Inzwischen habe ich auch schon Avira, Malwarebytes und Ad-Aware Antivirus nacheinander laufen lassen. Alle 3 Programme haben was gefunden und ich habe einige Files gelöscht bzw. in Quarantäne verschoben, aber es kommen immer wieder neue. Gerade hat Avira wieder files mit der Endung Patched.Ren.Gen gefunden. Ich freue mich über jede Hilfe! Vielen Dank! |
|
21.02.2014, 13:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus/ Trojaner TR/Patched.Ren.Gen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.02.2014, 15:55
| #3 |
| | Virus/ Trojaner TR/Patched.Ren.Gen Hallo!
__________________Vielen Dank für die schnelle Antwort! Von Malwarebytes habe ich noch einen Logfile vom 17.2.: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.17.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 RuhlandA :: ZUE-W-9860 [Administrator] 17.02.2014 15:58:55 mbam-log-2014-02-17 (15-58-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 492953 Laufzeit: 3 Stunde(n), 37 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {2C6C8DCA-0989-11E2-89CD-028037EC0200} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Am 19.2. habe ich noch mal einen vollständigen Scan mit Malwarebytes durchgeführt und da hat er nichts mehr gefunden. Vom 18.2. habe ich folgenden Report von Ad-Aware: <?xml version="1.0"?> -<Summary> <ScanInfo EndTime="20140218T212727.571907" StartTime="20140218T164027.571907" ScanType="Full" ScanMode="Manual"/> -<InfectedObjects> <InfectedObject ThreatName="Trojan.GenericKD.1043001" ThreatType="Virus" ObjectStatus="Moved" InnerObject="" ParentContainers="" ObjectPath="C:\Users\roella\AppData\Local\Microsoft\Outlook\zwick - default.ost" ObjectType="File"/> <InfectedObject ThreatName="Trojan.Spy.Zbot.FJS" ThreatType="Virus" ObjectStatus="ScanFailed" InnerObject="" ParentContainers="" ObjectPath="C:\Users\ruhlanda\AppData\Local\Microsoft\Outlook\Anna.Ruhland@zwick.de - neu.ost" ObjectType="File"/> <InfectedObject ThreatName="Trojan.GenericKD.1195510" ThreatType="Virus" ObjectStatus="Moved" InnerObject="" ParentContainers="" ObjectPath="C:\Users\ruhlanda\AppData\Local\Microsoft\Outlook\zwick - default.ost" ObjectType="File"/> </InfectedObjects> </Summary> Hier der FRST text vom Farbar Tool: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by RuhlandA (administrator) on ZUE-W-9860 on 21-02-2014 15:48:02
Running from C:\Users\ruhlanda\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Service.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Mobile Broadband Service\WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Tray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gctrl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\eTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Microsoft Corporation) C:\Users\ruhlanda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Wisdom Software Inc. ) C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [00THotkey] - C:\Windows\system32\00THotkey.exe
HKLM\...\Run: [000StTHK] - C:\Windows\system32\000StTHK.exe [24576 2001-06-23] ()
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSHIBA_3G_UTY] - C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [1598848 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Discovery User Input] - C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [241664 2011-12-16] ()
HKLM\...\Run: [NetInstall NiTray] - C:\Program Files\NetInst\eTray.exe [67112 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [258512 2012-01-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [SkyDrive] - C:\Users\ruhlanda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-20] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Policies\Explorer: [RecycleBinSize] 1
AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll => C:\Program Files\netinst\NiAMH.dll [61480 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
IFEO\dinotify.exe: [Debugger] C:\Program Files\NetInst\dinotdbg.exe
Startup: C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: zue-s-87:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-02-17]
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVir Security Management Center Agent; C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe [1128705 2013-11-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [342480 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-01-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [463824 2012-01-31] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CrmSqlStartupSvc; C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [24240 2014-01-16] (Microsoft Corporation)
R2 DiscoveryClientAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1539136 2011-12-16] ()
R2 DiscoveryIPTransferAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601152 2011-12-16] ()
R2 DSM_Remote_Service; C:\Program Files\netinst\DSM_Remote_Service.exe [4168744 2013-02-22] (FrontRange)
R2 ersupext; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 esiCore; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [132392 2009-11-13] (Juniper Networks)
R3 LanProbe; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe [236032 2011-12-16] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [127384 2009-12-18] (TOSHIBA CORPORATION)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
R2 WMCoreService; C:\Program Files\Mobile Broadband Service\WMCore.exe [700928 2009-12-10] ()
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2012-01-31] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-01-31] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [26952 2013-03-25] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2009-11-19] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2009-11-19] (Ericsson AB)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-28] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 t36gbus; C:\Windows\System32\DRIVERS\t36gbus.sys [285056 2009-06-26] (MCCI Corporation)
R3 t36gmdfl; C:\Windows\System32\DRIVERS\t36gmdfl.sys [14976 2009-06-26] (MCCI Corporation)
R3 t36gmdm; C:\Windows\System32\DRIVERS\t36gmdm.sys [374016 2009-06-26] (MCCI Corporation)
R3 t36gmgmt; C:\Windows\System32\DRIVERS\t36gmgmt.sys [357376 2009-06-26] (MCCI Corporation)
R3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps.sys [82984 2009-07-10] (Ericsson AB)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [227880 2009-11-25] (Ericsson AB)
S3 Tosrfcom; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-21 15:48 - 2014-02-21 15:48 - 00017545 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-21 15:47 - 2014-02-21 15:48 - 00000000 ____D () C:\FRST
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-21 15:39 - 2014-02-21 15:39 - 01142784 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 16:24 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-02-18 16:24 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-02-18 16:24 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-02-18 16:24 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-02-18 16:24 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-02-18 16:22 - 2010-02-11 08:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-02-18 16:21 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-18 16:21 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-18 16:21 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-18 16:21 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-18 16:21 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-18 16:21 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 16:21 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 16:21 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 16:21 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-18 16:21 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 16:19 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-18 16:19 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-18 16:17 - 2014-02-19 15:42 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-18 16:13 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-18 16:13 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-18 16:13 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-02-18 16:13 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-02-18 16:13 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-02-18 16:13 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-02-18 16:13 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-02-18 16:13 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-02-18 16:12 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-18 16:12 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-18 16:12 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-18 16:12 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-18 16:12 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-18 16:12 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-02-18 16:12 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-18 16:12 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-18 16:12 - 2012-11-23 03:48 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-02-18 16:12 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-18 16:12 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-18 16:12 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-02-18 16:11 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-18 16:11 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-18 16:11 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-18 16:11 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-02-18 16:11 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-02-18 16:11 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-18 16:11 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-18 16:11 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-02-18 16:11 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-02-18 16:11 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-02-18 16:11 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-18 16:11 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-02-18 16:10 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-18 16:10 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-18 16:10 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-18 16:10 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-18 16:10 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-18 16:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 16:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-18 16:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-18 16:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-18 16:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-18 16:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-18 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-18 16:10 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-02-18 16:10 - 2013-03-19 05:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-18 16:10 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-02-18 16:10 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-18 16:10 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-02-18 16:08 - 2013-02-27 06:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-18 16:08 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-02-18 16:08 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-02-18 16:08 - 2012-05-05 08:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-02-18 16:07 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-17 22:54 - 2014-02-17 22:54 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Lavasoft
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:37 - 2014-02-20 20:28 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-17 16:34 - 2014-02-17 16:35 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\adawarebp
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-17 16:33 - 2014-02-17 16:35 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-09 23:19 - 2014-02-11 00:33 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-04 23:25 - 2014-02-10 01:06 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-04 16:24 - 2014-02-04 17:08 - 00045304 _____ () C:\Users\ruhlanda\Desktop\Gleitzeitkonten NEU Anna.xlsx
2014-02-01 18:50 - 2014-02-20 13:26 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-01 18:32 - 2014-02-01 19:33 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-29 17:14 - 2014-02-13 16:00 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip
==================== One Month Modified Files and Folders =======
2014-02-21 15:48 - 2014-02-21 15:48 - 00017545 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-21 15:48 - 2014-02-21 15:47 - 00000000 ____D () C:\FRST
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-21 15:42 - 2013-09-03 20:18 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Screenshots
2014-02-21 15:39 - 2014-02-21 15:39 - 01142784 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-21 15:34 - 2012-02-08 11:59 - 1246921728 _____ () C:\Users\ruhlanda\Desktop\Archiv ab 26.06.09.pst
2014-02-21 15:32 - 2013-10-15 09:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 11:19 - 2012-02-07 14:20 - 01212063 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 20:43 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 20:43 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 20:37 - 2013-08-20 07:26 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Dropbox
2014-02-20 20:33 - 2010-11-20 22:01 - 01639394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 20:28 - 2014-02-17 16:37 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-20 20:27 - 2012-02-07 14:21 - 00000000 ____D () C:\Program Files\netinst
2014-02-20 20:27 - 2010-11-20 22:48 - 00814108 _____ () C:\Windows\PFRO.log
2014-02-20 20:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 20:27 - 2009-07-14 05:39 - 00147196 _____ () C:\Windows\setupact.log
2014-02-20 13:26 - 2014-02-01 18:50 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-20 13:26 - 2013-08-19 16:12 - 00113760 _____ () C:\Users\ruhlanda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-19 16:21 - 2009-07-14 05:33 - 00435832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-19 16:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-19 16:14 - 2012-02-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 15:59 - 2012-02-07 15:10 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-19 15:58 - 2012-04-17 12:16 - 00001566 _____ () C:\Windows\CrmClient.mif
2014-02-19 15:57 - 2012-04-17 12:15 - 00000000 ____D () C:\Program Files\Microsoft Dynamics CRM
2014-02-19 15:42 - 2014-02-18 16:17 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-19 13:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 17:25 - 2010-11-21 01:28 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-18 16:46 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 16:32 - 2013-09-24 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 16:24 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-18 12:12 - 2012-05-13 15:09 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 12:09 - 2012-10-08 07:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Users\Public\FreePDF
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Program Files\FreePDF_XP
2014-02-18 12:05 - 2012-11-22 21:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-18 12:05 - 2012-11-22 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-18 10:49 - 2012-05-08 11:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 22:54 - 2014-02-17 22:54 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Lavasoft
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:35 - 2014-02-17 16:34 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\adawarebp
2014-02-17 16:35 - 2014-02-17 16:33 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-17 16:34 - 2014-02-17 16:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-17 15:43 - 2012-02-14 08:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 15:40 - 2012-02-14 08:39 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 23:08 - 2014-02-16 23:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-13 16:00 - 2014-01-29 17:14 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-02-11 00:33 - 2014-02-09 23:19 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-10 01:06 - 2014-02-04 23:25 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-05 09:58 - 2014-02-18 16:21 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-18 16:21 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-18 16:21 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-18 16:21 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-18 16:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-18 16:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-18 16:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-18 16:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-18 16:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-18 16:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2012-02-07 14:49 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-04 17:08 - 2014-02-04 16:24 - 00045304 _____ () C:\Users\ruhlanda\Desktop\Gleitzeitkonten NEU Anna.xlsx
2014-02-03 15:30 - 2012-02-08 12:20 - 00000000 ____D () C:\Privat
2014-02-01 19:46 - 2014-01-08 15:08 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder iPhone 8.1.14
2014-02-01 19:33 - 2014-02-01 18:32 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip
2014-01-24 19:13 - 2013-12-19 16:07 - 00000000 ____D () C:\HVB eFIN 4
2014-01-24 18:31 - 2013-05-27 13:02 - 00000138 _____ () C:\Windows\ODBC.INI
Some content of TEMP:
====================
C:\Users\enteoRuntime\AppData\Local\Temp\InstallAX.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-18 11:19
==================== End Of Log ============================
Und hier Addition txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-02-2014
Ran by RuhlandA at 2014-02-21 15:48:32
Running from C:\Users\ruhlanda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
AAVUpdateManager (Version: 16.00.0000 - Akademische Arbeitsgemeinschaft)
Ad-Aware Antivirus (Version: 11.1.5354.0 - Lavasoft)
Ad-Aware Security Add-on (Version: 3.8.0.2 - Lavasoft)
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
Apple Application Support (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avira Management Console Agent (Version: - Avira Operations GmbH & Co. KG)
Avira Professional Security (Version: 12.0.0.1236 - Avira)
axRTF (Version: 1.0.0.0 - Zwick / Roell AG)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.04(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon iR Toolbox 4.9.1.1.ir02 (Version: 1.1.0 - Canon)
Canon iR1018/1022/1023 (Version: - )
Canon MG5300 series MP Drivers (Version: - )
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057 - Cisco Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
HVB eFIN 4 (Version: - )
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2189 - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
Juniper Installer Service (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.3.36355 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU Version: 7.4.0.25351 - Juniper Networks)
Kalender-Excel-8.9 (Version: 8.9 - MSDatec)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 English (United States) Language Pack (Version: 5.0.9690.3911 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.1992 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.3911 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband service (Version: 6.1.11.2 - Ericsson AB)
Mozilla Firefox 27.0.1 (x86 de) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Oracle Data Provider for .NET Help (Version: 11.2.010 - Oracle Corporation)
Pixum Fotobuch (Version: - )
Secunia PSI (3.0.0.9016) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
TOSHIBA Mobile Broadband Device (Version: 6.1.13.7 - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (Version: 1.4.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.4.1 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Manager (Version: 6.1.13.101 - TOSHIBA CORPORATION)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
Update Rollup 16 for Microsoft Dynamics CRM for Outlook (KB2872369) (Version: 5.0.9690.3911 - Microsoft Corporation)
Update Rollup 4 for Microsoft Dynamics CRM for Outlook (KB2556167) (Version: - Microsoft Corporation)
Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (Version: 5.0.9690.1992 - Microsoft Corporation)
Update Rollup 7 for Microsoft Dynamics CRM for Outlook (KB2600643) (Version: 5.0.9690.2165 - Microsoft Corporation)
Update Rollup 8 for Microsoft Dynamics CRM for Outlook (KB2600644) (Version: 5.0.9690.2243 - Microsoft Corporation)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
VMware Movie Decoder (Version: 1.00.0000 - VMware, Inc.)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 16.5 (Version: 16.5.10095 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 5.1 Free (Version: 5.1 - Wisdom Software Inc.)
==================== Restore Points =========================
19-02-2014 14:41:24 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2CEA7DE9-05CD-4236-8477-3756D1645933} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-02-04 14:23 - 2009-10-01 13:07 - 00011264 _____ () C:\Windows\System32\KOAZXJ_L.dll
2013-02-04 14:23 - 2009-11-02 15:14 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOAZXJ_O.DLL
2012-06-21 11:14 - 2012-01-31 08:24 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-06-04 07:57 - 2012-03-27 11:33 - 00126721 _____ () C:\Program Files\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 16:08 - 2011-12-16 11:26 - 01539136 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
2012-02-07 16:08 - 2011-12-16 11:27 - 00601152 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\netinst\zlib1.dll
2014-02-20 20:27 - 2014-02-20 20:27 - 00006144 _____ () C:\Program Files\netinst\sdesk.dll
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\NetInst\zlib1.dll
2014-01-23 16:26 - 2014-01-23 16:26 - 00651232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
2014-01-23 16:33 - 2014-01-23 16:33 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 03053416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 01928008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00477544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00244088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00228728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00210280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00244592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00502112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00268656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00274808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00181600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00105320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00472944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 01858408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00223088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00422752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00241504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
2013-07-17 17:10 - 2013-07-17 17:10 - 00565640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
2009-12-10 11:07 - 2009-12-10 11:07 - 00700928 ____R () C:\Program Files\Mobile Broadband Service\WMCore.exe
2009-03-25 20:08 - 2009-03-25 20:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Service\MBMDebug.dll
2012-02-07 16:08 - 2011-12-16 11:27 - 00236032 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-11-18 17:18 - 2010-11-18 17:18 - 11205120 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 03643224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
2014-01-23 16:33 - 2014-01-23 16:33 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00308064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00789360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-02-16 23:08 - 2014-02-16 23:08 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-04 22:05 - 2014-02-04 22:05 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ffdwnd => C:\Users\roella\AppData\Local\Mozilla\Firefox\firefox.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetInstall NiTray => "C:\Program Files\NetInst\eTray.exe"
MSCONFIG\startupreg: niagnt32 => C:\Program Files\NetInst\niagnt32.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2014 03:32:50 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von ZUE-W-9860 (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.
Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11341
Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11341
Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10327
Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10327
Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298
Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298
Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/21/2014 03:35:06 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (02/21/2014 03:32:21 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne ZUE aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (02/21/2014 11:21:15 AM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (02/21/2014 11:18:24 AM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (02/21/2014 11:16:03 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne ZUE aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (02/20/2014 08:37:25 PM) (Source: Microsoft-Windows-GroupPolicy) (User: ZUE)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (02/20/2014 08:30:33 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (02/20/2014 08:28:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/20/2014 08:28:29 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/20/2014 08:27:27 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Microsoft Office Sessions:
=========================
Error: (02/21/2014 03:32:50 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: ZUE-W-9860 (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11341
Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11341
Error: (02/21/2014 00:59:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10327
Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10327
Error: (02/21/2014 00:59:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298
Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298
Error: (02/21/2014 00:59:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 2928.43 MB
Available physical RAM: 1343.83 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 3406.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.94 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.84 GB) (Free:29.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:14.93 GB) (Free:8.79 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 44AFAEEC)
Partition 1: (Not Active) - (Size=251 MB) - (Type=1B)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=278 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
21.02.2014, 16:37
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/ Trojaner TR/Patched.Ren.GenZitat:
Sowas sollte man niemald machen, denn zwei Wächter im Hintergrund kommen sich gegenseitig in die Quere. Du hebelst die Sicherheit damit aus. Im Endeffekt hast du einen langsameren und unsicheren Rechner im Vergleich zu einem der "nur" einen Scanner mit Wächter verwendet. Umgehend einen der beiden deinstallieren. Ich würde sogar beide deinstallieren und wenn wir hier durch sind auf Avast Free oder MSE umsteigen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.02.2014, 18:36
| #5 |
| | Virus/ Trojaner TR/Patched.Ren.Gen ich habe Ad-Aware deinstalliert! |
|
21.02.2014, 19:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/ Trojaner TR/Patched.Ren.GenLesestoff:Warum wir Avira nicht mehr empfehlen Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird diese Toolbar von uns als "schädlich" eingestuft. Mehr Informationen. Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen. Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen. Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Virus/ Trojaner TR/Patched.Ren.Gen |
|
25.02.2014, 23:40
| #7 |
| | Virus/ Trojaner TR/Patched.Ren.Gen Hallo! Ich habe die mbar.exe laufen lassen. Das Programm hat nichts gefunden. Ein Cleanup war nicht nötig. |
|
26.02.2014, 00:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/ Trojaner TR/Patched.Ren.Gen Log bitte immer posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2014, 11:58
| #9 |
| | Virus/ Trojaner TR/Patched.Ren.GenCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.25.10
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
RuhlandA :: ZUE-W-9860 [administrator]
25.02.2014 22:04:37
mbar-log-2014-02-25 (22-04-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 328492
Time elapsed: 22 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
26.02.2014, 14:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/ Trojaner TR/Patched.Ren.Gen Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2014, 16:19
| #11 |
| | Virus/ Trojaner TR/Patched.Ren.Gen Vielen Dank für die ganze Hilfe! Habe alle 3 Schritte ausgefürt: 1. Schritt: adwCleaner Code:
ATTFilter # AdwCleaner v3.019 - Bericht erstellt am 26/02/2014 um 16:01:56
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : RuhlandA - ZUE-W-9860
# Gestartet von : C:\Users\ruhlanda\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Zwick\AppData\Roaming\Mozilla\Firefox\Profiles\cghmzgkk.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Uninstall.exe
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\Software\caphyon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16533
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\prefs.js ]
[ Datei : C:\Users\Zwick\AppData\Roaming\Mozilla\Firefox\Profiles\cghmzgkk.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2351 octets] - [26/02/2014 16:00:34]
AdwCleaner[S0].txt - [2272 octets] - [26/02/2014 16:01:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2332 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by RuhlandA on 26.02.2014 at 16:10:57,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\ruhlanda\AppData\Roaming\mozilla\firefox\profiles\7jnmv00a.default\prefs.js
user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\ruhlanda\AppData\Roaming\mozilla\firefox\profiles\7jnmv00a.default\minidumps [61 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2014 at 16:12:49,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by RuhlandA (administrator) on ZUE-W-9860 on 26-02-2014 16:17:32
Running from C:\Users\ruhlanda\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Service.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Mobile Broadband Service\WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\NetInst\mgmtagnt.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Tray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gctrl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\eTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [00THotkey] - C:\Windows\system32\00THotkey.exe
HKLM\...\Run: [000StTHK] - C:\Windows\system32\000StTHK.exe [24576 2001-06-23] ()
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSHIBA_3G_UTY] - C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [1598848 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Discovery User Input] - C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [241664 2011-12-16] ()
HKLM\...\Run: [NetInstall NiTray] - C:\Program Files\NetInst\eTray.exe [67112 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [258512 2012-01-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [SkyDrive] - C:\Users\ruhlanda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-20] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Policies\Explorer: [RecycleBinSize] 1
AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll => C:\Program Files\netinst\NiAMH.dll [61480 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
IFEO\dinotify.exe: [Debugger] C:\Program Files\NetInst\dinotdbg.exe
Startup: C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: zue-s-87:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVir Security Management Center Agent; C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe [1128705 2013-11-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [342480 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-01-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [463824 2012-01-31] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CrmSqlStartupSvc; C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [24240 2014-01-16] (Microsoft Corporation)
R2 DiscoveryClientAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1539136 2011-12-16] ()
R2 DiscoveryIPTransferAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601152 2011-12-16] ()
R2 DSM_Remote_Service; C:\Program Files\netinst\DSM_Remote_Service.exe [4168744 2013-02-22] (FrontRange)
R2 ersupext; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 esiCore; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [132392 2009-11-13] (Juniper Networks)
R3 LanProbe; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe [236032 2011-12-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [127384 2009-12-18] (TOSHIBA CORPORATION)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
R2 WMCoreService; C:\Program Files\Mobile Broadband Service\WMCore.exe [700928 2009-12-10] ()
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2012-01-31] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-01-31] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [26952 2013-03-25] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2009-11-19] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2009-11-19] (Ericsson AB)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-21] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-28] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 t36gbus; C:\Windows\System32\DRIVERS\t36gbus.sys [285056 2009-06-26] (MCCI Corporation)
R3 t36gmdfl; C:\Windows\System32\DRIVERS\t36gmdfl.sys [14976 2009-06-26] (MCCI Corporation)
R3 t36gmdm; C:\Windows\System32\DRIVERS\t36gmdm.sys [374016 2009-06-26] (MCCI Corporation)
R3 t36gmgmt; C:\Windows\System32\DRIVERS\t36gmgmt.sys [357376 2009-06-26] (MCCI Corporation)
R3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps.sys [82984 2009-07-10] (Ericsson AB)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [227880 2009-11-25] (Ericsson AB)
S3 Tosrfcom; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-26 16:17 - 2014-02-26 16:17 - 00000000 ____D () C:\Users\ruhlanda\Desktop\FRST-OlderVersion
2014-02-26 16:12 - 2014-02-26 16:12 - 00001045 _____ () C:\Users\ruhlanda\Desktop\JRT.txt
2014-02-26 16:10 - 2014-02-26 16:10 - 01037734 _____ (Thisisu) C:\Users\ruhlanda\Desktop\JRT.exe
2014-02-26 16:10 - 2014-02-26 16:10 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 16:00 - 2014-02-26 16:02 - 00000000 ____D () C:\AdwCleaner
2014-02-26 15:59 - 2014-02-26 15:59 - 01241834 _____ () C:\Users\ruhlanda\Desktop\adwcleaner.exe
2014-02-25 13:13 - 2014-02-25 13:29 - 00016248 _____ () C:\Users\ruhlanda\Desktop\Zeitnachweis Arbeitszeit Zwick RMR (2).xlsx
2014-02-21 21:42 - 2014-02-25 23:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-21 21:42 - 2014-02-25 22:04 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-21 21:42 - 2014-02-21 21:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-21 21:41 - 2014-02-25 23:41 - 00000000 ____D () C:\Users\ruhlanda\Desktop\mbar
2014-02-21 21:40 - 2014-02-21 21:40 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ruhlanda\Desktop\mbar-1.07.0.1009.exe
2014-02-21 16:10 - 2012-02-11 06:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-02-21 15:48 - 2014-02-26 16:17 - 00015295 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-21 15:48 - 2014-02-21 15:49 - 00032995 _____ () C:\Users\ruhlanda\Desktop\Addition.txt
2014-02-21 15:47 - 2014-02-26 16:17 - 00000000 ____D () C:\FRST
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-21 15:39 - 2014-02-26 16:17 - 01143808 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 16:24 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-02-18 16:24 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-02-18 16:24 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-02-18 16:24 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-02-18 16:24 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-02-18 16:24 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-02-18 16:22 - 2010-02-11 08:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-02-18 16:21 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-18 16:21 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-18 16:21 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-18 16:21 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-18 16:21 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-18 16:21 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 16:21 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 16:21 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 16:21 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 16:21 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-18 16:21 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-18 16:21 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 16:19 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-18 16:19 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-18 16:17 - 2014-02-19 15:42 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-18 16:13 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-18 16:13 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-18 16:13 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-02-18 16:13 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-02-18 16:13 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-02-18 16:13 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-02-18 16:13 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-02-18 16:13 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-02-18 16:13 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-02-18 16:12 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-18 16:12 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-18 16:12 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-18 16:12 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-18 16:12 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-18 16:12 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-02-18 16:12 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-18 16:12 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-18 16:12 - 2012-11-23 03:48 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-02-18 16:12 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-18 16:12 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-18 16:12 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-02-18 16:11 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-18 16:11 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-18 16:11 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-18 16:11 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-02-18 16:11 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-02-18 16:11 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-18 16:11 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-18 16:11 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-02-18 16:11 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-02-18 16:11 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-02-18 16:11 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-02-18 16:11 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-18 16:11 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-02-18 16:10 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-18 16:10 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-18 16:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-18 16:10 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-18 16:10 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-18 16:10 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-18 16:10 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-18 16:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 16:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-18 16:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-18 16:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-18 16:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-18 16:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-18 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-18 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-18 16:10 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-02-18 16:10 - 2013-03-19 05:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-18 16:10 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-02-18 16:10 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-18 16:10 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-02-18 16:08 - 2013-02-27 06:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-18 16:08 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-02-18 16:08 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-02-18 16:08 - 2012-05-05 08:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-02-18 16:07 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-18 16:07 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-18 12:12 - 2014-02-21 16:18 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:33 - 2014-02-21 18:37 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-09 23:19 - 2014-02-11 00:33 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-04 23:25 - 2014-02-10 01:06 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-01 18:50 - 2014-02-20 13:26 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-01 18:32 - 2014-02-01 19:33 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-29 17:14 - 2014-02-13 16:00 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip
==================== One Month Modified Files and Folders =======
2014-02-26 16:17 - 2014-02-26 16:17 - 00000000 ____D () C:\Users\ruhlanda\Desktop\FRST-OlderVersion
2014-02-26 16:17 - 2014-02-21 15:48 - 00015295 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2014-02-26 16:17 - 2014-02-21 15:47 - 00000000 ____D () C:\FRST
2014-02-26 16:17 - 2014-02-21 15:39 - 01143808 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2014-02-26 16:12 - 2014-02-26 16:12 - 00001045 _____ () C:\Users\ruhlanda\Desktop\JRT.txt
2014-02-26 16:10 - 2014-02-26 16:10 - 01037734 _____ (Thisisu) C:\Users\ruhlanda\Desktop\JRT.exe
2014-02-26 16:10 - 2014-02-26 16:10 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 16:10 - 2012-02-07 14:20 - 01374770 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 16:05 - 2013-10-15 09:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 16:05 - 2013-08-20 07:26 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Dropbox
2014-02-26 16:04 - 2012-02-07 14:21 - 00000000 ____D () C:\Program Files\netinst
2014-02-26 16:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 16:03 - 2010-11-20 22:48 - 01018150 _____ () C:\Windows\PFRO.log
2014-02-26 16:03 - 2009-07-14 05:39 - 00147532 _____ () C:\Windows\setupact.log
2014-02-26 16:02 - 2014-02-26 16:00 - 00000000 ____D () C:\AdwCleaner
2014-02-26 15:59 - 2014-02-26 15:59 - 01241834 _____ () C:\Users\ruhlanda\Desktop\adwcleaner.exe
2014-02-26 12:07 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 12:07 - 2009-07-14 05:34 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 23:41 - 2014-02-21 21:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 23:41 - 2014-02-21 21:41 - 00000000 ____D () C:\Users\ruhlanda\Desktop\mbar
2014-02-25 23:41 - 2012-02-08 11:59 - 1246921728 _____ () C:\Users\ruhlanda\Desktop\Archiv ab 26.06.09.pst
2014-02-25 22:04 - 2014-02-21 21:42 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-25 13:29 - 2014-02-25 13:13 - 00016248 _____ () C:\Users\ruhlanda\Desktop\Zeitnachweis Arbeitszeit Zwick RMR (2).xlsx
2014-02-21 21:42 - 2014-02-21 21:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-21 21:40 - 2014-02-21 21:40 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ruhlanda\Desktop\mbar-1.07.0.1009.exe
2014-02-21 18:37 - 2014-02-17 16:33 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-21 17:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-21 17:05 - 2012-11-22 21:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:05 - 2012-11-22 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 16:53 - 2014-01-08 15:08 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder iPhone 8.1.14
2014-02-21 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-21 16:31 - 2010-11-20 22:01 - 01647522 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-21 16:18 - 2014-02-18 12:12 - 00000000 ___RD () C:\Program Files\Skype
2014-02-21 16:18 - 2012-05-13 15:09 - 00000000 ____D () C:\ProgramData\Skype
2014-02-21 16:03 - 2013-09-03 20:18 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Screenshots
2014-02-21 15:49 - 2014-02-21 15:48 - 00032995 _____ () C:\Users\ruhlanda\Desktop\Addition.txt
2014-02-21 15:44 - 2014-02-21 15:44 - 00000913 _____ () C:\Users\ruhlanda\Desktop\Ad-Aware_Report_Full_Manual_2014-02-18T22-27-27.571907.xml
2014-02-20 13:26 - 2014-02-01 18:50 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Paul Auswahl
2014-02-20 13:26 - 2013-08-19 16:12 - 00113760 _____ () C:\Users\ruhlanda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-20 11:45 - 2014-02-20 11:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 16:21 - 2009-07-14 05:33 - 00435832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-19 16:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-19 16:14 - 2012-02-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-19 16:02 - 2014-02-19 16:02 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Mui_1033$
2014-02-19 15:59 - 2014-02-19 15:59 - 00000000 ___HD () C:\Windows\$CrmUninstallKB2872369_Client_1033$
2014-02-19 15:59 - 2012-02-07 15:10 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-19 15:58 - 2012-04-17 12:16 - 00001566 _____ () C:\Windows\CrmClient.mif
2014-02-19 15:57 - 2012-04-17 12:15 - 00000000 ____D () C:\Program Files\Microsoft Dynamics CRM
2014-02-19 15:42 - 2014-02-18 16:17 - 00286054 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-19 00:23 - 2014-02-19 00:23 - 00012810 _____ () C:\Users\ruhlanda\Desktop\Mappe1.xlsx
2014-02-18 17:25 - 2010-11-21 01:28 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-18 16:46 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 16:32 - 2013-09-24 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 16:24 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-18 12:12 - 2014-02-18 12:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-18 12:09 - 2012-10-08 07:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Users\Public\FreePDF
2014-02-18 12:07 - 2012-02-07 15:04 - 00000000 ____D () C:\Program Files\FreePDF_XP
2014-02-18 10:49 - 2012-05-08 11:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 17:25 - 2014-02-17 17:25 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\LavasoftStatistics
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Secunia PSI
2014-02-17 16:31 - 2014-02-17 16:31 - 00000000 ____D () C:\Program Files\Secunia
2014-02-17 15:55 - 2014-02-17 15:55 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\Malwarebytes
2014-02-17 15:43 - 2012-02-14 08:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 15:40 - 2012-02-14 08:39 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 23:08 - 2014-02-16 23:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-13 16:00 - 2014-01-29 17:14 - 00000000 ____D () C:\Users\ruhlanda\Desktop\TOPSELL TO DO
2014-02-11 00:33 - 2014-02-09 23:19 - 00014086 _____ () C:\Users\ruhlanda\Desktop\Deadlines Master.xlsx
2014-02-10 01:06 - 2014-02-04 23:25 - 00011432 _____ () C:\Users\ruhlanda\Desktop\MBA Seitenzahlen.xlsx
2014-02-05 09:58 - 2014-02-18 16:21 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-18 16:21 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-18 16:21 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-18 16:21 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-18 16:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-18 16:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-18 16:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-18 16:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-18 16:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-18 16:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-18 16:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-18 16:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2012-02-07 14:49 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-03 15:30 - 2012-02-08 12:20 - 00000000 ____D () C:\Privat
2014-02-01 19:33 - 2014-02-01 18:32 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Bilder Paul
2014-01-28 17:15 - 2014-01-28 17:15 - 03162821 ____N () C:\Users\ruhlanda\Desktop\Bewerbungsunterlagen ZIP.zip
2014-01-28 17:15 - 2014-01-28 17:15 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\WinZip
Some content of TEMP:
====================
C:\Users\enteoRuntime\AppData\Local\Temp\InstallAX.exe
C:\Users\ruhlanda\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-18 11:19
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-02-2014 01
Ran by RuhlandA at 2014-02-26 16:19:04
Running from C:\Users\ruhlanda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM\...\{E8C23EBE-EE3C-4299-9DB9-601AB3751454}) (Version: 16.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Management Console Agent (HKLM\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version: - Avira Operations GmbH & Co. KG)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 12.0.0.1236 - Avira)
axRTF (HKLM\...\{F1DBF78A-7E9A-4602-8E16-C5728230D787}) (Version: 1.0.0.0 - Zwick / Roell AG)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iR Toolbox 4.9.1.1.ir02 (HKLM\...\{2643914A-E2C2-4180-8396-59B8E1EAFA2F}) (Version: 1.1.0 - Canon)
Canon iR1018/1022/1023 (HKLM\...\{5830B3AB-D08F-4a6d-9925-F95860EE2954}) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.10057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057 - Cisco Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HVB eFIN 4 (HKLM\...\HVB eFIN 4) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Juniper Installer Service (HKLM\...\{447D8B58-880C-4627-BF57-9C408219313E}) (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.3.36355 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.4.0.25351 - Juniper Networks)
Kalender-Excel-8.9 (HKLM\...\Kalender-Excel-8.9_is1) (Version: 8.9 - MSDatec)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 English (United States) Language Pack (Version: 5.0.9690.3911 - Microsoft Corporation) Hidden
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (HKLM\...\Microsoft CRM Client) (Version: 5.0.9690.3911 - Microsoft Corporation)
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.1992 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband service (HKLM\...\{C2D206A3-1B8E-4DE5-8330-871AD23D4D77}) (Version: 6.1.11.2 - Ericsson AB)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.2.010 - Oracle Corporation)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: - )
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TOSHIBA Mobile Broadband Device (HKLM\...\{B03E7DD6-21F9-444D-8CFE-EBE44EC1B407}) (Version: 6.1.13.7 - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.4.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.4.1 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Manager (HKLM\...\{6A631D31-1FD6-46B5-9337-3485C3CBB002}) (Version: 6.1.13.101 - TOSHIBA CORPORATION)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update Rollup 16 for Microsoft Dynamics CRM for Outlook (KB2872369) (HKLM\...\KB2872369_Client_1033) (Version: 5.0.9690.3911 - Microsoft Corporation)
Update Rollup 4 for Microsoft Dynamics CRM for Outlook (KB2556167) (HKLM\...\KB2556167_Client_1033) (Version: - Microsoft Corporation)
Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (HKLM\...\KB2600640_Client_1033) (Version: 5.0.9690.1992 - Microsoft Corporation)
Update Rollup 7 for Microsoft Dynamics CRM for Outlook (KB2600643) (HKLM\...\KB2600643_Client_1033) (Version: 5.0.9690.2165 - Microsoft Corporation)
Update Rollup 8 for Microsoft Dynamics CRM for Outlook (KB2600644) (HKLM\...\KB2600644_Client_1033) (Version: 5.0.9690.2243 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMware Movie Decoder (HKLM\...\{D8E9CA51-F0C2-4FBC-95C6-BECC8C83F04D}) (Version: 1.00.0000 - VMware, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 5.1 Free (HKLM\...\{66F28964-CE41-459A-A4FF-A6BBD1374282}) (Version: 5.1 - Wisdom Software Inc.)
==================== Restore Points =========================
19-02-2014 14:41:24 Windows Update
21-02-2014 15:10:23 Windows Update
21-02-2014 17:36:03 AA11
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2CEA7DE9-05CD-4236-8477-3756D1645933} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-02-04 14:23 - 2009-10-01 13:07 - 00011264 _____ () C:\Windows\System32\KOAZXJ_L.dll
2013-02-04 14:23 - 2009-11-02 15:14 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOAZXJ_O.DLL
2012-06-21 11:14 - 2012-01-31 08:24 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-06-04 07:57 - 2012-03-27 11:33 - 00126721 _____ () C:\Program Files\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 16:08 - 2011-12-16 11:26 - 01539136 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
2012-02-07 16:08 - 2011-12-16 11:27 - 00601152 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\netinst\zlib1.dll
2014-02-26 16:04 - 2014-02-26 16:04 - 00006144 _____ () C:\Program Files\netinst\sdesk.dll
2012-02-07 14:24 - 2013-02-22 17:29 - 00065024 ____N () C:\Program Files\NetInst\zlib1.dll
2009-12-10 11:07 - 2009-12-10 11:07 - 00700928 ____R () C:\Program Files\Mobile Broadband Service\WMCore.exe
2009-03-25 20:08 - 2009-03-25 20:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Service\MBMDebug.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11205120 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:14 - 2010-03-03 14:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2012-02-07 16:08 - 2011-12-16 11:27 - 00236032 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-16 23:08 - 2014-02-16 23:08 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ffdwnd => C:\Users\roella\AppData\Local\Mozilla\Firefox\firefox.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetInstall NiTray => "C:\Program Files\NetInst\eTray.exe"
MSCONFIG\startupreg: niagnt32 => C:\Program Files\NetInst\niagnt32.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 2928.43 MB
Available physical RAM: 1730.5 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 4334.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.18 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.84 GB) (Free:29.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 44AFAEEC)
Partition 1: (Not Active) - (Size=251 MB) - (Type=1B)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=278 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
26.02.2014, 16:54
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/ Trojaner TR/Patched.Ren.Gen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.02.2014, 00:38
| #13 |
| | Virus/ Trojaner TR/Patched.Ren.Gen Das sind gute Nachrichten  Hier der Malware Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.26.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 RuhlandA :: ZUE-W-9860 [Administrator] Schutz: Aktiviert 26.02.2014 17:01:03 mbam-log-2014-02-26 (17-01-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 322691 Laufzeit: 8 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62d7278950950847bd22dc299d6ff746
# engine=17238
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-26 05:53:39
# local_time=2014-02-26 06:53:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1802 16775165 100 100 7584 164112124 353 0
# compatibility_mode=5893 16776573 100 94 245682 145068410 0 0
# scanned=55912
# found=0
# cleaned=0
# scan_time=3296
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62d7278950950847bd22dc299d6ff746
# engine=17241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-26 11:11:27
# local_time=2014-02-27 12:11:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1802 16775165 100 100 18310 164131192 3985 0
# compatibility_mode=5893 16776573 100 94 268350 145087478 0 0
# scanned=175569
# found=0
# cleaned=0
# scan_time=7155
|
|
27.02.2014, 00:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/ Trojaner TR/Patched.Ren.Gen TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus/ Trojaner TR/Patched.Ren.Gen |
| accounts, ad-aware, antivirus, files, gelöscht, gemerkt, geändert, laufen, malwarebytes, programme, pum.hijack.desktop, pup.optional.sweetim.a, quarantäne, schei, spams, tr/patched.ren.gen, trojaner, verschickt, verschoben, zwischen |
Linear-Darstellung
