Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   POPUP Fenster gehen auf! (https://www.trojaner-board.de/163637-popup-fenster-gehen.html)

schrauber 11.02.2015 17:48
Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}

C:\Users\andrea.hafner\Desktop\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001c7a

C:\Users\andrea.hafner\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5FJ8OAA\pack[1].7z

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BabMaint.exe

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BExternal.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BUSolution.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\CrxInstaller.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\delta.crx

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\IEHelper.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\MyBabylonTB.exe

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\Setup.exe

C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\CR\Delta.crx

C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\Shared\BabMaint.exe

C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\Shared\BUSolution.dll

C:\Users\andrea.hafner\Desktop\AppData\Roaming\OpenCandy\6DCCF8E2E0764F6F9C355F37FC9D78FE\DeltaTB.exe

C:\Users\andreas.chudalla\AppData\Local\Temp\DMR\dmr_72.exe

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 1.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 21.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 5.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 7.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 8.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2014-03-04 073341\Backup files 1.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 1.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 2.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 31.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 6.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 8.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 9.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 32.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 6.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 7.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 9.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 33.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 6.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 7.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 9.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 35.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 7.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 8.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 9.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 35.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 7.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 8.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 9.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 25.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 7.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 8.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 9.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-02-09 074010\Backup files 1.zip

HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine2] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
C:\Users\andreas.chudalla\AppData\Local\winengine
Startup: C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
ShortcutTarget: OptimizerProInstaller.lnk -> C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe (PC Utilities Software Limited)
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.

chudi24 12.02.2015 07:50
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by andreas.chudalla at 2015-02-12 07:39:07 Run:1
Running from C:\Users\andreas.chudalla\Desktop
Loaded Profiles: andreas.chudalla (Available profiles: angela.hinse & michael.meisel & ulrich.scherer & mimi.hafner & manuel.hoeller & markus.kleber & andrea.hafner & Lena.Fraunholz & andreas.chudalla & andreas.regner & administrator & admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}

C:\Users\andrea.hafner\Desktop\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001c7a

C:\Users\andrea.hafner\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5FJ8OAA\pack[1].7z

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BabMaint.exe

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BExternal.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BUSolution.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\CrxInstaller.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\delta.crx

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\IEHelper.dll

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\MyBabylonTB.exe

C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\Setup.exe

C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\CR\Delta.crx

C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\Shared\BabMaint.exe

C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\Shared\BUSolution.dll

C:\Users\andrea.hafner\Desktop\AppData\Roaming\OpenCandy\6DCCF8E2E0764F6F9C355F37FC9D78FE\DeltaTB.exe

C:\Users\andreas.chudalla\AppData\Local\Temp\DMR\dmr_72.exe

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 1.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 21.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 5.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 7.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 8.zip

E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2014-03-04 073341\Backup files 1.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 1.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 2.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 31.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 6.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 8.zip

E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 9.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 32.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 6.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 7.zip

E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 9.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 33.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 6.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 7.zip

E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 9.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 35.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 7.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 8.zip

E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 9.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 35.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 7.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 8.zip

E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 9.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 25.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 7.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 8.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 9.zip

E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-02-09 074010\Backup files 1.zip

HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine2] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
C:\Users\andreas.chudalla\AppData\Local\winengine
Startup: C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
ShortcutTarget: OptimizerProInstaller.lnk -> C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe (PC Utilities Software Limited)
Emptytemp:
*****************


"C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}" directory move:

C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\54a97918cc9937ce => Moved successfully.
Could not move "C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\9954df4deb4dd01a" => Scheduled to move on reboot.
C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.dat => Moved successfully.
C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe => Moved successfully.
Could not move "C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}" directory. => Scheduled to move on reboot.

C:\Users\andrea.hafner\Desktop\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001c7a => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5FJ8OAA\pack[1].7z => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BabMaint.exe => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BExternal.dll => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\BUSolution.dll => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\CrxInstaller.dll => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\delta.crx => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\IEHelper.dll => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\MyBabylonTB.exe => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Local\Temp\EEE47331-BAB0-7891-AE75-8531FCB0104C\Latest\Setup.exe => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\CR\Delta.crx => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\Shared\BabMaint.exe => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Roaming\BabSolution\Shared\BUSolution.dll => Moved successfully.
C:\Users\andrea.hafner\Desktop\AppData\Roaming\OpenCandy\6DCCF8E2E0764F6F9C355F37FC9D78FE\DeltaTB.exe => Moved successfully.
C:\Users\andreas.chudalla\AppData\Local\Temp\DMR\dmr_72.exe => Moved successfully.
E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 1.zip => Moved successfully.
E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 21.zip => Moved successfully.
E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 5.zip => Moved successfully.
E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 7.zip => Moved successfully.
E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2013-10-01 150158\Backup files 8.zip => Moved successfully.
E:\PC-0406\Backup Set 2013-10-01 150158\Backup Files 2014-03-04 073341\Backup files 1.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 1.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 2.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 31.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 6.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 8.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-04-14 073903\Backup Files 2014-04-14 073903\Backup files 9.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 32.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 6.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 7.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-06-02 073326\Backup Files 2014-06-02 073326\Backup files 9.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 33.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 6.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 7.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-07-21 073442\Backup Files 2014-07-21 073442\Backup files 9.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 35.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 7.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 8.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-09-22 073726\Backup Files 2014-09-22 073726\Backup files 9.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 35.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 7.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 8.zip => Moved successfully.
E:\PC-0406\Backup Set 2014-11-17 073148\Backup Files 2014-11-17 073148\Backup files 9.zip => Moved successfully.
E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 25.zip => Moved successfully.
E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 7.zip => Moved successfully.
E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 8.zip => Moved successfully.
E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-01-12 073627\Backup files 9.zip => Moved successfully.
E:\PC-0406\Backup Set 2015-01-12 073627\Backup Files 2015-02-09 074010\Backup files 1.zip => Moved successfully.
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Windows\CurrentVersion\Run\\winengine => value deleted successfully.
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Windows\CurrentVersion\Run\\winengine2 => value deleted successfully.
C:\Users\andreas.chudalla\AppData\Local\winengine => Moved successfully.
C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk => Moved successfully.
C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe not found.
EmptyTemp: => Removed 95.8 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-12 07:42:09)<=

C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\9954df4deb4dd01a => Is moved successfully.
C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9} => Is moved successfully.

==== End of Fixlog 07:42:09 ====
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by andreas.chudalla at 2015-02-12 07:43:51
Running from C:\Users\andreas.chudalla\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Security Agent (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Security Agent Anti-Spyware (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AutoCAD LT 2013 - Deutsch (German) (HKLM\...\AutoCAD LT 2013 - Deutsch (German)) (Version: 19.0.55.0 - Autodesk)
AutoCAD LT 2013 - Deutsch (German) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD LT 2013 Language Pack - Deutsch (German) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
browsersupport (HKU\S-1-5-21-3409918318-3268832435-3554840575-1245 Version: 5 - ${CompanyName}) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
DigiTrakLWD (HKLM-x32\...\{D16E1774-E054-4684-815E-1D7E652327EF}) (Version: 2.012.00.000 - Digital-Control, Inc.)
ESS Energie Indikator (HKLM-x32\...\{6E83470B-5EE2-407D-ABFC-CC87E070ED8C}) (Version: 20.13.0 - Nemetschek Allplan GmbH)
ESTOS ProCall (HKLM-x32\...\{F2D50027-E910-4C2C-AC57-E7D806AAE64E}) (Version: 4.1.10.20036 - ESTOS)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{6BC1F8BE-E812-43FC-B648-90770D1C8F34}) (Version: 6.3a - Silicon Laboratories, Inc.)
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 19.0.1240 - Trend Micro Inc.)
Trend Micro Worry-Free Business Security Agent (Version: 9.0 - Trend Micro Inc.) Hidden
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.6 - Microsoft Corporation)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
winengine (HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\winengine) (Version: 20.020 - Ad business Crown Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3409918318-3268832435-3554840575-1245_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2013\acadlt.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3409918318-3268832435-3554840575-1245_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2013\de-DE\acadltficn.dll (Autodesk, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-05-13 13:31 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {309DDB9E-E5B2-49C4-A862-37419536E206} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {386DF147-2C4A-43F7-BFBA-74BEECE839E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {39CCE3F9-BEB4-4791-85E6-1F7E953517E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {3DBC1268-8B24-4A0D-B3C9-B0D747045405} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {462282DE-B532-47A9-9088-E092C9F7DD9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {E144FE06-4742-4F39-904C-BCC78CF23486} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {F561A6DF-A3DF-43D0-87F0-D328B86A4C31} - System32\Tasks\sondhschedule => C:\Users\andreas.chudalla\AppData\Roaming\browsersupport\browsersupport-Installer.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-31 09:03 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-31 12:55 - 2011-08-31 12:55 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\sqlite3.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00397824 _____ () C:\windows\system32\xiputil.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00465408 _____ () C:\windows\system32\xipinterp.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204800 _____ () C:\windows\system32\xesup.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01737728 _____ () C:\windows\system32\xeext.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00214016 _____ () C:\windows\system32\xipsup.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00287232 _____ () C:\windows\system32\documentio.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00080384 _____ () C:\windows\system32\diotifffx.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00009216 _____ () C:\windows\system32\xiplibxml.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01341952 _____ () C:\windows\system32\xrx_xml2.dll
2013-04-17 14:32 - 2009-08-14 04:03 - 00207360 _____ () C:\windows\system32\xrx_xslt.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00587264 _____ () C:\windows\system32\xipxmlsec.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 04120064 _____ () C:\windows\system32\xeng.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00223232 _____ () C:\windows\system32\lcms.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204288 _____ () C:\windows\system32\xi.dll
2009-07-02 15:32 - 2009-07-02 15:32 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\zlibwapi.dll
2013-01-16 09:19 - 2013-01-16 09:19 - 00048128 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-04-02 11:25 - 2013-04-02 11:25 - 00675840 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\sqlite3.dll
2013-01-16 09:23 - 2013-01-16 09:23 - 00058368 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\boost_thread-vc110-mt-1_49.dll
2013-04-17 14:32 - 2010-09-16 15:34 - 00146176 _____ () C:\Windows\System32\xdnorbgnd.exe
2013-04-17 14:32 - 2009-08-14 04:02 - 00397824 _____ () C:\Windows\System32\xiputil.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00465408 _____ () C:\Windows\System32\xipinterp.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204800 _____ () C:\Windows\System32\xesup.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01737728 _____ () C:\Windows\System32\xeext.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00214016 _____ () C:\Windows\System32\xipsup.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00287232 _____ () C:\Windows\System32\documentio.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00080384 _____ () C:\Windows\System32\diotifffx.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00009216 _____ () C:\Windows\System32\xiplibxml.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01341952 _____ () C:\Windows\System32\xrx_xml2.dll
2013-04-17 14:32 - 2009-08-14 04:03 - 00207360 _____ () C:\Windows\System32\xrx_xslt.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00587264 _____ () C:\Windows\System32\xipxmlsec.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 04120064 _____ () C:\Windows\System32\xeng.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00223232 _____ () C:\Windows\System32\lcms.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204288 _____ () C:\Windows\System32\xi.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-10 07:46 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-06 08:16 - 2015-02-06 08:16 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Control Panel\Desktop\\Wallpaper -> C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.81.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

admin (S-1-5-21-3572959257-616895921-2767358109-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3572959257-616895921-2767358109-500 - Administrator - Disabled)
Gast (S-1-5-21-3572959257-616895921-2767358109-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 07:39:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1688
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/11/2015 04:15:24 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich befindet (Fehler=0x8007041d).

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007041d.

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich befindet (Fehler=0x8007041d).

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007041d.

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (02/12/2015 07:40:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/11/2015 03:15:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 03:15:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (02/11/2015 03:15:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 03:15:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (02/11/2015 03:15:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 03:15:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (02/11/2015 03:15:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/11/2015 03:15:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 03:15:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.


Microsoft Office Sessions:
=========================
Error: (02/12/2015 07:39:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425168801d0468d4589b3fcC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld82070f4-b281-11e4-9612-902b3411fc4b

Error: (02/11/2015 04:15:24 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007041d

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007041d

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007041d

Error: (02/11/2015 03:15:57 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007041d

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/11/2015 03:15:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer


CodeIntegrity Errors:
===================================
  Date: 2014-05-13 14:30:37.730
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-13 14:30:37.714
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8154.33 MB
Available physical RAM: 6271.94 MB
Total Pagefile: 16306.84 MB
Available Pagefile: 14139.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:3.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:298.08 GB) NTFS
Drive g: (kollmerdaten) (Network) (Total:557.75 GB) (Free:234.94 GB) NTFS
Drive r: (Daten) (Network) (Total:309.4 GB) (Free:203.53 GB) NTFS
Drive u: (Daten) (Network) (Total:309.4 GB) (Free:203.53 GB) NTFS
Drive y: () (Network) (Total:400.19 GB) (Free:180.18 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: E3B0152C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 495EDE2A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by andreas.chudalla (administrator) on PC-0406 on 12-02-2015 07:43:19
Running from C:\Users\andreas.chudalla\Desktop
Loaded Profiles: andreas.chudalla (Available profiles: angela.hinse & michael.meisel & ulrich.scherer & mimi.hafner & manuel.hoeller & markus.kleber & andrea.hafner & Lena.Fraunholz & andreas.chudalla & andreas.regner & administrator & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ESTOS GmbH) C:\Windows\System32\EACuSrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\NTRTScan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\TmListen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Xerox Corporation) C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
() C:\Windows\System32\xdnorbgnd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [XeroxScanUtility] => C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [2390784 2010-09-16] (Xerox Corporation)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\windows\system32\xdnorbgnd.exe [146176 2010-09-16] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21245240 2013-01-18] (ESTOS GmbH)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe [1989040 2014-02-17] (Trend Micro Inc.)
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: browsersupport helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\browsersupport\browsersupport.dll (appllc)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: browsersupport helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\browsersupport\browsersupport.dll (appllc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3409918318-3268832435-3554840575-1245 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.81.1

FireFox:
========
FF ProfilePath: C:\Users\andreas.chudalla\AppData\Roaming\Mozilla\Firefox\Profiles\s2nhj9ft.default-1423134047471
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 EACUSrv; C:\Windows\system32\EACuSrv.exe [6876008 2014-01-15] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [652632 2013-01-18] (ESTOS GmbH)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe [3747816 2014-02-17] (Trend Micro Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe [661912 2014-02-17] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe [4041088 2014-02-17] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\Security Agent\TmProxy.exe [929328 2014-01-22] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 3wareDrv; C:\Windows\system32\drivers\3wareDrv.sys [125224 2011-08-11] (LSI)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51496 2012-01-17] (LSI Corporation)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-06-03] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 O2MDRDR; C:\Windows\system32\drivers\o2mdx64.sys [63264 2009-05-07] (O2Micro )
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [286232 2013-10-31] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2013-09-26] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Security Agent\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X]
S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 07:43 - 2015-02-12 07:43 - 00012043 _____ () C:\Users\andreas.chudalla\Desktop\FRST.txt
2015-02-12 07:41 - 2015-02-12 07:41 - 00006356 _____ () C:\windows\PFRO.log
2015-02-12 07:38 - 2015-02-12 07:38 - 02134016 _____ (Farbar) C:\Users\andreas.chudalla\Desktop\FRST64.exe
2015-02-12 07:32 - 2015-02-12 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-12 07:32 - 2013-06-25 13:30 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2015-02-12 07:32 - 2013-06-25 13:30 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2015-02-12 07:31 - 2015-02-12 07:31 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 07:22 - 2015-02-12 07:41 - 00000336 _____ () C:\windows\setupact.log
2015-02-12 07:22 - 2015-02-12 07:22 - 00482080 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 07:22 - 2015-02-12 07:22 - 00000000 _____ () C:\windows\setuperr.log
2015-02-11 16:00 - 2015-02-11 16:00 - 00141312 _____ () C:\Users\andreas.chudalla\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-11 13:25 - 2015-02-11 13:25 - 00015118 _____ () C:\Users\andreas.chudalla\Desktop\Mappe1.xlsx
2015-02-11 08:36 - 2015-02-11 11:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-10 16:04 - 2015-02-11 08:34 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\Mozilla
2015-02-10 07:46 - 2015-02-10 07:46 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 12:26 - 2015-02-06 12:26 - 00018431 _____ () C:\ComboFix.txt
2015-02-05 14:13 - 2015-02-12 07:43 - 00000000 ____D () C:\FRST
2015-02-05 14:03 - 2015-02-05 14:03 - 00001124 _____ () C:\Users\andreas.chudalla\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 12:55 - 2015-02-06 07:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 12:55 - 2015-02-05 13:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 12:55 - 2015-02-05 12:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-02-05 12:52 - 2015-02-12 07:40 - 00470422 _____ () C:\windows\WindowsUpdate.log
2015-02-05 09:47 - 2015-02-10 07:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 08:16 - 2015-02-05 08:16 - 00000000 ____D () C:\Program Files (x86)\browsersupport
2015-02-05 08:05 - 2015-02-05 08:05 - 00000000 ____D () C:\shoplog
2015-02-05 08:00 - 2015-02-05 08:15 - 00000822 _____ () C:\windows\DCEBOOT.RST
2015-02-05 08:00 - 2015-02-05 08:00 - 00635102 _____ () C:\windows\system32\errordetails.xml
2015-02-05 07:57 - 2015-02-05 07:57 - 00003344 _____ () C:\windows\System32\Tasks\sondhschedule
2015-02-05 07:55 - 2015-02-05 08:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-05 07:55 - 2015-02-05 08:00 - 00025136 _____ (Trend Micro Inc.) C:\windows\DCEBoot64.exe
2015-02-05 07:55 - 2015-02-05 07:55 - 00240176 _____ (Trend Micro Inc.) C:\windows\RegBootClean64.exe
2015-01-28 16:07 - 2015-01-28 17:23 - 00562028 ____N () C:\Users\andreas.chudalla\Bauleiterschulung Fa. Kollmer 29.1.15.pptx
2015-01-22 14:51 - 2015-01-22 14:51 - 00000000 __SHD () C:\Users\andreas.chudalla\AppData\Local\EmieUserList
2015-01-22 14:51 - 2015-01-22 14:51 - 00000000 __SHD () C:\Users\andreas.chudalla\AppData\Local\EmieSiteList
2015-01-21 08:15 - 2015-01-21 08:15 - 00000211 ____H () C:\Users\andreas.chudalla\Documents\Zeichnung1.dwl2
2015-01-21 08:15 - 2015-01-21 08:15 - 00000061 ____H () C:\Users\andreas.chudalla\Documents\Zeichnung1.dwl
2015-01-20 15:10 - 2015-02-11 16:10 - 00000000 ____D () C:\Users\andreas.chudalla\Desktop\Stunden

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 07:43 - 2014-08-18 11:10 - 00010786 _____ () C:\windows\cfgall.ini
2015-02-12 07:41 - 2014-08-18 11:10 - 01017784 _____ () C:\windows\SysWOW64\TmInstall.log
2015-02-12 07:41 - 2014-08-18 11:10 - 00562912 _____ () C:\windows\system32\TmInstall.log
2015-02-12 07:41 - 2013-03-25 14:24 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 07:41 - 2012-06-06 08:04 - 00000128 _____ () C:\windows\system32\config\netlogon.ftl
2015-02-12 07:41 - 2012-05-31 09:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 07:41 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-12 07:34 - 2012-05-01 11:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-12 07:32 - 2013-06-25 13:30 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-02-12 07:32 - 2013-06-25 13:30 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-02-12 07:32 - 2013-06-25 13:30 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-02-12 07:32 - 2013-06-25 13:30 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-12 07:32 - 2013-03-25 14:24 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 07:31 - 2013-06-25 13:30 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-12 07:30 - 2009-07-14 05:45 - 00027344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 07:30 - 2009-07-14 05:45 - 00027344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 07:28 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-02-12 07:27 - 2012-05-01 10:44 - 00735410 _____ () C:\windows\system32\perfh007.dat
2015-02-12 07:27 - 2012-05-01 10:44 - 00162808 _____ () C:\windows\system32\perfc007.dat
2015-02-12 07:27 - 2009-07-14 06:13 - 01715220 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-11 15:43 - 2014-02-11 09:08 - 00038098 _____ () C:\Users\andreas.chudalla\Documents\plot.log
2015-02-11 15:17 - 2013-10-01 06:31 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\Google
2015-02-11 15:16 - 2013-11-05 07:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 13:09 - 2014-05-13 13:13 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 15:50 - 2014-05-13 13:37 - 00000000 ____D () C:\AdwCleaner
2015-02-06 12:27 - 2014-05-13 13:25 - 00000000 ____D () C:\Qoobox
2015-02-06 12:25 - 2009-07-14 03:34 - 00000215 ____N () C:\windows\system.ini
2015-02-06 11:40 - 2013-10-01 06:34 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\cache
2015-02-06 08:16 - 2013-11-05 07:27 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 08:16 - 2013-03-25 14:23 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 08:16 - 2013-03-25 14:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\IME
2015-02-05 12:32 - 2014-05-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 12:32 - 2014-05-13 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 10:17 - 2013-10-01 06:38 - 00002002 ____H () C:\Users\andreas.chudalla\Documents\Default.rdp
2015-02-05 09:22 - 2013-10-01 06:30 - 00001451 _____ () C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-05 08:15 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-01-30 08:19 - 2013-10-01 06:30 - 00000000 ____D () C:\Users\andreas.chudalla
2015-01-30 07:48 - 2014-03-25 07:49 - 00000000 ____D () C:\Users\andreas.chudalla\Desktop\F5
2015-01-23 08:18 - 2014-03-24 07:36 - 00000000 ____D () C:\Users\andreas.chudalla\Urlaub
2015-01-22 14:51 - 2013-03-25 14:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 12:10 - 2015-01-08 07:56 - 00001982 ____H () C:\Users\Lena.Fraunholz\Documents\Default.rdp

==================== Files in the root of some directories =======

2013-06-28 08:34 - 2013-06-28 08:34 - 0000949 _____ () C:\Program Files (x86)\Programme (x86) - Verknüpfung.lnk
2013-03-27 15:01 - 2013-03-27 15:01 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:11

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 12.02.2015 18:36
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:05 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131