Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus miditest exe oder memtest exe (https://www.trojaner-board.de/165593-virus-miditest-exe-memtest-exe.html)

M-K-D-B 02.04.2015 21:00
Servus,


fehlen nur noch die anderen Logdateien. :)

accr 02.04.2015 21:48
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.04.2015
Suchlauf-Zeit: 21:53:54
Logdatei: 123.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.02.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: RuhlandA

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 518378
Verstrichene Zeit: 25 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 2
PUM.Hijack.Desktop, HKU\S-1-5-21-105326146-1529052593-1124750213-36180\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Gut: (0), Schlecht: (1),Ersetzt,[953886e138520432b5237082e91c47b9]
PUM.Hijack.Desktop, HKU\S-1-5-21-105326146-1529052593-1124750213-44171\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Gut: (0), Schlecht: (1),Ersetzt,[86475b0c1278f6406d6b00f2ee17748c]

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Bin dabei :) :)

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Professional x86
Ran by RuhlandA on 02.04.2015 at 22:23:05,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ruhlanda\AppData\Roaming\mozilla\firefox\profiles\7jnmv00a.default\minidumps [119 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2015 at 22:25:39,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by RuhlandA (administrator) on ZUE-W-9860 on 02-04-2015 22:33:49
Running from C:\Users\ruhlanda\Desktop
Loaded Profiles: RuhlandA (Available profiles: RuhlandA & Zwick)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Service.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\mgmtagnt.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Mobile Broadband Service\WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\mgmtagnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Tray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gctrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\eTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [000StTHK] => C:\Windows\system32\000StTHK.exe [24576 2001-06-23] ()
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSHIBA_3G_UTY] => C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [1598848 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSDCR] => C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Discovery User Input] => C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [241664 2011-12-16] ()
HKLM\...\Run: [NetInstall NiTray] => C:\Program Files\NetInst\eTray.exe [67112 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [258512 2012-01-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSCRM] => C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe [35504 2014-01-16] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [OneDrive] => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
IFEO\dinotify.exe: [Debugger] C:\Program Files\NetInst\dinotdbg.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-105326146-1529052593-1124750213-48872\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-105326146-1529052593-1124750213-48872 -> {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: iCloud Bookmarks - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\firefoxdav@icloud.com [2014-11-15]
FF Extension: Bitdefender QuickScan - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-03-29]
FF Extension: Autofill Forms - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\autofillForms@blueimp.net.xpi [2014-07-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVir Security Management Center Agent; C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe [1128705 2013-11-20] (Avira Operations GmbH & Co. KG) [File not signed]
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [342480 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-01-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [463824 2012-01-31] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 DiscoveryClientAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1539136 2011-12-16] ()
R2 DiscoveryIPTransferAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601152 2011-12-16] ()
R2 DSM_Remote_Service; C:\Program Files\netinst\DSM_Remote_Service.exe [4168744 2013-02-22] (FrontRange)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688232 2013-05-24] (Juniper Networks)
R2 ersupext; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 esiCore; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [132392 2009-11-13] (Juniper Networks)
R3 LanProbe; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe [236032 2011-12-16] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [127384 2009-12-18] (TOSHIBA CORPORATION)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files\Mobile Broadband Service\WMCore.exe [700928 2009-12-10] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2012-01-31] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-01-31] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [26952 2014-03-12] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-05-23] (Juniper Networks)
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2009-11-19] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2009-11-19] (Ericsson AB)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-28] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 t36gbus; C:\Windows\System32\DRIVERS\t36gbus.sys [285056 2009-06-26] (MCCI Corporation)
R3 t36gmdfl; C:\Windows\System32\DRIVERS\t36gmdfl.sys [14976 2009-06-26] (MCCI Corporation)
R3 t36gmdm; C:\Windows\System32\DRIVERS\t36gmdm.sys [374016 2009-06-26] (MCCI Corporation)
R3 t36gmgmt; C:\Windows\System32\DRIVERS\t36gmgmt.sys [357376 2009-06-26] (MCCI Corporation)
R3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps.sys [82984 2009-07-10] (Ericsson AB)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [227880 2009-11-25] (Ericsson AB)
S3 catchme; \??\C:\Users\ruhlanda\AppData\Local\Temp\catchme.sys [X]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 22:25 - 2015-04-02 22:25 - 00000764 _____ () C:\Users\ruhlanda\Desktop\JRT.txt
2015-04-02 22:23 - 2015-04-02 22:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ZUE-W-9860-Windows-7-Professional-(32-bit).dat
2015-04-02 22:23 - 2015-04-02 22:23 - 00000000 ____D () C:\RegBackup
2015-04-02 22:21 - 2015-04-02 22:21 - 00001623 _____ () C:\Users\ruhlanda\Desktop\123.txt
2015-04-02 22:13 - 2015-04-02 22:13 - 02690981 _____ (Thisisu) C:\Users\ruhlanda\Desktop\JRT.exe
2015-04-02 21:52 - 2015-04-02 21:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-02 21:52 - 2015-04-02 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-02 21:52 - 2015-04-02 21:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-02 21:52 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-02 21:52 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-02 21:45 - 2015-04-02 21:46 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ruhlanda\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-02 21:31 - 2015-04-02 21:31 - 02208768 _____ () C:\Users\ruhlanda\Desktop\AdwCleaner_4.200.exe
2015-04-01 21:07 - 2015-04-01 21:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-01 21:01 - 2015-04-02 21:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 21:00 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 20:58 - 2015-04-01 23:26 - 00000000 ____D () C:\Users\ruhlanda\Desktop\mbar
2015-04-01 20:57 - 2015-04-01 20:57 - 16502728 _____ (Malwarebytes Corp.) C:\Users\ruhlanda\Desktop\mbar-1.09.1.1004.exe
2015-04-01 20:44 - 2015-04-01 20:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\ruhlanda\Desktop\tdsskiller.exe
2015-03-31 22:34 - 2015-03-31 22:43 - 00001024 _____ () C:\Users\ruhlanda\Desktop\SystemLook.txt
2015-03-31 22:34 - 2015-03-31 22:34 - 00139264 _____ () C:\Users\ruhlanda\Desktop\SystemLook.exe
2015-03-29 14:29 - 2015-03-29 14:29 - 00017482 _____ () C:\ComboFix.txt
2015-03-29 14:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-29 14:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-29 14:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-29 14:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-29 14:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-29 14:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-29 14:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-29 14:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-29 14:13 - 2015-03-29 14:29 - 00000000 ____D () C:\Qoobox
2015-03-29 14:13 - 2015-03-29 14:28 - 00000000 ____D () C:\Windows\erdnt
2015-03-29 14:11 - 2015-03-29 14:11 - 05617067 ____R (Swearware) C:\Users\ruhlanda\Desktop\ComboFix.exe
2015-03-29 13:16 - 2015-03-29 13:16 - 00036035 _____ () C:\Users\ruhlanda\Desktop\Addition.txt
2015-03-29 13:15 - 2015-04-02 22:34 - 00020411 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2015-03-29 13:14 - 2015-03-29 13:14 - 00000592 _____ () C:\Users\ruhlanda\Desktop\Ereignisse.txt
2015-03-29 13:07 - 2015-03-29 13:07 - 01135104 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2015-03-29 12:58 - 2015-03-29 13:03 - 00000000 ____D () C:\ProgramData\F-Secure
2015-03-29 12:58 - 2015-03-29 12:58 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\F-Secure
2015-03-29 12:56 - 2015-03-29 12:55 - 00572456 _____ (F-Secure Corporation) C:\Users\ruhlanda\Desktop\F-SecureOnlineScanner.exe
2015-03-29 12:28 - 2015-03-29 12:32 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\QuickScan
2015-03-28 09:22 - 2015-03-28 09:22 - 00000165 ____H () C:\Users\ruhlanda\Desktop\~$IMD CEO 2015 myposter Live Case Final Version.pptx
2015-03-27 14:16 - 2015-03-28 10:39 - 00256247 _____ () C:\Users\ruhlanda\Desktop\IMD CEO 2015 myposter Live Case Final Version.pptx
2015-03-22 16:19 - 2015-03-22 16:19 - 00060075 ____N () C:\Users\ruhlanda\Desktop\HelveticaNeue.zip
2015-03-22 16:19 - 2009-02-06 10:04 - 00048360 _____ () C:\Users\ruhlanda\Desktop\HelveticaNeueLTPro-Bd.otf
2015-03-22 16:19 - 2009-02-06 10:04 - 00047892 _____ () C:\Users\ruhlanda\Desktop\HelveticaNeueLTPro-Roman.otf
2015-03-19 17:45 - 2015-03-19 17:45 - 00243368 _____ () C:\Users\ruhlanda\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-14 17:16 - 2015-03-14 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 22:33 - 2014-02-21 16:47 - 00000000 ____D () C:\FRST
2015-04-02 22:21 - 2014-10-24 02:18 - 00000000 ____D () C:\Users\ruhlanda\Desktop\1
2015-04-02 22:08 - 2014-04-16 08:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 21:52 - 2012-02-14 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 21:49 - 2009-07-14 06:34 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 21:49 - 2009-07-14 06:34 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 21:45 - 2012-02-07 15:20 - 01764290 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 21:43 - 2010-11-20 23:01 - 01647522 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 21:41 - 2014-04-16 09:45 - 00000000 ___RD () C:\Users\ruhlanda\Google Drive
2015-04-02 21:40 - 2014-04-16 08:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 21:40 - 2014-02-27 14:03 - 00367232 _____ () C:\Windows\system32\Crm30ForOutlookInstaller.log
2015-04-02 21:38 - 2012-05-08 12:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-02 21:38 - 2010-11-20 23:48 - 01441980 _____ () C:\Windows\PFRO.log
2015-04-02 21:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 21:38 - 2009-07-14 06:39 - 00176206 _____ () C:\Windows\setupact.log
2015-04-02 21:36 - 2014-02-26 17:00 - 00000000 ____D () C:\AdwCleaner
2015-04-02 08:33 - 2012-02-07 15:21 - 00000000 ____D () C:\Program Files\netinst
2015-04-01 23:26 - 2014-02-21 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-31 22:12 - 2014-04-23 09:22 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\8D550D74-1468-4B96-BE86-FEDABC2BBBA4.aplzod
2015-03-29 14:29 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-03-29 14:29 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-03-29 14:28 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-23 23:36 - 2013-08-19 17:12 - 00113760 _____ () C:\Users\ruhlanda\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-23 23:35 - 2009-07-14 06:33 - 00448112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 17:46 - 2012-02-07 18:13 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-15 11:10 - 2014-04-16 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 17:17 - 2014-05-10 00:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-14 17:16 - 2014-05-10 00:28 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-14 17:16 - 2014-05-10 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-14 17:15 - 2012-03-20 00:14 - 00000000 ____D () C:\Program Files\Java
2015-03-14 17:11 - 2014-08-20 20:00 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Adobe
2015-03-14 17:11 - 2012-11-22 22:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 17:11 - 2012-11-22 22:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-12 12:48 - 2014-02-20 12:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

Some content of TEMP:
====================
C:\Users\ruhlanda\AppData\Local\Temp\Quarantine.exe
C:\Users\ruhlanda\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-28 11:12

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by RuhlandA at 2015-04-02 22:34:35
Running from C:\Users\ruhlanda\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM\...\{E8C23EBE-EE3C-4299-9DB9-601AB3751454}) (Version: 16.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Management Console Agent (HKLM\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version:  - Avira Operations GmbH & Co. KG)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 12.0.0.1236 - Avira)
axRTF (HKLM\...\{F1DBF78A-7E9A-4602-8E16-C5728230D787}) (Version: 1.0.0.0 - Zwick / Roell AG)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iR Toolbox 4.9.1.1.ir02 (HKLM\...\{2643914A-E2C2-4180-8396-59B8E1EAFA2F}) (Version: 1.1.0 - Canon)
Canon iR1018/1022/1023 (HKLM\...\{5830B3AB-D08F-4a6d-9925-F95860EE2954}) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.10057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057 - Cisco Systems, Inc.) Hidden
Dropbox (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EdiVotePro (HKLM\...\{D45050DD-D11C-4E1F-A70A-088B914D7989}) (Version: 1.3.982 - Infowhyse)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HVB eFIN 4 (HKLM\...\HVB eFIN 4) (Version:  - )
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Juniper Installer Service (HKLM\...\{447D8B58-880C-4627-BF57-9C408219313E}) (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.25351 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Juniper_Term_Services) (Version: 8.0.3.30619 - Juniper Networks)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband service (HKLM\...\{C2D206A3-1B8E-4DE5-8330-871AD23D4D77}) (Version: 6.1.11.2 - Ericsson AB)
Mozilla Firefox 37.0 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.2.010 - Oracle Corporation)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version:  - )
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TOSHIBA Mobile Broadband Device  (HKLM\...\{B03E7DD6-21F9-444D-8CFE-EBE44EC1B407}) (Version: 6.1.13.7 - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.4.1 - TOSHIBA Corporation)
TOSHIBA Wireless Manager (HKLM\...\{6A631D31-1FD6-46B5-9337-3485C3CBB002}) (Version: 6.1.13.101 - TOSHIBA CORPORATION)
Update Rollup 8 for Microsoft Dynamics CRM for Outlook (KB2600644) (HKLM\...\KB2600644_Client_1033) (Version: 5.0.9690.2243 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Movie Decoder (HKLM\...\{D8E9CA51-F0C2-4FBC-95C6-BECC8C83F04D}) (Version: 1.00.0000 - VMware, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 5.1 Free (HKLM\...\{66F28964-CE41-459A-A4FF-A6BBD1374282}) (Version: 5.1 - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-04-2015 09:31:20 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-03-29 14:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06C96D7A-C16F-46AB-9E1A-E1E329C81680} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {4EA30762-9EED-4710-A479-0784F69D3861} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {83473215-141F-4373-893F-AC0F3162A9A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-02-04 15:23 - 2009-10-01 14:07 - 00011264 _____ () C:\Windows\System32\KOAZXJ_L.dll
2013-02-04 15:23 - 2009-11-02 16:14 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOAZXJ_O.DLL
2012-06-21 12:14 - 2012-01-31 09:24 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-06-04 08:57 - 2012-03-27 12:33 - 00126721 _____ () C:\Program Files\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 17:08 - 2011-12-16 12:26 - 01539136 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
2012-02-07 17:08 - 2011-12-16 12:27 - 00601152 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
2012-02-07 15:24 - 2013-02-22 18:29 - 00065024 ____N () C:\Program Files\netinst\zlib1.dll
2015-04-02 08:33 - 2015-04-02 08:33 - 00006144 _____ () C:\Program Files\netinst\sdesk.dll
2012-02-07 15:24 - 2013-02-22 18:29 - 00065024 ____N () C:\Program Files\NetInst\zlib1.dll
2009-12-10 12:07 - 2009-12-10 12:07 - 00700928 ____R () C:\Program Files\Mobile Broadband Service\WMCore.exe
2009-03-25 21:08 - 2009-03-25 21:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Service\MBMDebug.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11205120 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 15:14 - 2010-03-03 15:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:14 - 2010-03-03 15:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2012-02-07 17:08 - 2011-12-16 12:27 - 00236032 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-105326146-1529052593-1124750213-48872\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetInstall NiTray => "C:\Program Files\NetInst\eTray.exe"
MSCONFIG\startupreg: niagnt32 => C:\Program Files\NetInst\niagnt32.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

==================== Accounts: =============================

Administrator (S-1-5-21-204117488-291554393-1161031085-500 - Administrator - Disabled)
enteoInstaller (S-1-5-21-204117488-291554393-1161031085-1002 - Administrator - Enabled)
Gast (S-1-5-21-204117488-291554393-1161031085-501 - Limited - Disabled)
Zwick (S-1-5-21-204117488-291554393-1161031085-1001 - Administrator - Enabled) => C:\Users\Zwick

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 10:34:46 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von ZUE-W-9860 (192.168.2.143) ist fehlgeschlagen.
Keine gültige Lizenz gefunden. .
Es wurden keine neuen Dateien geladen.

Error: (04/02/2015 10:29:05 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Microsoft Windows Search-Indexerstellung wurde wegen dieses Fehlers geschlossen.

Programm: Microsoft Windows Search-Indexerstellung
Datei: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000009C
Datenträgertyp: 3

Error: (04/02/2015 10:29:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0c672
Name des fehlerhaften Moduls: TQUERY.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d569
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0002eb6a
ID des fehlerhaften Prozesses: 0x868
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3


System errors:
=============
Error: (04/02/2015 10:29:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 9 Mal passiert.

Error: (04/02/2015 10:29:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:44 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:41 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:37 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:28 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:25 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/02/2015 10:27:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (04/02/2015 10:34:46 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: ZUE-W-9860 (192.168.2.143)Keine gültige Lizenz gefunden.

Error: (04/02/2015 10:29:05 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ciMicrosoft Windows Search-IndexerstellungC000009C3

Error: (04/02/2015 10:29:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0c672TQUERY.DLL7.0.7601.176104dc0d569c00000060002eb6a86801d06d834933b2abC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLLe7be03dd-d976-11e4-a8d7-0023182fae92


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 40%
Total physical RAM: 2928.43 MB
Available physical RAM: 1728.77 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 4491.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.84 GB) (Free:22.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 44AFAEEC)
Partition 1: (Not Active) - (Size=251 MB) - (Type=1B)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=277.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 03.04.2015 14:13
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

accr 03.04.2015 20:12
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by RuhlandA at 2015-04-03 17:05:48 Run:1
Running from C:\Users\ruhlanda\Desktop
Loaded Profiles: RuhlandA (Available profiles: RuhlandA & Zwick)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
"HKU\S-1-5-21-105326146-1529052593-1124750213-48872\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 578.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:06:23 ====
Code:

       
Code:

       
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : ZUE-W-9860
   Windows . . . . . . . : 6.1.1.7601.X86/4
   User name . . . . . . : ZUE\RuhlandA
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-04-03 17:37:36
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 8

   Objects scanned . . . : 1.327.075
   Files scanned . . . . : 46.350
   Remnants scanned  . . : 436.804 files / 843.921 keys

Suspicious files ____________________________________________________________

   C:\HVB eFIN 4\Uninstall.exe
      Size . . . . . . . : 234.080 bytes
      Age  . . . . . . . : 470.0 days (2013-12-19 17:07:30)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 3586DEC8FB0E857C7AB30957AA7DE5A80CD810FF11B3D15F487853240E51E5AA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      References
         C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HVB eFIN 4\Deinstallieren.lnk

   C:\Users\ruhlanda\Desktop\FRST.exe
      Size . . . . . . . : 1.135.104 bytes
      Age  . . . . . . . : 5.2 days (2015-03-29 13:07:53)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 27600BC2D6D1CBBD1FA5BB7A9157ACCCF3A068A6800ED4B6DC50D24A747F6CAB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\PEV.exe
      Size . . . . . . . : 256.000 bytes
      Age  . . . . . . . : 5.1 days (2015-03-29 14:14:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -0.1s C:\Windows\SWXCACLS.exe
         -0.1s C:\Windows\SWSC.exe
         -0.1s C:\Windows\sed.exe
         -0.1s C:\Windows\grep.exe
         -0.1s C:\Windows\zip.exe
         -0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.1s C:\Windows\NIRCMD.exe
          0.1s C:\Windows\MBR.exe


Cookies _____________________________________________________________________

   C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\1xfqtfrm.default-1428074703270\cookies.sqlite:doubleclick.net
   C:\Users\Zwick\AppData\Roaming\Mozilla\Firefox\Profiles\cghmzgkk.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Zwick\AppData\Roaming\Mozilla\Firefox\Profiles\cghmzgkk.default\cookies.sqlite:apmebf.com
   C:\Users\Zwick\AppData\Roaming\Mozilla\Firefox\Profiles\cghmzgkk.default\cookies.sqlite:interclick.com

Ich konnte bei Hitman leider keine kostenlose Lizenz aktivieren. Habe die Funktion nicht gefunden...

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=62d7278950950847bd22dc299d6ff746
# engine=23223
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-03 06:41:24
# local_time=2015-04-03 08:41:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1802 16775165 100 100 26862036 198761389 26854812 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 316989 179717675 0 0
# scanned=216086
# found=3
# cleaned=0
# scan_time=10066
sh=7A95606B2B7A2ED48CCF7DC011717EB166336F60 ft=1 fh=01c9a3cbb5f9555a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Wisdom-soft ScreenHunter 5 Free\Toolbar.exe"
sh=13918FFE9267BF36BB127FC1D1F0624BCD16F534 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\16abe.msi"
sh=60BAD538AD00EBFF1F25F5C37F161FF827D89513 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\205d6ac.msi"
Code:
Results of screen317's Security Check version 0.99.99 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016) 
 Java 8 Update 40 
 Adobe Flash Player        17.0.0.134 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox (37.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 04.04.2015 09:44
Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
C:\Windows\Installer\16abe.msi
C:\Windows\Installer\205d6ac.msi
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!







Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
   


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

accr 04.04.2015 12:43
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by RuhlandA at 2015-04-04 13:13:53 Run:2
Running from C:\Users\ruhlanda\Desktop
Loaded Profiles: RuhlandA (Available profiles: RuhlandA & Zwick)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Windows\Installer\16abe.msi
C:\Windows\Installer\205d6ac.msi
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Windows\Installer\16abe.msi => Moved successfully.
C:\Windows\Installer\205d6ac.msi => Moved successfully.
EmptyTemp: => Removed 335.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:14:02 ====

M-K-D-B 04.04.2015 13:44
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:08 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131