Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojanerbefall nach DHL Phishing Mail

Trojanerbefall nach DHL Phishing Mail


Log-Analyse und Auswertung: Trojanerbefall nach DHL Phishing Mail

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.05.2014, 13:39   #1
leili1980
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Hallo Community,

ich bin neu hier und habe ein riesen Problem.
Ein Mitarbeiter in unserem kleinen Betrieb (<25 MA) hat eine phishing mail von "DHL" erhalten, dass uns ein Paket nicht zugestellt werden konnte.

er hat auf Download der Paketverfolgung geklickt und sich so einen Trojaner eingefangen.
wir haben keinen eigenen Systemadministrator, da ich normalerweise mit den meisten anfallenden Sachen selbst fertig werde (Leider nur Normalerweise)

ich wäre über jede hilfe Dankbar

ich habe OTLPE - SCAN durchgeführt und die logfiles im Anhang.
Rechner Windows 7 Professional SP1 x64


sollte ich noch etwas vergessen haben gebt mir bitte Bescheid.

Besten Dank und Grüße aus Österreich
Thomas

Alt 06.05.2014, 15:52   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 07.05.2014, 05:40   #3
leili1980
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Hier die Beiden logfiles:

first

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by peter (administrator) on HP-WS2 on 07-05-2014 06:35:21
Running from \\SBSRV\RedirectedFolders\peter\Desktop\Virusentfernung
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\SS0XRCV.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\TmListen.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\Procam\Pulse\ProcamPulseServer.exe
(Farbar) \\SBSRV\RedirectedFolders\peter\Desktop\Virusentfernung\FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [219480 2011-10-17] (Trend Micro Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-27] (IDT, Inc.)
HKLM\...\Run: [SS0XRCV] => C:\Windows\system32\spool\drivers\x64\3\SS0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-08-15] (Hewlett-Packard )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKCU - DefaultScope {3D1F3657-449F-4370-B199-239596226E57} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {26D8B5A5-957F-42CF-9EFB-731C77081ECC} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {3D1F3657-449F-4370-B199-239596226E57} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {4EE419FA-A1F6-4C39-854A-7FC7295A2193} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=B3AC2D7D-EFC7-49B1-A0F3-EF95F6A1A4FF&apn_sauid=F35DCAA1-1E94-45E4-BF2E-72E02603BFCB
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70752} https://192.168.0.10:444/officescan/console/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {9BBB3919-F518-4D06-8209-299FC243FC44} https://192.168.0.10:444/smb/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.10

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Security Agent\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Security Agent\UIFramework\Toolbar\firefoxextension [2011-10-19]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Google-Suche) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Google Mail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]

==================== Services (Whitelisted) =================

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R3 TmListen; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [1017360 2011-11-16] (Trend Micro Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [56040 2010-09-08] (Xobni Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [X]
S4 Winmgmt;  [X]

==================== Drivers (Whitelisted) ====================

S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [98304 2008-07-31] (OEM)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-06-23] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [146192 2011-06-23] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69904 2011-06-23] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-09-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-30] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [340560 2010-09-30] (Trend Micro Inc.)
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [X]
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 06:35 - 2014-05-07 06:35 - 00000000 ____D () C:\FRST
2014-05-06 21:11 - 2014-05-06 21:11 - 00077850 _____ () C:\OTL.Txt
2014-05-06 14:57 - 2014-05-06 14:57 - 00000000 ____D () C:\Users\peter\AppData\Local\CrashDumps
2014-05-06 13:47 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Adobe
2014-05-06 13:07 - 2014-05-06 13:07 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\WinRAR
2014-05-06 13:06 - 2014-05-06 13:06 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Google
2014-05-06 12:52 - 2014-05-06 12:52 - 00143728 _____ () C:\Users\thomasl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:35 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Adobe
2014-05-06 12:24 - 2014-05-06 12:24 - 00001411 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-06 12:24 - 2014-05-06 12:24 - 00000000 ____D () C:\Users\thomasl\AppData\Local\PDFC
2014-05-06 12:23 - 2014-05-06 21:08 - 00000000 ____D () C:\Users\thomasl
2014-05-06 12:23 - 2014-05-06 13:11 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 12:23 - 2014-05-06 12:24 - 00001445 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 12:23 - 2014-05-06 12:24 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-06 12:23 - 2014-05-06 12:23 - 00000020 ___SH () C:\Users\thomasl\ntuser.ini
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Vorlagen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Startmenü
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Netzwerkumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Lokale Einstellungen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Eigene Dateien
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Druckumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Verlauf
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Anwendungsdaten
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Anwendungsdaten
2014-05-06 12:23 - 2011-03-25 14:37 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Microsoft Help
2014-05-06 12:23 - 2011-03-17 12:49 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Macromedia
2014-05-06 12:23 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 12:23 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-06 09:56 - 2014-05-06 09:57 - 00000036 _____ () C:\Users\peter\AppData\Local\housecall.guid.cache
2014-05-06 08:37 - 2014-05-06 09:04 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 07:51 - 2014-05-06 07:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-06 07:25 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-06 07:25 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-06 07:25 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-06 07:25 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-06 07:24 - 2014-05-06 07:25 - 00006055 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-06 07:24 - 2014-05-06 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-06 07:03 - 2014-05-06 07:03 - 00001386 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-05-06 06:58 - 2014-05-06 06:58 - 00000000 ____D () C:\NPE
2014-05-06 06:57 - 2014-05-06 07:06 - 00000000 ____D () C:\Users\peter\AppData\Local\NPE
2014-05-05 15:53 - 2014-04-29 13:39 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 15:53 - 2014-04-29 13:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 15:53 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 15:53 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 13:23 - 2014-05-06 07:04 - 00000000 ____D () C:\Windows\asis
2014-05-05 13:23 - 2014-05-05 13:26 - 00000000 ____D () C:\ProgramData\ibunabeg
2014-05-05 13:23 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\axeb
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\peter\AppData\Roaming\SHARP
2014-04-30 14:28 - 2014-04-30 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-FAX-Treiber der Reihe SHARP MX, MX-M
2014-04-30 14:27 - 2012-10-09 04:17 - 00180320 _____ () C:\Windows\_isusr32.dll
2014-04-30 14:27 - 2010-05-28 08:30 - 00032768 ____N () C:\Windows\SysWOW64\_isusr2k.dll
2014-04-30 14:25 - 2014-04-30 14:27 - 00000000 ____D () C:\Windows\SysWOW64\SCDRV
2014-04-30 14:25 - 2014-04-30 14:25 - 00000000 ____D () C:\Users\peter\AppData\Roaming\InstallShield
2014-04-09 16:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 16:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 16:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 16:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 16:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 16:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 16:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 16:13 - 2014-03-08 06:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 16:13 - 2014-03-08 05:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 16:13 - 2014-03-08 05:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 16:13 - 2014-03-08 05:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 16:13 - 2014-03-08 05:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 16:13 - 2014-03-08 05:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 16:13 - 2014-03-08 05:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 16:13 - 2014-03-08 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 16:13 - 2014-03-08 05:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 16:13 - 2014-03-08 05:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 16:13 - 2014-03-08 05:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 16:13 - 2014-03-08 05:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 16:13 - 2014-03-08 05:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 16:13 - 2014-03-08 05:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 16:13 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 16:13 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 16:13 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 16:13 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 16:13 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 16:13 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-09 16:13 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 16:13 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 16:13 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 16:13 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 16:13 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 16:13 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 16:13 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-09 16:13 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== One Month Modified Files and Folders =======

2014-05-07 06:35 - 2014-05-07 06:35 - 00000000 ____D () C:\FRST
2014-05-07 06:28 - 2012-04-03 05:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 06:24 - 2011-03-17 12:35 - 01297691 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 06:21 - 2013-02-14 18:26 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 06:20 - 2013-02-14 18:26 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 05:36 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 05:36 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 05:28 - 2011-03-25 13:29 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-05-07 05:28 - 2011-03-17 12:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-07 05:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 05:28 - 2009-07-14 06:51 - 00097912 _____ () C:\Windows\setupact.log
2014-05-06 21:11 - 2014-05-06 21:11 - 00077850 _____ () C:\OTL.Txt
2014-05-06 21:08 - 2014-05-06 12:23 - 00000000 ____D () C:\Users\thomasl
2014-05-06 21:08 - 2012-12-18 11:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-06 21:08 - 2011-10-08 01:57 - 00000000 ____D () C:\Users\administrator
2014-05-06 21:08 - 2011-03-25 13:31 - 00000000 ____D () C:\Users\peter
2014-05-06 21:08 - 2011-03-25 13:03 - 00000000 ____D () C:\Users\admin
2014-05-06 15:24 - 2011-03-25 13:34 - 00000000 ____D () C:\PTW
2014-05-06 14:57 - 2014-05-06 14:57 - 00000000 ____D () C:\Users\peter\AppData\Local\CrashDumps
2014-05-06 13:47 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Adobe
2014-05-06 13:47 - 2014-05-06 12:35 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Adobe
2014-05-06 13:11 - 2014-05-06 12:23 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 13:07 - 2014-05-06 13:07 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\WinRAR
2014-05-06 13:06 - 2014-05-06 13:06 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Google
2014-05-06 12:52 - 2014-05-06 12:52 - 00143728 _____ () C:\Users\thomasl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:38 - 2011-03-25 13:21 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-06 12:24 - 2014-05-06 12:24 - 00001411 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-06 12:24 - 2014-05-06 12:24 - 00000000 ____D () C:\Users\thomasl\AppData\Local\PDFC
2014-05-06 12:24 - 2014-05-06 12:23 - 00001445 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 12:24 - 2014-05-06 12:23 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-06 12:24 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-06 12:23 - 2014-05-06 12:23 - 00000020 ___SH () C:\Users\thomasl\ntuser.ini
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Vorlagen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Startmenü
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Netzwerkumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Lokale Einstellungen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Eigene Dateien
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Druckumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Verlauf
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Anwendungsdaten
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Anwendungsdaten
2014-05-06 10:58 - 2013-11-14 10:59 - 00000000 ____D () C:\Windows\pss
2014-05-06 09:57 - 2014-05-06 09:56 - 00000036 _____ () C:\Users\peter\AppData\Local\housecall.guid.cache
2014-05-06 09:04 - 2014-05-06 08:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 08:59 - 2012-09-11 04:55 - 00238128 _____ () C:\Windows\RegBootClean64.exe
2014-05-06 08:05 - 2011-03-17 12:44 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-06 07:51 - 2014-05-06 07:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-06 07:25 - 2014-05-06 07:24 - 00006055 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-06 07:25 - 2013-06-28 06:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-06 07:24 - 2014-05-06 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-06 07:06 - 2014-05-06 06:57 - 00000000 ____D () C:\Users\peter\AppData\Local\NPE
2014-05-06 07:04 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\asis
2014-05-06 07:03 - 2014-05-06 07:03 - 00001386 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-05-06 06:58 - 2014-05-06 06:58 - 00000000 ____D () C:\NPE
2014-05-06 06:58 - 2012-11-13 05:43 - 00000000 ____D () C:\Program Files\Google
2014-05-06 06:58 - 2012-11-13 05:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-06 06:58 - 2011-03-17 12:32 - 00971596 _____ () C:\Windows\PFRO.log
2014-05-06 06:57 - 2011-03-17 12:50 - 00000000 ____D () C:\ProgramData\Norton
2014-05-06 06:52 - 2012-11-13 05:43 - 00000000 ____D () C:\Users\peter\AppData\Local\Google
2014-05-05 13:26 - 2014-05-05 13:23 - 00000000 ____D () C:\ProgramData\ibunabeg
2014-05-05 13:25 - 2011-10-27 15:03 - 00000000 ____D () C:\ProgramData\Sun
2014-05-05 13:23 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\axeb
2014-05-05 06:01 - 2011-07-11 05:00 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForpeter
2014-05-05 06:01 - 2011-07-11 05:00 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForpeter.job
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\peter\AppData\Roaming\SHARP
2014-04-30 14:28 - 2014-04-30 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-FAX-Treiber der Reihe SHARP MX, MX-M
2014-04-30 14:27 - 2014-04-30 14:25 - 00000000 ____D () C:\Windows\SysWOW64\SCDRV
2014-04-30 14:25 - 2014-04-30 14:25 - 00000000 ____D () C:\Users\peter\AppData\Roaming\InstallShield
2014-04-30 14:25 - 2011-03-17 12:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-30 10:42 - 2011-03-25 14:17 - 00000000 ____D () C:\Program Files (x86)\lp
2014-04-29 13:39 - 2014-05-05 15:53 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 13:15 - 2014-05-05 15:53 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 12:28 - 2014-05-05 15:53 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 12:07 - 2014-05-05 15:53 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 05:28 - 2012-04-03 05:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 05:28 - 2012-04-03 05:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 05:28 - 2011-05-18 06:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 05:04 - 2011-06-16 05:04 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP-WS2$
2014-04-16 05:04 - 2011-06-16 05:04 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForHP-WS2$.job
2014-04-14 20:13 - 2014-05-06 07:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-05-06 07:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-05-06 07:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-05-06 07:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-09 16:15 - 2011-03-25 13:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 04:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\0r7tg4j6.fee
C:\ProgramData\lsass.exe
C:\ProgramData\rjvjwbh3.fee
C:\ProgramData\wl8z17tmq9.bxx
C:\ProgramData\wl8z17tmq9.fdd
C:\ProgramData\wl8z17tmq9.fvv
C:\ProgramData\wl8z17tmq9.reg


Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\MSN360F.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 12:18

==================== End Of Log ============================
--- --- ---

--- --- ---


addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by peter at 2014-05-07 06:36:42
Running from \\SBSRV\RedirectedFolders\peter\Desktop\Virusentfernung
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
AutoCAD Mechanical 2011 (HKLM\...\AutoCAD Mechanical 2011) (Version: 15.0.46.0 - Autodesk)
AutoCAD Mechanical 2011 (Version: 15.0.106.0 - Autodesk) Hidden
AutoCAD Mechanical 2011 Language Pack - Deutsch (Version: 15.0.46.0 - Autodesk) Hidden
AutoCAD Mechanical 2011 Version 2 (HKLM\...\AutoCAD Mechanical 2011 Version 2) (Version: 1 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP Managed Printing Admin (HKLM-x32\...\{7CA4F780-7AD0-417A-82A1-46EB825CFD53}) (Version: 2.5.9 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.14.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{05BA6A83-C7A7-4F85-88F1-150142305229}) (Version: 8.5.4489.3576 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.84 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.84 - InterVideo Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.58 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6658 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.58 (Version: 266.58 - NVIDIA Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v5.1 (HKLM-x32\...\{782AE8DA-30DA-44bd-BA9A-9F23B8A4AC79}) (Version: 5.1 - Spigot, Inc.) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
SHARP MX/MX-M Series 2 PC-Fax Driver (HKLM-x32\...\SHARP MX-2610 3110 3610 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 7.0.2316 - Trend Micro Deutschland GmbH)
Trend Micro Worry-Free Business Security Agent (x32 Version: 1.0.0 - Trend Micro Inc.) Hidden
Two Worlds Pinball (HKLM-x32\...\Two Worlds Pinball) (Version: 1.00 - TopWare Interactive Inc.)
UCSetup_x64 (HKLM\...\{5CBB1682-C04D-49DF-B276-AE51351BF53E}) (Version: 1.9.935 - ProCAM Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.14766 - VMware, Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.6 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Xobni (HKLM-x32\...\XobniMain) (Version:  - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-06 07:03 - 00000054 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04363ACD-4452-4BF9-84C6-49EFC734D70A} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-1267364221-3491172544-2080735027-1151\{750FDF10-2A26-11D1-A3EA-080036587F03}\synch1 => C:\Windows\system32\mobsync.exe [2010-11-20] (Microsoft Corporation)
Task: {0937458F-66DF-4011-AAFA-991384448AFC} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {16370226-CB61-4E93-B00C-A1456DF2CA6E} - System32\Tasks\HPCeeScheduleForHP-WS2$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {97D4E97A-9ECD-4894-9608-A51E27100ADD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {99ED95DC-2992-4208-A9A9-4A7D1B8D8776} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {99FDB315-5094-47D1-AC5D-79B8197094FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B83744A8-87A0-4AC4-95EE-FC6D0DC4AF41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D7D23873-CE8F-4B76-81C7-02B92808285D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E7AB5176-23BA-4D08-A3EB-98E2B813CC2D} - System32\Tasks\HPCeeScheduleForpeter => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {EEB47667-FBDF-4F79-B225-FC3A1D1F8AB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {F251DAB6-6C23-4F05-9568-2A582BC9CA52} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
Task: {F8ECD179-CCD7-40FD-A676-E857FB0574D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHP-WS2$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpeter.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-20 12:34 - 2012-12-04 21:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2011-10-19 17:06 - 2009-07-08 19:03 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-10-19 17:06 - 2009-07-08 19:06 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2011-10-19 17:06 - 2011-01-03 22:53 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2011-10-19 17:06 - 2011-01-03 22:53 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2012-02-21 08:17 - 2011-10-05 10:16 - 00289056 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2012-02-21 08:17 - 2011-11-10 17:37 - 00691728 _____ () C:\Program Files\Trend Micro\Security Agent\plugin\plugToolbar.dll
2011-03-17 12:45 - 2009-02-28 04:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2011-03-17 12:45 - 2009-07-02 23:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2011-10-20 07:04 - 2011-01-03 15:54 - 00047104 _____ () C:\Program Files\Trend Micro\Security Agent\boost_thread-vc80-mt-1_36.dll
2011-10-20 07:04 - 2011-01-03 15:54 - 00042496 _____ () C:\Program Files\Trend Micro\Security Agent\boost_date_time-vc80-mt-1_36.dll
2012-02-21 08:17 - 2011-11-16 14:59 - 00176640 _____ () C:\Program Files\Trend Micro\Security Agent\libTmHttpServer.dll
2012-02-21 08:17 - 2011-11-16 14:59 - 00167424 _____ () C:\Program Files\Trend Micro\Security Agent\libTmHttpClient.dll
2013-11-20 12:34 - 2012-12-04 21:33 - 02672128 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL
2013-11-20 12:34 - 2012-12-04 21:33 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030GC.dll
2013-11-20 12:34 - 2012-12-04 21:33 - 00341504 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SD.DLL
2009-07-10 09:26 - 2009-07-10 09:26 - 01123840 _____ () C:\Program Files\Procam\Pulse\ProcamPulseServer.exe
2011-03-17 12:45 - 2009-02-20 02:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2012-02-21 08:17 - 2011-11-10 17:37 - 00579088 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarHelper.dll
2012-02-21 08:17 - 2011-01-03 15:53 - 00049152 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\boost_thread-vc80-mt-1_36.dll
2012-02-21 08:17 - 2011-01-03 15:53 - 00057344 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\boost_date_time-vc80-mt-1_36.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: epqlopul => "C:\Windows\iwyh\sbahibis.exe"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: ibyhawkb => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: keagobomipis => C:\Users\peter\keagobomipis.exe
MSCONFIG\startupreg: okehutlb => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: ozuhecwj => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: ygakyckt => "C:\Windows\esof\uhekozuc.exe"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2014 02:57:13 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0xd68
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (05/06/2014 00:34:56 PM) (Source: System Restore) (User: ) (EventID: 8210)
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x80070057.

Error: (05/06/2014 00:29:27 PM) (Source: System Restore) (User: ) (EventID: 8210)
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070057.

Error: (05/06/2014 11:04:55 AM) (Source: System Restore) (User: ) (EventID: 8210)
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Installiert PC-FAX-Treiber der Reihe SHARP MX). Zusätzliche Informationen: 0x80070057.

Error: (05/06/2014 09:03:16 AM) (Source: System Restore) (User: ) (EventID: 8210)
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070057.

Error: (05/06/2014 08:58:17 AM) (Source: System Restore) (User: ) (EventID: 8210)
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Installiert PC-FAX-Treiber der Reihe SHARP MX). Zusätzliche Informationen: 0x80070057.

Error: (05/06/2014 06:52:04 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: msi.dll, Version: 5.0.7601.17514, Zeitstempel: 0x4ce7c800
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000001ebca2
ID des fehlerhaften Prozesses: 0xf94
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/05/2014 02:29:39 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x1b68
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (05/05/2014 10:02:53 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x1c5c
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (05/05/2014 09:38:33 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0xf54
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3


System errors:
=============
Error: (05/07/2014 06:13:11 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Security Center" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/07/2014 06:12:41 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Security Center" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/07/2014 05:31:37 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Security Center" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/07/2014 05:31:07 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Security Center" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/07/2014 05:31:05 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Security Center" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/07/2014 05:30:37 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Security Center" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/07/2014 05:30:35 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Security Center" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/07/2014 05:29:31 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/07/2014 05:29:31 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst XobniService erreicht.

Error: (05/07/2014 05:29:14 AM) (Source: Microsoft-Windows-GroupPolicy) (User: KEPP) (EventID: 1065)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der WMI-Filter (Windows Management Instrumentation) für das Gruppenrichtlinienobjekt "CN={FE6033C2-2B81-4B7D-8134-4C47A4F05689},CN=POLICIES,CN=SYSTEM,DC=KEPP,DC=LOCAL" konnte nicht ausgewertet werden. Dies kann darauf zurückzuführen sein, dass RSoP deaktiviert ist, oder dass der WMI-Dienst deaktiviert oder angehalten wurde, bzw. andere WMI-Fehler aufgetreten sind. Stellen Sie sicher, dass der WMI-Dienst gestartet ist und dass der Starttyp auf automatischen Start festgelegt ist. Neue Gruppenrichtlinienobjekte oder -einstellungen werden nicht verarbeitet, bis dieses Ereignis behoben wurde.


Microsoft Office Sessions:
=========================
Error: (10/20/2011 07:08:26 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6714 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/21/2011 10:12:10 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19001 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (08/02/2011 05:50:56 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3442 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/21/2011 07:33:19 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 9504 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (06/04/2011 10:24:54 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 240 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/30/2011 05:40:04 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 153 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 4078.54 MB
Available physical RAM: 2391.63 MB
Total Pagefile: 8155.27 MB
Available Pagefile: 6204.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.45 GB) (Free:846.68 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive p: (Daten) (Network) (Total:441.99 GB) (Free:128.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2B0F2E58)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================
besten Dank für die rasche Antwort. Ich hoffe so kann damit gearbeitet werden

mfg
Thomas
__________________
Alt 07.05.2014, 17:41   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Zitat:
Running from \\SBSRV\RedirectedFolders\peter\Desktop\Virusentfernung
Von wo genau hast Du FRST laufen lassen?


Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.05.2014, 08:35   #5
leili1980
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Ich habe FRST vom Desktop laufen lassen, bei diesem Rechner liegen die Eigenen Dateien und der Desktop am Server.

Hallo,

hier das logfile von Combofix
[CODE]

Combofix Logfile:
Code:
ATTFilter
ComboFix 14-05-07.03 - peter 08.05.2014   8:44.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.4079.2510 [GMT 2:00]
ausgeführt von:: \\SBSRV\RedirectedFolders\peter\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\lsass.exe
C:\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-08 bis 2014-05-08  ))))))))))))))))))))))))))))))
.
.
2014-05-08 06:49 . 2014-05-08 06:49	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2014-05-08 06:49 . 2014-05-08 06:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-08 06:49 . 2014-05-08 06:49	--------	d-----w-	c:\users\administrator\AppData\Local\temp
2014-05-08 06:49 . 2014-05-08 06:49	--------	d-----w-	c:\users\admin\AppData\Local\temp
2014-05-08 05:57 . 2014-05-08 05:57	--------	d-----w-	c:\programdata\GroupPolicy
2014-05-08 04:55 . 2014-05-08 04:55	--------	d-----w-	c:\programdata\PDFC
2014-05-08 04:47 . 2014-05-08 04:47	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-05-07 04:35 . 2014-05-07 04:37	--------	d-----w-	C:\FRST
2014-05-06 12:57 . 2014-05-06 12:57	--------	d-----w-	c:\users\peter\AppData\Local\CrashDumps
2014-05-06 10:23 . 2014-05-06 19:08	--------	d-----w-	c:\users\thomasl
2014-05-06 05:51 . 2014-05-06 05:51	--------	d-----w-	c:\programdata\Oracle
2014-05-06 05:25 . 2014-05-06 05:25	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-05-06 05:25 . 2014-04-14 18:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-06 04:58 . 2014-05-06 04:58	--------	d-----w-	C:\NPE
2014-05-06 04:57 . 2014-05-06 05:06	--------	d-----w-	c:\users\peter\AppData\Local\NPE
2014-05-05 13:53 . 2014-04-29 11:15	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-05 13:53 . 2014-04-29 10:07	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-05 13:53 . 2014-04-29 11:39	17849344	----a-w-	c:\windows\system32\mshtml.dll
2014-05-05 11:23 . 2014-05-06 05:04	--------	d-----w-	c:\windows\asis
2014-05-05 11:23 . 2014-05-05 11:23	--------	d-----w-	c:\windows\axeb
2014-05-05 11:23 . 2014-05-05 11:26	--------	d-----w-	c:\programdata\ibunabeg
2014-04-30 12:29 . 2014-04-30 12:29	--------	d-----w-	c:\users\peter\AppData\Roaming\SHARP
2014-04-30 12:27 . 2012-10-09 02:17	180320	----a-w-	c:\windows\_isusr32.dll
2014-04-30 12:27 . 2010-05-28 06:30	32768	------w-	c:\windows\SysWow64\_isusr2k.dll
2014-04-30 12:25 . 2014-04-30 12:27	--------	d-----w-	c:\windows\SysWow64\SCDRV
2014-04-30 12:25 . 2014-04-30 12:25	--------	d-----w-	c:\users\peter\AppData\Roaming\InstallShield
2014-04-30 04:46 . 2014-04-17 03:31	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C28700DF-C0D4-4CBC-9660-B822635C08A1}\mpengine.dll
2014-04-09 14:14 . 2014-03-04 09:44	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-04-09 14:14 . 2014-03-04 09:17	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-04-09 14:14 . 2014-03-04 09:44	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-04-09 14:14 . 2014-03-04 09:44	243712	----a-w-	c:\windows\system32\wow64.dll
2014-04-09 14:14 . 2014-03-04 09:44	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-04-09 14:14 . 2014-03-04 09:16	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-04-09 14:14 . 2014-03-04 09:16	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-04-09 14:14 . 2014-03-04 08:09	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-04-09 14:14 . 2014-03-04 08:09	2048	----a-w-	c:\windows\SysWow64\user.exe
2014-04-09 14:14 . 2014-03-04 09:44	1163264	----a-w-	c:\windows\system32\kernel32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-06 06:59 . 2012-09-11 02:55	238128	----a-w-	c:\windows\RegBootClean64.exe
2014-04-29 03:28 . 2012-04-03 03:29	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 03:28 . 2011-05-18 04:12	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-09 14:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-02-28 05:03 . 2013-11-14 07:38	23088	----a-w-	c:\windows\DCEBoot64.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-08 13:55	1520776	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1267364221-3491172544-2080735027-1151\Scripts\Logon\0\0]
"Script"=\\kepp.local\SysVol\kepp.local\scripts\netlogon.bat
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys;c:\windows\SYSNATIVE\DRIVERS\OxPPort.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 03:20	1078088	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 03:28]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 16:26]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 16:26]
.
2014-04-16 c:\windows\Tasks\HPCeeScheduleForHP-WS2$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-05-05 c:\windows\Tasks\HPCeeScheduleForpeter.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-17 219480]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-27 489472]
"SS0XRCV"="c:\windows\system32\spool\drivers\x64\3\SS0XRCV.exe" [2006-10-23 102400]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-08-15 37888]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.10
DPF: {00134F72-5284-44F7-95A8-52A619F70752} - hxxps://192.168.0.10:444/officescan/console/ClientInstall/WinNTChk.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://192.168.0.10:444/smb/console/html/root/AtxEnc.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-08  08:50:44
ComboFix-quarantined-files.txt  2014-05-08 06:50
ComboFix2.txt  2014-05-08 06:01
.
Vor Suchlauf: 19 Verzeichnis(se), 908.924.416.000 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 908.826.509.312 Bytes frei
.
- - End Of File - - 6F825F45D674700C90246B91A9E80CE8
--- --- ---


Danke


Alt 09.05.2014, 08:38   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Trojanerbefall nach DHL Phishing Mail

Alt 09.05.2014, 10:04   #7
leili1980
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Hallo,

hier die Log Files:

mbam.txt
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.05.2014
Suchlauf-Zeit: 10:33:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.09.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: peter

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 395532
Verstrichene Zeit: 13 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-1267364221-3491172544-2080735027-1151-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [ef1148b855abd82843b4f9876999d12f], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
adwcleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.207 - Bericht erstellt am 09/05/2014 um 10:46:22
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : peter - HP-WS2
# Gestartet von : \\SBSRV\RedirectedFolders\peter\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\administrator\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\administrator\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\peter\AppData\Local\apn
Ordner Gelöscht : C:\Users\peter\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\peter\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_monster-fair[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_monster-fair[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visual-pinball[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visual-pinball[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000027&locale=de_US&apn_uid=B3AC2D7D-EFC7-49B1-A0F3-EF95F6A1A4FF&apn_ptnrs=U3&apn_sauid=F35DCAA1-1E94-45E4-BF2E-72E02603BFCB&apn_dtid=OSJ000YYAT&q={searchTerms}

[ Datei : C:\Users\thomasl\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5793 octets] - [09/05/2014 10:41:05]
AdwCleaner[S0].txt - [5194 octets] - [09/05/2014 10:46:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5254 octets] ##########
--- --- ---


jrt.txt:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by peter on 09.05.2014 at 10:49:35,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2014 at 10:53:15,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST in der nächsten Antwort

Hier noch FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by peter (administrator) on HP-WS2 on 09-05-2014 10:56:38
Running from \\SBSRV\RedirectedFolders\peter\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\SS0XRCV.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) \\SBSRV\RedirectedFolders\peter\Desktop\FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [219480 2011-10-17] (Trend Micro Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-27] (IDT, Inc.)
HKLM\...\Run: [SS0XRCV] => C:\Windows\system32\spool\drivers\x64\3\SS0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-08-15] (Hewlett-Packard )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {3D1F3657-449F-4370-B199-239596226E57} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {3D1F3657-449F-4370-B199-239596226E57} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70752} https://192.168.0.10:444/officescan/console/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {9BBB3919-F518-4D06-8209-299FC243FC44} https://192.168.0.10:444/smb/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.10

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Security Agent\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Security Agent\UIFramework\Toolbar\firefoxextension [2011-10-19]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Google-Suche) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Google Mail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]

==================== Services (Whitelisted) =================

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 TmListen; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [1017360 2011-11-16] (Trend Micro Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [X]
S2 XobniService; "C:\Program Files (x86)\Xobni\XobniService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [98304 2008-07-31] (OEM)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-06-23] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [146192 2011-06-23] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69904 2011-06-23] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-09-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-30] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [340560 2010-09-30] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [X]
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 10:49 - 2014-05-09 10:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 10:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-09 10:40 - 2014-05-09 10:46 - 00000000 ____D () C:\AdwCleaner
2014-05-09 10:18 - 2014-05-09 10:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-09 10:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 10:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 10:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 08:50 - 2014-05-08 08:50 - 00017582 _____ () C:\ComboFix.txt
2014-05-08 07:57 - 2014-05-08 07:57 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-05-08 06:58 - 2014-05-08 08:50 - 00000000 ____D () C:\Qoobox
2014-05-08 06:58 - 2014-05-08 07:59 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 06:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-08 06:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-08 06:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-08 06:55 - 2014-05-08 06:55 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-08 06:47 - 2014-05-08 06:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-07 06:35 - 2014-05-09 10:56 - 00000000 ____D () C:\FRST
2014-05-06 21:11 - 2014-05-06 21:11 - 00077850 _____ () C:\OTL.Txt
2014-05-06 14:57 - 2014-05-09 06:34 - 00000000 ____D () C:\Users\peter\AppData\Local\CrashDumps
2014-05-06 13:47 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Adobe
2014-05-06 13:07 - 2014-05-06 13:07 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\WinRAR
2014-05-06 13:06 - 2014-05-06 13:06 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Google
2014-05-06 12:52 - 2014-05-06 12:52 - 00143728 _____ () C:\Users\thomasl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:35 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Adobe
2014-05-06 12:24 - 2014-05-06 12:24 - 00001411 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-06 12:24 - 2014-05-06 12:24 - 00000000 ____D () C:\Users\thomasl\AppData\Local\PDFC
2014-05-06 12:23 - 2014-05-06 21:08 - 00000000 ____D () C:\Users\thomasl
2014-05-06 12:23 - 2014-05-06 13:11 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 12:23 - 2014-05-06 12:24 - 00001445 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 12:23 - 2014-05-06 12:24 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-06 12:23 - 2014-05-06 12:23 - 00000020 ___SH () C:\Users\thomasl\ntuser.ini
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Vorlagen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Startmenü
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Netzwerkumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Lokale Einstellungen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Eigene Dateien
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Druckumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Verlauf
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Anwendungsdaten
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Anwendungsdaten
2014-05-06 12:23 - 2011-03-25 14:37 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Microsoft Help
2014-05-06 12:23 - 2011-03-17 12:49 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Macromedia
2014-05-06 12:23 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 12:23 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-06 09:56 - 2014-05-06 09:57 - 00000036 _____ () C:\Users\peter\AppData\Local\housecall.guid.cache
2014-05-06 08:37 - 2014-05-06 09:04 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 07:51 - 2014-05-06 07:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-06 07:25 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-06 07:25 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-06 07:25 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-06 07:25 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-06 07:24 - 2014-05-06 07:25 - 00006055 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-06 07:24 - 2014-05-06 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-06 07:03 - 2014-05-06 07:03 - 00001386 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-05-06 06:58 - 2014-05-06 06:58 - 00000000 ____D () C:\NPE
2014-05-06 06:57 - 2014-05-06 07:06 - 00000000 ____D () C:\Users\peter\AppData\Local\NPE
2014-05-05 15:53 - 2014-04-29 13:39 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 15:53 - 2014-04-29 13:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 15:53 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 15:53 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 13:23 - 2014-05-06 07:04 - 00000000 ____D () C:\Windows\asis
2014-05-05 13:23 - 2014-05-05 13:26 - 00000000 ____D () C:\ProgramData\ibunabeg
2014-05-05 13:23 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\axeb
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\peter\AppData\Roaming\SHARP
2014-04-30 14:28 - 2014-04-30 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-FAX-Treiber der Reihe SHARP MX, MX-M
2014-04-30 14:27 - 2012-10-09 04:17 - 00180320 _____ () C:\Windows\_isusr32.dll
2014-04-30 14:27 - 2010-05-28 08:30 - 00032768 ____N () C:\Windows\SysWOW64\_isusr2k.dll
2014-04-30 14:25 - 2014-04-30 14:27 - 00000000 ____D () C:\Windows\SysWOW64\SCDRV
2014-04-30 14:25 - 2014-04-30 14:25 - 00000000 ____D () C:\Users\peter\AppData\Roaming\InstallShield
2014-04-09 16:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 16:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 16:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 16:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 16:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 16:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 16:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 16:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 16:13 - 2014-03-08 06:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 16:13 - 2014-03-08 05:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 16:13 - 2014-03-08 05:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 16:13 - 2014-03-08 05:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 16:13 - 2014-03-08 05:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 16:13 - 2014-03-08 05:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 16:13 - 2014-03-08 05:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 16:13 - 2014-03-08 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 16:13 - 2014-03-08 05:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 16:13 - 2014-03-08 05:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 16:13 - 2014-03-08 05:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 16:13 - 2014-03-08 05:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 16:13 - 2014-03-08 05:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 16:13 - 2014-03-08 05:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 16:13 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 16:13 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 16:13 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 16:13 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 16:13 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 16:13 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-09 16:13 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 16:13 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 16:13 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 16:13 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 16:13 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 16:13 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 16:13 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-09 16:13 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== One Month Modified Files and Folders =======

2014-05-09 10:56 - 2014-05-07 06:35 - 00000000 ____D () C:\FRST
2014-05-09 10:54 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 10:54 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 10:53 - 2011-03-17 13:13 - 00746422 _____ () C:\Windows\system32\perfh007.dat
2014-05-09 10:53 - 2011-03-17 13:13 - 00162016 _____ () C:\Windows\system32\perfc007.dat
2014-05-09 10:53 - 2009-07-14 07:13 - 01733610 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 10:49 - 2014-05-09 10:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 10:49 - 2011-03-17 12:35 - 02082670 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 10:47 - 2014-05-09 10:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 10:47 - 2013-02-14 18:26 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-09 10:47 - 2011-03-25 13:29 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-05-09 10:47 - 2011-03-17 12:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-09 10:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 10:47 - 2009-07-14 06:51 - 00098304 _____ () C:\Windows\setupact.log
2014-05-09 10:46 - 2014-05-09 10:40 - 00000000 ____D () C:\AdwCleaner
2014-05-09 10:46 - 2011-03-17 12:32 - 00973670 _____ () C:\Windows\PFRO.log
2014-05-09 10:28 - 2012-04-03 05:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-09 10:25 - 2013-02-14 18:26 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-09 08:14 - 2011-03-25 13:34 - 00000000 ____D () C:\PTW
2014-05-09 06:34 - 2014-05-06 14:57 - 00000000 ____D () C:\Users\peter\AppData\Local\CrashDumps
2014-05-08 10:33 - 2012-11-15 06:07 - 00000000 ____D () C:\Firefox
2014-05-08 09:38 - 2011-03-17 12:45 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-05-08 08:50 - 2014-05-08 08:50 - 00017582 _____ () C:\ComboFix.txt
2014-05-08 08:50 - 2014-05-08 06:58 - 00000000 ____D () C:\Qoobox
2014-05-08 08:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-08 08:01 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-08 07:59 - 2014-05-08 06:58 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 07:57 - 2014-05-08 07:57 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-05-08 07:57 - 2013-11-14 10:24 - 00000834 __RSH () C:\Users\peter\ntuser.pol
2014-05-08 07:57 - 2011-03-25 13:31 - 00000000 ____D () C:\Users\peter
2014-05-08 06:55 - 2014-05-08 06:55 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-08 06:55 - 2011-03-17 12:44 - 00000000 ____D () C:\Program Files (x86)\PDF Complete
2014-05-08 06:54 - 2011-03-25 14:10 - 00000000 ____D () C:\Users\peter\AppData\Local\Xobni
2014-05-08 06:47 - 2014-05-08 06:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-08 06:20 - 2013-02-14 18:26 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 06:20 - 2013-02-14 18:26 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 21:11 - 2014-05-06 21:11 - 00077850 _____ () C:\OTL.Txt
2014-05-06 21:08 - 2014-05-06 12:23 - 00000000 ____D () C:\Users\thomasl
2014-05-06 21:08 - 2012-12-18 11:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-06 21:08 - 2011-10-08 01:57 - 00000000 ____D () C:\Users\administrator
2014-05-06 21:08 - 2011-03-25 13:03 - 00000000 ____D () C:\Users\admin
2014-05-06 13:47 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Adobe
2014-05-06 13:47 - 2014-05-06 12:35 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Adobe
2014-05-06 13:11 - 2014-05-06 12:23 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 13:07 - 2014-05-06 13:07 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\WinRAR
2014-05-06 13:06 - 2014-05-06 13:06 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Google
2014-05-06 12:52 - 2014-05-06 12:52 - 00143728 _____ () C:\Users\thomasl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:38 - 2011-03-25 13:21 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-06 12:24 - 2014-05-06 12:24 - 00001411 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-06 12:24 - 2014-05-06 12:24 - 00000000 ____D () C:\Users\thomasl\AppData\Local\PDFC
2014-05-06 12:24 - 2014-05-06 12:23 - 00001445 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 12:24 - 2014-05-06 12:23 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-06 12:24 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-06 12:23 - 2014-05-06 12:23 - 00000020 ___SH () C:\Users\thomasl\ntuser.ini
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Vorlagen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Startmenü
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Netzwerkumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Lokale Einstellungen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Eigene Dateien
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Druckumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Verlauf
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Anwendungsdaten
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Anwendungsdaten
2014-05-06 10:58 - 2013-11-14 10:59 - 00000000 ____D () C:\Windows\pss
2014-05-06 09:57 - 2014-05-06 09:56 - 00000036 _____ () C:\Users\peter\AppData\Local\housecall.guid.cache
2014-05-06 09:04 - 2014-05-06 08:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 08:59 - 2012-09-11 04:55 - 00238128 _____ () C:\Windows\RegBootClean64.exe
2014-05-06 07:51 - 2014-05-06 07:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-06 07:25 - 2014-05-06 07:24 - 00006055 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-06 07:25 - 2013-06-28 06:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-06 07:24 - 2014-05-06 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-06 07:06 - 2014-05-06 06:57 - 00000000 ____D () C:\Users\peter\AppData\Local\NPE
2014-05-06 07:04 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\asis
2014-05-06 07:03 - 2014-05-06 07:03 - 00001386 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-05-06 06:58 - 2014-05-06 06:58 - 00000000 ____D () C:\NPE
2014-05-06 06:58 - 2012-11-13 05:43 - 00000000 ____D () C:\Program Files\Google
2014-05-06 06:58 - 2012-11-13 05:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-06 06:57 - 2011-03-17 12:50 - 00000000 ____D () C:\ProgramData\Norton
2014-05-06 06:52 - 2012-11-13 05:43 - 00000000 ____D () C:\Users\peter\AppData\Local\Google
2014-05-05 13:26 - 2014-05-05 13:23 - 00000000 ____D () C:\ProgramData\ibunabeg
2014-05-05 13:25 - 2011-10-27 15:03 - 00000000 ____D () C:\ProgramData\Sun
2014-05-05 13:23 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\axeb
2014-05-05 06:01 - 2011-07-11 05:00 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForpeter
2014-05-05 06:01 - 2011-07-11 05:00 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForpeter.job
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\peter\AppData\Roaming\SHARP
2014-04-30 14:28 - 2014-04-30 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-FAX-Treiber der Reihe SHARP MX, MX-M
2014-04-30 14:27 - 2014-04-30 14:25 - 00000000 ____D () C:\Windows\SysWOW64\SCDRV
2014-04-30 14:25 - 2014-04-30 14:25 - 00000000 ____D () C:\Users\peter\AppData\Roaming\InstallShield
2014-04-30 14:25 - 2011-03-17 12:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-29 13:39 - 2014-05-05 15:53 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 13:15 - 2014-05-05 15:53 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 12:28 - 2014-05-05 15:53 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 12:07 - 2014-05-05 15:53 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 05:28 - 2012-04-03 05:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 05:28 - 2012-04-03 05:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 05:28 - 2011-05-18 06:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 05:04 - 2011-06-16 05:04 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP-WS2$
2014-04-16 05:04 - 2011-06-16 05:04 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForHP-WS2$.job
2014-04-14 20:13 - 2014-05-06 07:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-05-06 07:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-05-06 07:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-05-06 07:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-09 16:15 - 2011-03-25 13:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 04:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\0r7tg4j6.fee
C:\ProgramData\rjvjwbh3.fee
C:\ProgramData\wl8z17tmq9.bxx
C:\ProgramData\wl8z17tmq9.fvv
C:\ProgramData\wl8z17tmq9.reg


Some content of TEMP:
====================
C:\Users\peter\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 07:10

==================== End Of Log ============================
--- --- ---

--- --- ---


und Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by peter at 2014-05-09 10:56:50
Running from \\SBSRV\RedirectedFolders\peter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Security Agent (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Security Agent (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AutoCAD Mechanical 2011 (HKLM\...\AutoCAD Mechanical 2011) (Version: 15.0.46.0 - Autodesk)
AutoCAD Mechanical 2011 (Version: 15.0.106.0 - Autodesk) Hidden
AutoCAD Mechanical 2011 Language Pack - Deutsch (Version: 15.0.46.0 - Autodesk) Hidden
AutoCAD Mechanical 2011 Version 2 (HKLM\...\AutoCAD Mechanical 2011 Version 2) (Version: 1 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP Managed Printing Admin (HKLM-x32\...\{7CA4F780-7AD0-417A-82A1-46EB825CFD53}) (Version: 2.5.9 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.14.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{05BA6A83-C7A7-4F85-88F1-150142305229}) (Version: 8.5.4489.3576 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.84 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.84 - InterVideo Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.58 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6658 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.58 (Version: 266.58 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHARP MX/MX-M Series 2 PC-Fax Driver (HKLM-x32\...\SHARP MX-2610 3110 3610 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 7.0.2316 - Trend Micro Deutschland GmbH)
Trend Micro Worry-Free Business Security Agent (x32 Version: 1.0.0 - Trend Micro Inc.) Hidden
Two Worlds Pinball (HKLM-x32\...\Two Worlds Pinball) (Version: 1.00 - TopWare Interactive Inc.)
UCSetup_x64 (HKLM\...\{5CBB1682-C04D-49DF-B276-AE51351BF53E}) (Version: 1.9.935 - ProCAM Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.14766 - VMware, Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.6 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

24-04-2014 04:53:32 Geplanter Prüfpunkt
30-04-2014 12:25:12 Installiert PC-FAX-Treiber der Reihe SHARP MX
05-05-2014 13:52:47 Windows Update
06-05-2014 05:02:31 Norton_Power_Eraser_20140506070227150
06-05-2014 05:23:59 Installed Java 7 Update 55
06-05-2014 06:54:09 Wiederherstellungsvorgang
08-05-2014 04:48:09 Revo Uninstaller's restore point - Ask Toolbar
08-05-2014 04:51:12 Revo Uninstaller's restore point - pdfforge Toolbar v5.1
08-05-2014 04:53:07 Revo Uninstaller's restore point - Xobni
08-05-2014 04:54:57 Revo Uninstaller's restore point - PDF Complete Special Edition

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-08 08:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04363ACD-4452-4BF9-84C6-49EFC734D70A} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-1267364221-3491172544-2080735027-1151\{750FDF10-2A26-11D1-A3EA-080036587F03}\synch1 => C:\Windows\system32\mobsync.exe [2010-11-20] (Microsoft Corporation)
Task: {0937458F-66DF-4011-AAFA-991384448AFC} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {16370226-CB61-4E93-B00C-A1456DF2CA6E} - System32\Tasks\HPCeeScheduleForHP-WS2$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {97D4E97A-9ECD-4894-9608-A51E27100ADD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {99ED95DC-2992-4208-A9A9-4A7D1B8D8776} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {99FDB315-5094-47D1-AC5D-79B8197094FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B83744A8-87A0-4AC4-95EE-FC6D0DC4AF41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D7D23873-CE8F-4B76-81C7-02B92808285D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E7AB5176-23BA-4D08-A3EB-98E2B813CC2D} - System32\Tasks\HPCeeScheduleForpeter => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {EEB47667-FBDF-4F79-B225-FC3A1D1F8AB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {F251DAB6-6C23-4F05-9568-2A582BC9CA52} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
Task: {F8ECD179-CCD7-40FD-A676-E857FB0574D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHP-WS2$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpeter.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-20 12:34 - 2012-12-04 21:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2011-03-17 12:45 - 2009-02-28 04:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2011-03-17 12:45 - 2009-07-02 23:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2011-04-05 10:45 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-17 12:45 - 2009-02-20 02:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2012-02-21 08:17 - 2011-11-10 17:37 - 00579088 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarHelper.dll
2012-02-21 08:17 - 2011-01-03 15:53 - 00049152 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\boost_thread-vc80-mt-1_36.dll
2012-02-21 08:17 - 2011-01-03 15:53 - 00057344 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\boost_date_time-vc80-mt-1_36.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: epqlopul => "C:\Windows\iwyh\sbahibis.exe"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: ibyhawkb => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: keagobomipis => C:\Users\peter\keagobomipis.exe
MSCONFIG\startupreg: okehutlb => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: ozuhecwj => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: ygakyckt => "C:\Windows\esof\uhekozuc.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/20/2011 07:08:26 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6714 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/21/2011 10:12:10 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19001 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (08/02/2011 05:50:56 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3442 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/21/2011 07:33:19 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 9504 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (06/04/2011 10:24:54 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 240 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/30/2011 05:40:04 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 153 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-08 08:48:54.277
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 08:48:54.230
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 08:48:54.167
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 08:48:54.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 07:08:18.104
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 07:08:18.042
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 4078.54 MB
Available physical RAM: 2476.38 MB
Total Pagefile: 8155.27 MB
Available Pagefile: 6441.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.45 GB) (Free:846.13 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive p: (Daten) (Network) (Total:441.99 GB) (Free:128.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2B0F2E58)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 10.05.2014, 10:51   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.05.2014, 10:06   #9
leili1980
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Hallo,

mit Eset Online Scanner wurden noch Bedrohungen gefunden.
soll ich diese mit ESET entfernen lassen, weil ich ja den Haken herausgenommen habe bei REMOVE FOUND THREADS

danke für die Info

Thomas

Alt 13.05.2014, 09:33   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Zeig mir mal das Log wie oben angegeben, dann sehen wir weiter
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.05.2014, 08:41   #11
leili1980
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Hier die Logfiles

eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7dd1db8a7bc18945b12351aa175a5b38
# engine=18222
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-12 08:49:45
# local_time=2014-05-12 10:49:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=519 16777213 100 94 4386 170811099 0 0
# compatibility_mode=5893 16776573 100 94 258751 151514435 0 0
# scanned=200961
# found=6
# cleaned=0
# scan_time=3195
sh=476F24660E1198027FA01CBDE0B39BC9838D57EE ft=1 fh=2e4e1b474cc12a70 vn="Variante von Win32/Reveton.W Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\wl8z17tmq9.fdd.vir"
sh=81EF5CB4C9D72893E59437B451AC48BEEE0A27E0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6313a6dc-5bb2b730"
sh=2AB6C10F15E11F7539670255849B5178265C6541 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2013-2465.CU Trojaner" ac=I fn="C:\Users\peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\59f2d4ee-3104d418"
sh=B762B097514404720D2D95E7CB5A2DC2B9B13E9D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\54288685-75a48d3f"
sh=89844B8313ED649A2B41CB20A6AEF67F272235B9 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.CA Trojaner" ac=I fn="C:\Users\peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6bb9c0bd-3bd73b29"
sh=CD1D04F030428BB18C558FAA4E28828DFF81D046 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.X Trojaner" ac=I fn="C:\Users\peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\613f55c9-4627379a"
security check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Trend Micro Security Agent   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Reader XI  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 peter Desktop Virusentfernung SecurityCheck.exe 
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
 Trend Micro Security Agent tmlisten.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
frst:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by peter (administrator) on HP-WS2 on 14-05-2014 09:39:24
Running from \\SBSRV\RedirectedFolders\peter\Desktop\Virusentfernung
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\SS0XRCV.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Procam\Pulse\ProcamPulseServer.exe
(Farbar) \\SBSRV\RedirectedFolders\peter\Desktop\Virusentfernung\FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [219480 2011-10-17] (Trend Micro Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-27] (IDT, Inc.)
HKLM\...\Run: [SS0XRCV] => C:\Windows\system32\spool\drivers\x64\3\SS0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-08-15] (Hewlett-Packard )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKU\S-1-5-21-1267364221-3491172544-2080735027-1151\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe -update activex

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {3D1F3657-449F-4370-B199-239596226E57} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {3D1F3657-449F-4370-B199-239596226E57} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70752} https://192.168.0.10:444/officescan/console/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {9BBB3919-F518-4D06-8209-299FC243FC44} https://192.168.0.10:444/smb/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.10

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Security Agent\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Security Agent\UIFramework\Toolbar\firefoxextension [2011-10-19]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Google-Suche) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Google Mail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]

==================== Services (Whitelisted) =================

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 TmListen; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [1017360 2011-11-16] (Trend Micro Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [X]
S2 XobniService; "C:\Program Files (x86)\Xobni\XobniService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [98304 2008-07-31] (OEM)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-06-23] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [146192 2011-06-23] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69904 2011-06-23] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-09-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-30] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [340560 2010-09-30] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [X]
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 10:49 - 2014-05-09 10:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 10:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-09 10:40 - 2014-05-09 10:46 - 00000000 ____D () C:\AdwCleaner
2014-05-09 10:18 - 2014-05-12 05:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 08:50 - 2014-05-08 08:50 - 00017582 _____ () C:\ComboFix.txt
2014-05-08 07:57 - 2014-05-08 07:57 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-05-08 06:58 - 2014-05-08 08:50 - 00000000 ____D () C:\Qoobox
2014-05-08 06:58 - 2014-05-08 07:59 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 06:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-08 06:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-08 06:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-08 06:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-08 06:55 - 2014-05-08 06:55 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-08 06:47 - 2014-05-12 11:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-07 06:35 - 2014-05-14 09:39 - 00000000 ____D () C:\FRST
2014-05-06 21:11 - 2014-05-06 21:11 - 00077850 _____ () C:\OTL.Txt
2014-05-06 14:57 - 2014-05-14 08:30 - 00000000 ____D () C:\Users\peter\AppData\Local\CrashDumps
2014-05-06 13:47 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Adobe
2014-05-06 13:07 - 2014-05-06 13:07 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\WinRAR
2014-05-06 13:06 - 2014-05-06 13:06 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Google
2014-05-06 12:52 - 2014-05-06 12:52 - 00143728 _____ () C:\Users\thomasl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:35 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Adobe
2014-05-06 12:24 - 2014-05-06 12:24 - 00001411 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-06 12:24 - 2014-05-06 12:24 - 00000000 ____D () C:\Users\thomasl\AppData\Local\PDFC
2014-05-06 12:23 - 2014-05-06 21:08 - 00000000 ____D () C:\Users\thomasl
2014-05-06 12:23 - 2014-05-06 13:11 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 12:23 - 2014-05-06 12:24 - 00001445 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 12:23 - 2014-05-06 12:24 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-06 12:23 - 2014-05-06 12:23 - 00000020 ___SH () C:\Users\thomasl\ntuser.ini
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Vorlagen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Startmenü
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Netzwerkumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Lokale Einstellungen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Eigene Dateien
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Druckumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Verlauf
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Anwendungsdaten
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Anwendungsdaten
2014-05-06 12:23 - 2011-03-25 14:37 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Microsoft Help
2014-05-06 12:23 - 2011-03-17 12:49 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Macromedia
2014-05-06 12:23 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 12:23 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-06 09:56 - 2014-05-06 09:57 - 00000036 _____ () C:\Users\peter\AppData\Local\housecall.guid.cache
2014-05-06 08:37 - 2014-05-06 09:04 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 07:51 - 2014-05-06 07:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-06 07:25 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-06 07:25 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-06 07:25 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-06 07:25 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-06 07:24 - 2014-05-06 07:25 - 00006055 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-06 07:24 - 2014-05-06 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-06 07:03 - 2014-05-06 07:03 - 00001386 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-05-06 06:58 - 2014-05-06 06:58 - 00000000 ____D () C:\NPE
2014-05-06 06:57 - 2014-05-06 07:06 - 00000000 ____D () C:\Users\peter\AppData\Local\NPE
2014-05-05 15:53 - 2014-04-29 13:39 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 15:53 - 2014-04-29 13:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 15:53 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 15:53 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 13:23 - 2014-05-06 07:04 - 00000000 ____D () C:\Windows\asis
2014-05-05 13:23 - 2014-05-05 13:26 - 00000000 ____D () C:\ProgramData\ibunabeg
2014-05-05 13:23 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\axeb
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\peter\AppData\Roaming\SHARP
2014-04-30 14:28 - 2014-04-30 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-FAX-Treiber der Reihe SHARP MX, MX-M
2014-04-30 14:27 - 2012-10-09 04:17 - 00180320 _____ () C:\Windows\_isusr32.dll
2014-04-30 14:27 - 2010-05-28 08:30 - 00032768 ____N () C:\Windows\SysWOW64\_isusr2k.dll
2014-04-30 14:25 - 2014-04-30 14:27 - 00000000 ____D () C:\Windows\SysWOW64\SCDRV
2014-04-30 14:25 - 2014-04-30 14:25 - 00000000 ____D () C:\Users\peter\AppData\Roaming\InstallShield

==================== One Month Modified Files and Folders =======

2014-05-14 09:39 - 2014-05-07 06:35 - 00000000 ____D () C:\FRST
2014-05-14 09:28 - 2012-04-03 05:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 09:28 - 2011-03-17 12:35 - 02081104 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 09:25 - 2013-02-14 18:26 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-14 08:39 - 2011-03-25 13:29 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-05-14 08:30 - 2014-05-06 14:57 - 00000000 ____D () C:\Users\peter\AppData\Local\CrashDumps
2014-05-14 07:28 - 2012-04-03 05:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 07:28 - 2012-04-03 05:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 07:28 - 2011-05-18 06:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 06:25 - 2013-02-14 18:26 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-14 05:10 - 2011-03-25 13:34 - 00000000 ____D () C:\PTW
2014-05-14 05:04 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 05:04 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 05:01 - 2011-03-17 13:13 - 00746422 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 05:01 - 2011-03-17 13:13 - 00162016 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 05:01 - 2009-07-14 07:13 - 01733610 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-14 04:57 - 2011-03-17 12:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-14 04:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 04:57 - 2009-07-14 06:51 - 00098472 _____ () C:\Windows\setupact.log
2014-05-13 12:51 - 2011-03-25 13:46 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-05-13 05:19 - 2011-03-17 12:32 - 00974496 _____ () C:\Windows\PFRO.log
2014-05-12 11:03 - 2014-05-08 06:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-12 06:01 - 2011-07-11 05:00 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForpeter
2014-05-12 06:01 - 2011-07-11 05:00 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForpeter.job
2014-05-12 05:50 - 2014-05-09 10:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 05:18 - 2011-03-28 05:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-12 05:17 - 2011-10-29 07:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 10:49 - 2014-05-09 10:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 10:46 - 2014-05-09 10:40 - 00000000 ____D () C:\AdwCleaner
2014-05-09 10:18 - 2014-05-09 10:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 10:33 - 2012-11-15 06:07 - 00000000 ____D () C:\Firefox
2014-05-08 09:38 - 2011-03-17 12:45 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-05-08 08:50 - 2014-05-08 08:50 - 00017582 _____ () C:\ComboFix.txt
2014-05-08 08:50 - 2014-05-08 06:58 - 00000000 ____D () C:\Qoobox
2014-05-08 08:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-08 08:01 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-08 07:59 - 2014-05-08 06:58 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 07:57 - 2014-05-08 07:57 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-05-08 07:57 - 2013-11-14 10:24 - 00000834 __RSH () C:\Users\peter\ntuser.pol
2014-05-08 07:57 - 2011-03-25 13:31 - 00000000 ____D () C:\Users\peter
2014-05-08 06:55 - 2014-05-08 06:55 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-08 06:55 - 2011-03-17 12:44 - 00000000 ____D () C:\Program Files (x86)\PDF Complete
2014-05-08 06:54 - 2011-03-25 14:10 - 00000000 ____D () C:\Users\peter\AppData\Local\Xobni
2014-05-08 06:20 - 2013-02-14 18:26 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 06:20 - 2013-02-14 18:26 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 21:11 - 2014-05-06 21:11 - 00077850 _____ () C:\OTL.Txt
2014-05-06 21:08 - 2014-05-06 12:23 - 00000000 ____D () C:\Users\thomasl
2014-05-06 21:08 - 2012-12-18 11:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-06 21:08 - 2011-10-08 01:57 - 00000000 ____D () C:\Users\administrator
2014-05-06 21:08 - 2011-03-25 13:03 - 00000000 ____D () C:\Users\admin
2014-05-06 13:47 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Adobe
2014-05-06 13:47 - 2014-05-06 12:35 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\Adobe
2014-05-06 13:11 - 2014-05-06 12:23 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 13:07 - 2014-05-06 13:07 - 00000000 ____D () C:\Users\thomasl\AppData\Roaming\WinRAR
2014-05-06 13:06 - 2014-05-06 13:06 - 00000000 ____D () C:\Users\thomasl\AppData\Local\Google
2014-05-06 12:52 - 2014-05-06 12:52 - 00143728 _____ () C:\Users\thomasl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:38 - 2011-03-25 13:21 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-06 12:24 - 2014-05-06 12:24 - 00001411 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-06 12:24 - 2014-05-06 12:24 - 00000000 ____D () C:\Users\thomasl\AppData\Local\PDFC
2014-05-06 12:24 - 2014-05-06 12:23 - 00001445 _____ () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 12:24 - 2014-05-06 12:23 - 00000000 ___RD () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-06 12:24 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-06 12:23 - 2014-05-06 12:23 - 00000020 ___SH () C:\Users\thomasl\ntuser.ini
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Vorlagen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Startmenü
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Netzwerkumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Lokale Einstellungen
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Eigene Dateien
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Druckumgebung
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Verlauf
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\AppData\Local\Anwendungsdaten
2014-05-06 12:23 - 2014-05-06 12:23 - 00000000 _SHDL () C:\Users\thomasl\Anwendungsdaten
2014-05-06 10:58 - 2013-11-14 10:59 - 00000000 ____D () C:\Windows\pss
2014-05-06 09:57 - 2014-05-06 09:56 - 00000036 _____ () C:\Users\peter\AppData\Local\housecall.guid.cache
2014-05-06 09:04 - 2014-05-06 08:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 08:59 - 2012-09-11 04:55 - 00238128 _____ () C:\Windows\RegBootClean64.exe
2014-05-06 07:51 - 2014-05-06 07:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-06 07:25 - 2014-05-06 07:24 - 00006055 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-06 07:25 - 2013-06-28 06:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-06 07:24 - 2014-05-06 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-06 07:06 - 2014-05-06 06:57 - 00000000 ____D () C:\Users\peter\AppData\Local\NPE
2014-05-06 07:04 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\asis
2014-05-06 07:03 - 2014-05-06 07:03 - 00001386 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-05-06 06:58 - 2014-05-06 06:58 - 00000000 ____D () C:\NPE
2014-05-06 06:58 - 2012-11-13 05:43 - 00000000 ____D () C:\Program Files\Google
2014-05-06 06:58 - 2012-11-13 05:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-06 06:57 - 2011-03-17 12:50 - 00000000 ____D () C:\ProgramData\Norton
2014-05-06 06:52 - 2012-11-13 05:43 - 00000000 ____D () C:\Users\peter\AppData\Local\Google
2014-05-05 13:26 - 2014-05-05 13:23 - 00000000 ____D () C:\ProgramData\ibunabeg
2014-05-05 13:25 - 2011-10-27 15:03 - 00000000 ____D () C:\ProgramData\Sun
2014-05-05 13:23 - 2014-05-05 13:23 - 00000000 ____D () C:\Windows\axeb
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\peter\AppData\Roaming\SHARP
2014-04-30 14:28 - 2014-04-30 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-FAX-Treiber der Reihe SHARP MX, MX-M
2014-04-30 14:27 - 2014-04-30 14:25 - 00000000 ____D () C:\Windows\SysWOW64\SCDRV
2014-04-30 14:25 - 2014-04-30 14:25 - 00000000 ____D () C:\Users\peter\AppData\Roaming\InstallShield
2014-04-30 14:25 - 2011-03-17 12:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-29 13:39 - 2014-05-05 15:53 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 13:15 - 2014-05-05 15:53 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 12:28 - 2014-05-05 15:53 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 12:07 - 2014-05-05 15:53 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 05:04 - 2011-06-16 05:04 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP-WS2$
2014-04-16 05:04 - 2011-06-16 05:04 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForHP-WS2$.job
2014-04-14 20:13 - 2014-05-06 07:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-05-06 07:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-05-06 07:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-05-06 07:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

Files to move or delete:
====================
C:\ProgramData\0r7tg4j6.fee
C:\ProgramData\rjvjwbh3.fee
C:\ProgramData\wl8z17tmq9.bxx
C:\ProgramData\wl8z17tmq9.fvv
C:\ProgramData\wl8z17tmq9.reg


Some content of TEMP:
====================
C:\Users\peter\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 07:10

==================== End Of Log ============================
--- --- ---


addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by peter at 2014-05-14 09:40:05
Running from \\SBSRV\RedirectedFolders\peter\Desktop\Virusentfernung
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Security Agent (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Security Agent (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AutoCAD Mechanical 2011 (HKLM\...\AutoCAD Mechanical 2011) (Version: 15.0.46.0 - Autodesk)
AutoCAD Mechanical 2011 (Version: 15.0.106.0 - Autodesk) Hidden
AutoCAD Mechanical 2011 Language Pack - Deutsch (Version: 15.0.46.0 - Autodesk) Hidden
AutoCAD Mechanical 2011 Version 2 (HKLM\...\AutoCAD Mechanical 2011 Version 2) (Version: 1 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP Managed Printing Admin (HKLM-x32\...\{7CA4F780-7AD0-417A-82A1-46EB825CFD53}) (Version: 2.5.9 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.14.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{05BA6A83-C7A7-4F85-88F1-150142305229}) (Version: 8.5.4489.3576 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.84 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.84 - InterVideo Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.58 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6658 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.58 (Version: 266.58 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
SHARP MX/MX-M Series 2 PC-Fax Driver (HKLM-x32\...\SHARP MX-2610 3110 3610 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 7.0.2316 - Trend Micro Deutschland GmbH)
Trend Micro Worry-Free Business Security Agent (x32 Version: 1.0.0 - Trend Micro Inc.) Hidden
Two Worlds Pinball (HKLM-x32\...\Two Worlds Pinball) (Version: 1.00 - TopWare Interactive Inc.)
UCSetup_x64 (HKLM\...\{5CBB1682-C04D-49DF-B276-AE51351BF53E}) (Version: 1.9.935 - ProCAM Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.14766 - VMware, Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.6 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

24-04-2014 04:53:32 Geplanter Prüfpunkt
30-04-2014 12:25:12 Installiert PC-FAX-Treiber der Reihe SHARP MX
05-05-2014 13:52:47 Windows Update
06-05-2014 05:02:31 Norton_Power_Eraser_20140506070227150
06-05-2014 05:23:59 Installed Java 7 Update 55
06-05-2014 06:54:09 Wiederherstellungsvorgang
08-05-2014 04:48:09 Revo Uninstaller's restore point - Ask Toolbar
08-05-2014 04:51:12 Revo Uninstaller's restore point - pdfforge Toolbar v5.1
08-05-2014 04:53:07 Revo Uninstaller's restore point - Xobni
08-05-2014 04:54:57 Revo Uninstaller's restore point - PDF Complete Special Edition

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-08 08:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04363ACD-4452-4BF9-84C6-49EFC734D70A} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-1267364221-3491172544-2080735027-1151\{750FDF10-2A26-11D1-A3EA-080036587F03}\synch1 => C:\Windows\system32\mobsync.exe [2010-11-20] (Microsoft Corporation)
Task: {0937458F-66DF-4011-AAFA-991384448AFC} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {16370226-CB61-4E93-B00C-A1456DF2CA6E} - System32\Tasks\HPCeeScheduleForHP-WS2$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {97D4E97A-9ECD-4894-9608-A51E27100ADD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {99ED95DC-2992-4208-A9A9-4A7D1B8D8776} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {99FDB315-5094-47D1-AC5D-79B8197094FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B83744A8-87A0-4AC4-95EE-FC6D0DC4AF41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D7D23873-CE8F-4B76-81C7-02B92808285D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E7AB5176-23BA-4D08-A3EB-98E2B813CC2D} - System32\Tasks\HPCeeScheduleForpeter => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {EEB47667-FBDF-4F79-B225-FC3A1D1F8AB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {F251DAB6-6C23-4F05-9568-2A582BC9CA52} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
Task: {F8ECD179-CCD7-40FD-A676-E857FB0574D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHP-WS2$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpeter.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-20 12:34 - 2012-12-04 21:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2011-03-17 12:45 - 2009-02-28 04:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2011-04-05 10:45 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-17 12:45 - 2009-07-02 23:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2009-07-10 09:26 - 2009-07-10 09:26 - 01123840 _____ () C:\Program Files\Procam\Pulse\ProcamPulseServer.exe
2011-03-17 12:45 - 2009-02-20 02:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2012-02-21 08:17 - 2011-11-10 17:37 - 00579088 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarHelper.dll
2012-02-21 08:17 - 2011-01-03 15:53 - 00049152 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\boost_thread-vc80-mt-1_36.dll
2012-02-21 08:17 - 2011-01-03 15:53 - 00057344 _____ () C:\Program Files\Trend Micro\Security Agent\UIFramework\boost_date_time-vc80-mt-1_36.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: epqlopul => "C:\Windows\iwyh\sbahibis.exe"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: ibyhawkb => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: keagobomipis => C:\Users\peter\keagobomipis.exe
MSCONFIG\startupreg: okehutlb => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: ozuhecwj => "C:\Windows\ylij\apinavyj.exe"
MSCONFIG\startupreg: ygakyckt => "C:\Windows\esof\uhekozuc.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2014 08:30:09 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0xeac
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (05/14/2014 07:15:28 AM) (Source: SideBySide) (User: ) (EventID: 63)
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/13/2014 01:24:31 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x2a0c
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (05/13/2014 00:48:06 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0xc74
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (05/13/2014 07:14:35 AM) (Source: SideBySide) (User: ) (EventID: 63)
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/12/2014 11:46:10 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.269.0, Zeitstempel: 0x4c0c8ae0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x23d0
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (05/12/2014 11:01:44 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/12/2014 09:55:18 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/12/2014 09:55:13 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/12/2014 09:43:10 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (05/14/2014 04:57:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/14/2014 04:57:24 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/14/2014 04:57:23 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/13/2014 05:19:28 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/13/2014 05:19:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/13/2014 05:19:25 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/12/2014 05:06:22 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/12/2014 05:06:19 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/12/2014 05:06:17 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (10/20/2011 07:08:26 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6714 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/21/2011 10:12:10 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19001 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (08/02/2011 05:50:56 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3442 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/21/2011 07:33:19 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 9504 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (06/04/2011 10:24:54 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 240 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/30/2011 05:40:04 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 153 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-08 08:48:54.277
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 08:48:54.230
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 08:48:54.167
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 08:48:54.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 07:08:18.104
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 07:08:18.042
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 4078.54 MB
Available physical RAM: 2284.34 MB
Total Pagefile: 8155.27 MB
Available Pagefile: 6213.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.45 GB) (Free:845.54 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive p: (Daten) (Network) (Total:441.99 GB) (Free:121.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2B0F2E58)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================
lg
Thomas

Alt 14.05.2014, 19:23   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\0r7tg4j6.fee
C:\ProgramData\rjvjwbh3.fee
C:\ProgramData\wl8z17tmq9.bxx
C:\ProgramData\wl8z17tmq9.fvv
C:\ProgramData\wl8z17tmq9.reg

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.05.2014, 06:47   #13
leili1980
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Servus,

allerbesten Dank - nun funktioniert wieder alles wie gehabt!!!

am besten gefällt mir abschließend noch dein Satz

Zitat:
Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
Wir werden uns gerne mit einer Spende erkenntlich zeigen

Grüße aus Oberösterreich
Thomas

Alt 16.05.2014, 09:30   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Trojanerbefall nach DHL Phishing Mail - Standard

Trojanerbefall nach DHL Phishing Mail


Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojanerbefall nach DHL Phishing Mail
betrieb, community, download, durchgeführt, erhalte, erhalten, fertig, geklickt, kleine, kleinen, logfiles, mail, neu, phishing, professional, riesen, sache, sachen, scan, systemadministrator, troja, trojaner, trojanerbefall, vergessen, windows, windows 7


« Controlle nach Massiven Netzwerkstörungen durch Netzwerk Scaner | Trojan.Generic.11258513 (B) von Emsisoft gefunden »


Ähnliche Themen: Trojanerbefall nach DHL Phishing Mail


  1. Ist Mail von Paypal Phishing?
    Überwachung, Datenschutz und Spam - 07.09.2015 (5)
  2. DHL-Phishing-Mail
    Plagegeister aller Art und deren Bekämpfung - 09.05.2015 (13)
  3. Bluescreen und langsamer PC nach anklicken von 1&1 phishing Mail
    Log-Analyse und Auswertung - 26.12.2014 (9)
  4. Phishing-Mail-Link angeklickt (Paypal-Phishing-Mail)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2014 (9)
  5. Phishing-Mail von amazon
    Plagegeister aller Art und deren Bekämpfung - 04.10.2014 (5)
  6. Phishing Mail
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (1)
  7. Paypal Phishing Mail
    Alles rund um Mac OSX & Linux - 19.04.2014 (2)
  8. Win8.1: Nach Phishing Mail läuft das Internet erst langsam, jetzt nicht mehr; kein PopUp o.ä.
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (13)
  9. Telekom Phishing Mail
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (3)
  10. Nach Phishing Mail langsames Internet, jetzt offline - Admin in Win8.1 kann sich nicht anmelden!
    Alles rund um Windows - 23.01.2014 (1)
  11. Phishing mail Reingefallen
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (3)
  12. Telekom Phishing Mail
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (3)
  13. MBAM findet PUP.Optional.SweetM.A. nach Öffnen von Phishing Mail
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (3)
  14. ArenaNet Phishing E-Mail
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (9)
  15. PayPal Phishing-Mail
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (9)
  16. Trojanerbefall nach Öffnen eines gezipten Mail-Anhangs
    Log-Analyse und Auswertung - 18.06.2013 (15)
  17. Ist das eine Phishing Mail ?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojanerbefall nach DHL Phishing Mail - Hallo Community, ich bin neu hier und habe ein riesen Problem. Ein Mitarbeiter in unserem kleinen Betrieb (<25 MA) hat eine phishing mail von "DHL" erhalten, dass uns ein Paket - Trojanerbefall nach DHL Phishing Mail...
Archiv
Du betrachtest: Trojanerbefall nach DHL Phishing Mail auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55