Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware / Trojaner Schädlingsbeseitigung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.04.2015, 14:30   #1
HtHNightwolf
 
Malware / Trojaner Schädlingsbeseitigung - Standard

Malware / Trojaner Schädlingsbeseitigung



Hallo Trojaner-Board-Team,

wie ich das mit cosinus in diesem Thread besprochen hatte, gibt es einen zweiten Rechner, der womöglich infiziert ist.
Mögt ihr bitte schauen, ob sich nach Kaspersky und MBAM Scans noch immer was verborgen hält?
Ich habe die folgenden Schritte bereits parallel mit dem ersten Rechner unternommen und hänge die entsprechenden LOG-Dateien an:

Vorab: Kaspersky-Scan von Boot-CD
MBAM-Scan und Removed was er gefunden hat
Dann:
1. FRST Scan
2. Combofix Scan
3. ADWCleaner Scan und Löschen
4. JRT Scan

Die Logs dazu:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by hwu (administrator) on GAPWS31W7 on 07-04-2015 11:32:20
Running from C:\Users\hwu.*****\Downloads
Loaded Profiles: hwu (Available profiles: Serviceuser & awa & hwu & swi & hka & tvr & sku & dwa & serviceuser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\TmListen.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
() C:\Users\hwu.*****\AppData\Local\Xenocode\Sandbox\ra-micro Startprogramm\10.4\local\stubexe\0x81ACAAA657A54A6B\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [219480 2011-10-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1386967835-2426692312-148520297-1176\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1386967835-2426692312-148520297-1176\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1386967835-2426692312-148520297-1176\...\MountPoints2: {58766801-e55e-11e3-850f-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1386967835-2426692312-148520297-1176\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-1386967835-2426692312-148520297-1176\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm834^LADEDE^de&si=514950_&ptb=C3D997CB-F922-447C-AADC-7911799B0775&ind=2014121005&n=780d0c2d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1386967835-2426692312-148520297-1176 -> DefaultScope {4CE1421E-C0C4-43F1-A62E-951213C3A750} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1386967835-2426692312-148520297-1176 -> EEF5D22A2554469D8E0B52051882BCEB URL = 
SearchScopes: HKU\S-1-5-21-1386967835-2426692312-148520297-1176 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1386967835-2426692312-148520297-1176 -> {4CE1421E-C0C4-43F1-A62E-951213C3A750} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1386967835-2426692312-148520297-1176 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=U219DF&PC=U219&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1386967835-2426692312-148520297-1176 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm834^LADEDE^de&si=514950_&ptb=C3D997CB-F922-447C-AADC-7911799B0775&ind=2014121005&n=780d0c2d&psa=&st=sb&searchfor={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll [2011-09-28] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05] (Oracle Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg.dll [2011-09-28] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll [2011-11-10] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.18.11 192.168.18.1

FireFox:
========
FF ProfilePath: C:\Users\hwu.*****\AppData\Roaming\Mozilla\Firefox\Profiles\zhj4kd18.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll [2013-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: G Data BankGuard - C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-06-19]

Chrome: 
=======
CHR Profile: C:\Users\hwu.*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hwu.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Google Wallet) - C:\Users\hwu.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [176128 2010-02-26] (OLYMPUS IMAGING CORP.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R3 TmListen; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [1017360 2011-11-16] (Trend Micro Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [325376 2007-03-20] (AfaTech                  )
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-14] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-14] (Intel(R) Corporation)
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [238096 2012-05-21] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-12-29] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-06-23] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [146192 2011-06-23] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69904 2011-06-23] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-30] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 11:32 - 2015-04-07 11:33 - 00013255 _____ () C:\Users\hwu.*****\Downloads\FRST.txt
2015-04-07 11:32 - 2015-04-07 11:32 - 02095616 _____ (Farbar) C:\Users\hwu.*****\Downloads\FRST64.exe
2015-04-07 11:32 - 2015-04-07 11:32 - 00000000 ____D () C:\FRST
2015-04-07 11:26 - 2015-04-07 11:26 - 06135352 _____ (TeamViewer) C:\Users\hwu.*****\Downloads\TeamViewerQS.exe
2015-04-02 09:42 - 2015-04-02 09:42 - 00172544 _____ () C:\Users\Public\Documents\Sixt London.msg
2015-03-31 14:32 - 2015-03-31 14:32 - 00000000 ____H () C:\Users\hwu.*****\Documents\Default.rdp
2015-03-31 14:31 - 2015-03-31 14:31 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 14:31 - 2015-03-31 14:31 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-31 14:31 - 2015-03-31 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 14:28 - 2015-03-31 14:28 - 00305664 _____ (Secure By Design Inc.) C:\Users\hwu.*****\Downloads\Ninite Firefox Installer.exe
2015-03-31 14:26 - 2015-03-31 14:26 - 00000017 _____ () C:\Users\hwu.*****\Desktop\Fall-Nummer Deutsche Bank Security.txt
2015-03-31 14:23 - 2015-03-31 15:03 - 00000000 ____D () C:\Users\hwu.*****\AppData\Roaming\Mozilla
2015-03-31 14:11 - 2015-03-31 14:11 - 00000000 ____D () C:\Windows\pss
2015-03-27 10:27 - 2015-03-27 10:27 - 00018698 _____ () C:\Users\Public\Documents\Kopie von Warenrücknahmen ohne Beleg_LM_2014-2015.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 11:17 - 2011-08-16 14:25 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-07 10:38 - 2014-06-15 19:36 - 00000000 ____D () C:\Users\hwu.*****\Documents\Outlook-Dateien
2015-04-07 10:32 - 2011-07-15 10:12 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-07 09:46 - 2011-07-15 10:11 - 00000000 ____D () C:\ProgramData\Temp
2015-04-07 09:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2015-04-07 09:41 - 2014-05-27 08:56 - 00000000 ____D () C:\Users\hwu.*****
2015-04-07 09:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-04-07 09:38 - 2009-07-14 06:45 - 00039152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 09:38 - 2009-07-14 06:45 - 00039152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 09:35 - 2012-09-04 12:16 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-07 09:35 - 2011-04-12 09:43 - 00701076 _____ () C:\Windows\system32\perfh007.dat
2015-04-07 09:35 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-04-07 09:35 - 2009-07-14 07:13 - 01624740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 09:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 09:31 - 2009-07-14 06:51 - 01312893 _____ () C:\Windows\setupact.log
2015-04-02 14:41 - 2014-05-27 08:56 - 00000250 ___SH () C:\Users\hwu.*****\ntuser.ini
2015-04-01 14:07 - 2013-06-14 13:41 - 00000040 _____ () C:\Windows\DICTANET.INI
2015-04-01 09:00 - 2010-11-21 05:47 - 00071464 _____ () C:\Windows\PFRO.log
2015-03-31 16:08 - 2014-05-27 09:05 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-03-31 16:08 - 2012-09-04 12:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 16:08 - 2012-09-04 12:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 16:08 - 2012-08-10 09:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 16:08 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-03-31 14:31 - 2015-03-06 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-31 14:13 - 2014-05-27 23:50 - 00003210 _____ () C:\Windows\System32\Tasks\{8A817BBC-D325-4DE2-A560-CAC3316E9589}
2015-03-31 14:13 - 2014-05-27 23:40 - 00002988 _____ () C:\Windows\System32\Tasks\{9F85CB71-0810-4F8E-98F2-DEDA35DA5725}
2015-03-31 14:13 - 2014-05-27 09:05 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-31 14:13 - 2012-09-04 12:15 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-31 14:13 - 2012-09-04 12:15 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-31 14:13 - 2012-08-10 09:54 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-31 14:09 - 2015-01-30 10:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 12:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-24 16:03 - 2014-06-16 08:41 - 00000000 _____ () C:\test.log

Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\APNStub.exe
C:\Users\administrator\AppData\Local\Temp\fx-runtime.exe
C:\Users\administrator\AppData\Local\Temp\JavaIC.dll
C:\Users\administrator\AppData\Local\Temp\msscct32.dll
C:\Users\awa\AppData\Local\Temp\ivstqa3l.dll
C:\Users\awa\AppData\Local\Temp\rmx.stp.04.elster.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.07.secsigner.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.10.AdobeAir.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.12.SurfaceInstaller.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.12.syncframework.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.14.ddbac.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.15.uninst.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.18.sqlce4.exe
C:\Users\awa\AppData\Local\Temp\rmx.stp.exe
C:\Users\awa\AppData\Local\Temp\spoonrestarter.exe
C:\Users\cga\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\dwa\AppData\Local\Temp\22y5jpmt.dll
C:\Users\dwa\AppData\Local\Temp\2nqjrxr4.dll
C:\Users\dwa\AppData\Local\Temp\bft0jpna.dll
C:\Users\dwa\AppData\Local\Temp\decdzmbr.dll
C:\Users\dwa\AppData\Local\Temp\elf4j3n5.dll
C:\Users\dwa\AppData\Local\Temp\f0r05dbo.dll
C:\Users\dwa\AppData\Local\Temp\ju3vi5fl.dll
C:\Users\dwa\AppData\Local\Temp\orp4h0hc.dll
C:\Users\dwa\AppData\Local\Temp\rmx.stp.06.xchangedictanet.exe
C:\Users\dwa\AppData\Local\Temp\rmx.stp.09.AdobeFlashplayer.exe
C:\Users\dwa\AppData\Local\Temp\rmx.stp.10.AdobeAir.exe
C:\Users\dwa\AppData\Local\Temp\rmx.stp.14.ddbac.exe
C:\Users\dwa\AppData\Local\Temp\tiesxkod.dll
C:\Users\dwa\AppData\Local\Temp\ttwiqvnx.dll
C:\Users\dwa\AppData\Local\Temp\v4gl0dsd.dll
C:\Users\dwa\AppData\Local\Temp\x5cc4lnt.dll
C:\Users\dwa\AppData\Local\Temp\y0oqlh3o.dll
C:\Users\dwa\AppData\Local\Temp\zx0kedfl.dll
C:\Users\master\AppData\Local\Temp\rmx.stp.01.infragistics103.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.02.leadtools.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.03.textcontrol.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.04.elster.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.05.OpenLimit.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.06.xchange.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.07.secsigner.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.09.AdobeFlashplayer.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.10.AdobeAir.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.12.SurfaceInstaller.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.12.syncframework.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.13.ramicrosystem.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.14.ddbac.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.15.uninst.exe
C:\Users\master\AppData\Local\Temp\rmx.stp.17.pia.exe
C:\Users\serviceuser\AppData\Local\Temp\_is9E60.exe
C:\Users\sku\AppData\Local\Temp\rmx.stp.09.AdobeFlashplayer.exe
C:\Users\sku\AppData\Local\Temp\rmx.stp.10.AdobeAir.exe
C:\Users\tvr\AppData\Local\Temp\0oh5c5ki.dll
C:\Users\tvr\AppData\Local\Temp\2sp5hjko.dll
C:\Users\tvr\AppData\Local\Temp\rmx.stp.10.AdobeAir.exe
C:\Users\tvr\AppData\Local\Temp\rmx.stp.14.ddbac.exe
C:\Users\tvr\AppData\Local\Temp\rmx.stp.15.uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 01:06

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by hwu at 2015-04-07 11:35:29
Running from C:\Users\hwu.*****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Security Agent (Enabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Security Agent (Enabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Autodesk Buzzsaw 2013.1.27.1368 (HKLM-x32\...\Autodesk Buzzsaw 2013) (Version: 2013.1.27.1368 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)
DDBAC (HKLM-x32\...\{021BC94E-D464-4B9D-96F1-C6566B476A71}) (Version: 5.3.3 - DataDesign)
DDBAC (HKLM-x32\...\{051584C4-7B25-43A0-A5FF-FBB9944D8DED}) (Version: 5.3.23 - DataDesign)
DDBAC (HKLM-x32\...\{7121136B-462F-46F7-8FC0-6A35E8DC2D5B}) (Version: 4.3.77 - DataDesign)
DDBAC (HKLM-x32\...\{CB3F10A6-3BD7-43C8-A011-22B00FEB61D5}) (Version: 5.3.7 - DataDesign)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 13.3.0.9066 - Landesfinanzdirektion Thüringen)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP LaserJet 400 M401 (HKLM-x32\...\{8989F6D9-550C-4178-A8CB-75B82A06621F}) (Version: 5.0.12200.835 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{05BA6A83-C7A7-4F85-88F1-150142305229}) (Version: 8.5.4489.3576 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM401DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPLaserJet400-M401_HelpLearnCenter_SI (HKLM-x32\...\{4989DD05-86FB-4CA2-96C5-923DFAD89DA3}) (Version: 1.01.0000 - Hewlett-Packard)
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM401LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM401 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Meine CEWE FOTOWELT (HKLM-x32\...\Meine CEWE FOTOWELT) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 DEU (HKLM\...\{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Surface 2.0 Runtime (HKLM-x32\...\{69C2B39D-F060-49AD-8877-01C4144A8424}) (Version: 2.0.21114.00 - Microsoft Corporation)
Microsoft Surface Toolkit Runtime for Windows Touch Beta (HKLM-x32\...\{788755AD-6DD7-4736-9CA9-24B05D87845C}) (Version: 1.5.10404.01 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) DEU  (HKLM-x32\...\{E6415AEF-3B3E-43FF-AD3A-0258D854E7D6}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) DEU  (HKLM-x32\...\{E90A1941-4989-4172-AB5C-DBCB02202A84}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) DEU  (HKLM-x32\...\{D0F06337-3406-4162-9990-7853DCE4F345}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) DEU  (HKLM-x32\...\{349B4707-5F45-49EB-9A9D-8F89C94355F2}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{D95B72D8-DE21-3DAE-B2C5-B1EE64EEBEFA}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.269.0 - Tracker Software Products Ltd)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.162.0 - Tracker Software Products Ltd)
ProgDVB x64 (HKLM\...\ProgDVB) (Version: 7.x - Prog)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RA-MICRO Deinstallation (HKLM-x32\...\ra-micro Deinstallation) (Version:  - RA-MICRO GmbH & Co. KGaA)
RA-MICRO Elster (HKLM-x32\...\{EC15998D-5C48-43D9-B5A6-43085531B31C}) (Version: 4.25.0000 - RA-MICRO GmbH & Co KGaA)
RA-MICRO Infragistics 10.3 (HKLM-x32\...\{2592ACCF-8D9B-4CF8-B791-16A94A8A75B8}) (Version: 10.01.30101 - RA-MICRO Software GmbH)
RA-MICRO Leadtools (HKLM-x32\...\{DE726A89-0BF3-433D-B975-4201BF2E8156}) (Version: 2.01.0000 - RA-MICRO Software GmbH)
RA-MICRO Systemdateien (HKLM-x32\...\{22674A89-CE4D-428D-BA79-4446933FBAF0}) (Version: 1.2.2010.0 - RA-MICRO Software GmbH)
RA-MICRO TextControl 14.0 SP4 (HKLM-x32\...\{01201D0C-0AD2-471D-8CB6-E1574A5A0D8D}) (Version: 2.00.0000 - RA-MICRO Software GmbH)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 13.2 - ITSG GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 7.0.2316 - Trend Micro Inc.)
Trend Micro Worry-Free Business Security Agent (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Worry-Free Business Security Agent (x32 Version: 1.0.0 - Trend Micro Inc.) Hidden
TWAIN Driver (HKLM-x32\...\InstallShield_{3D5D6830-C051-4273-857F-61CF7A3B5A6A}) (Version: 1.7.0717 - TWAIN Driver)
TWAIN Driver (x32 Version: 1.7.0717 - TWAIN Driver) Hidden
UTAX TA Software Library (HKLM\...\UTAX TA Software Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-03-2015 10:31:07 Geplanter Prüfpunkt
12-03-2015 11:35:00 Geplanter Prüfpunkt
19-03-2015 12:37:00 Geplanter Prüfpunkt
26-03-2015 17:01:40 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {249C792D-8790-4ACE-94F8-842AD6C27AFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {2858ACED-AC06-4C93-8400-93B42F7DEA0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-29] (Adobe Systems Incorporated)
Task: {2A1BBFCA-4412-4D4F-A03D-10E18261E70C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {47CB48F8-BE23-48B3-8EA1-913F56243121} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {6F594B68-A61A-470E-9FF7-34B6C28967A0} - System32\Tasks\{8A817BBC-D325-4DE2-A560-CAC3316E9589} => pcalua.exe -a C:\Users\hwu.*****\Downloads\TV_Jukebox_3.5\Setup.exe -d C:\Users\hwu.*****\Downloads\TV_Jukebox_3.5
Task: {AD9F5268-16CD-4434-BA38-E8D3112D8E74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B9A5170B-00DA-4CF1-A95C-6099FB9D09E0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CEAACBDE-5E15-4D5E-870A-A2C52C5E75FF} - System32\Tasks\{9F85CB71-0810-4F8E-98F2-DEDA35DA5725} => C:\Program Files (x86)\MMEDIA\TV Jukebox 3.0\tvjukeboxv30.exe
Task: {D14F873E-FFE0-418C-8892-7345422D82B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E56A8D7F-945F-4B81-B7C0-98582A7A3900} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E9119777-C0C8-4B16-9350-3A5CEF274B13} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-05-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-04-26 15:23 - 2011-01-03 19:53 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2013-04-26 15:23 - 2011-01-03 19:53 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2013-04-26 15:23 - 2011-01-03 21:53 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2013-04-26 15:23 - 2011-01-03 21:53 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2011-10-05 14:16 - 2011-10-05 14:16 - 00289056 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2011-01-03 19:54 - 2011-01-03 19:54 - 00047104 _____ () C:\Program Files\Trend Micro\Security Agent\boost_thread-vc80-mt-1_36.dll
2011-01-03 19:54 - 2011-01-03 19:54 - 00042496 _____ () C:\Program Files\Trend Micro\Security Agent\boost_date_time-vc80-mt-1_36.dll
2011-11-16 18:59 - 2011-11-16 18:59 - 00176640 _____ () C:\Program Files\Trend Micro\Security Agent\libTmHttpServer.dll
2011-11-16 18:59 - 2011-11-16 18:59 - 00167424 _____ () C:\Program Files\Trend Micro\Security Agent\libTmHttpClient.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 02:15 - 2010-12-21 02:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 17:08 - 2010-10-20 17:08 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1386967835-2426692312-148520297-1176\Control Panel\Desktop\\Wallpaper -> C:\Users\hwu.*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.18.11 - 192.168.18.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TmListen => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeChk => C:\Users\hwu.*****\AppData\Roaming\AdobeChk\chk.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: IR_SERVER => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: miblanrangof => C:\Users\hwu.*****\miblanrangof.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3558825690-141422522-473755175-500 - Administrator - Disabled)
Gast (S-1-5-21-3558825690-141422522-473755175-501 - Limited - Disabled)
serviceuser (S-1-5-21-3558825690-141422522-473755175-1000 - Administrator - Enabled) => C:\Users\serviceuser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2015 09:33:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 09:05:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 09:02:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:09:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:42:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2015 10:23:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2015 10:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 06:27:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 10:08:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2015 10:14:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/07/2015 10:16:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/07/2015 10:15:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/07/2015 09:34:24 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/07/2015 09:33:25 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/07/2015 09:31:31 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (04/02/2015 02:05:20 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/02/2015 02:04:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/02/2015 01:04:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/02/2015 01:03:49 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/02/2015 00:01:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (04/07/2015 09:33:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 09:05:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 09:02:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:09:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:42:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2015 10:23:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2015 10:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 06:27:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 10:08:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2015 10:14:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 42%
Total physical RAM: 4061.24 MB
Available physical RAM: 2349.32 MB
Total Pagefile: 10159.42 MB
Available Pagefile: 8402.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:143.09 GB) (Free:50.91 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:5.86 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Daaten) (Network) (Total:465.73 GB) (Free:359.71 GB) NTFS
Drive h: (Daaten) (Network) (Total:465.73 GB) (Free:359.71 GB) NTFS
Drive p: (Daaten) (Network) (Total:465.73 GB) (Free:359.71 GB) NTFS
Drive r: (Daaten) (Network) (Total:465.73 GB) (Free:359.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 9AE48D66)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=143.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Combofix Logfile:
Code:
ATTFilter
ComboFix 15-04-01.01 - hwu 07.04.2015  11:58:00.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4061.2718 [GMT 2:00]
ausgeführt von:: c:\users\hwu.*****\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.pol
C:\Thumbs.db
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0069E3AD-7734-4B4B-978E-195DB2A3227B}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{130BE979-2DD5-4B8E-85DA-3602546BA50C}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{141C435A-0352-432B-97FE-CC5359B508E8}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{147E0098-9A3A-49E4-9565-36444A74D986}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{156981D9-1DEE-419D-8651-C19962432B4B}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{15A54724-C02D-4EDD-8A17-A3F76838BBCA}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1AA8C91D-71DC-49F8-B628-FC75919FA25B}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1B37CCD9-42F4-4CB4-8479-E491C1E6B3CF}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1CE1EA24-9F33-48C4-A469-F69904DA5072}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1FD968FF-D9A3-4346-8853-5B343CF8A70E}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{24E6946F-4316-4E5C-BAAE-03FAE0C0BBD1}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2594C6B0-68E6-4EA2-86E9-E3D75681C5C2}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2BC49670-2F60-49AE-8ED3-53D133401024}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2CDC23D6-8BED-4D9F-8E8D-7D32DF3A1DB5}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E9DC0D2-3469-4512-BF93-2AE70E9C6439}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2FC9364C-6C5B-4E76-9BB1-A14BCA606880}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{323550C3-A13C-4251-A73D-C612D66E3CDD}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{32DA1E6F-10DC-4115-8F5B-DC5A8B9C759B}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{34BA78D6-876B-40B2-B685-31B14B4F11FC}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35A652C1-903A-4F1D-8C25-5368E649C1F4}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{38A78940-54A0-4594-88C1-28917459D41E}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D3F1A5B-1136-4FE1-AC22-E08C36C58BA1}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D5C6A98-5A72-4342-8C6D-0C65382DBE62}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3F21EE6F-2078-4931-AB09-27FA05851DD8}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{49BE2411-FEFA-482C-83A6-9550D4A78FEE}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{49DAEB67-FC2A-4752-93CE-AE75FE92F867}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50E6F95F-CCAB-4918-BE07-415234ED9FBD}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52A6CF78-6975-4411-8B55-D44DB9F0FF44}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5B252CBF-903F-4A64-BFCD-618AB939C57C}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5BE46558-25CB-435A-8D7B-D92DE4154E99}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5CF2AB67-A62F-4446-A40B-C0267486CA8A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63795872-AEA3-414B-B7DF-0CB70983C44B}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6585B2E8-3BE3-4E13-9B6A-7C48BA035D33}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{684AE93E-2CCA-406F-B771-8D5E7B254498}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C4E4D56-11B4-4164-B136-67671117ABFF}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7111C7E7-5109-4A97-8D61-583508B01BBD}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71E19C7A-ADD3-4BE8-99BA-A4ABB58CBD9A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72D9BB31-9C55-45A3-8B16-C94E62946342}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{749DF377-C398-4440-A5CF-558696E40D4F}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{799CA3B6-169B-4859-8DF1-80F1A187FE18}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C33E5CE-618C-4B78-82AC-65DD48485FA4}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{817AEFF6-63F5-4B3D-8697-098E3B04D555}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82CE2B67-DFF7-452D-86CF-038527C644C1}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{84663F54-45B6-4E93-BE16-D25FAD658E2F}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{876FA891-F00F-4807-84EB-D69411F3231E}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F540928-6065-48C1-98B4-1F2C7790E2C0}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F5BF257-2422-4B14-B5C2-46E5698ABD17}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9738A782-AF37-43AD-AEB8-2D000A2B404A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A5197AB-B44E-4BDE-B155-7AA938D698AC}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F22E003-4BA0-4E0F-AA5C-5B3C801650E2}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9FB3DDF4-9250-4766-AACA-7E541FE94DC6}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0E6192C-D982-4169-826A-609D522865E8}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1CDF01C-9CF5-4127-8C24-DEC604EF576A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A4DD77E4-5D59-45EF-BC36-DFF46D4E3C8D}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A594E8A9-760D-49BC-9176-00B946DD64F2}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A7A0E79E-6971-454D-A7F7-DBCB39A3A37B}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A9418980-D54A-42EC-AE35-27D55CB17A0D}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AE20C711-6140-451B-A486-40DE750FB791}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AEBF3788-8410-4110-BFF7-87A9B84BD596}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2DC0E7A-7FBE-4B88-BDE1-BDBE613899CF}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B3CE18BB-2CCF-46C7-B96E-FF43E987E434}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4199E09-4310-44C0-BDAA-4FA24F875ECD}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4DD3160-53B3-4283-8E8F-7EBB0F9DC79A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BB58E9CE-75DB-4935-B93A-1165478F85FF}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1B293AE-9727-4AF8-A909-C52B9EEA0005}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C550C7AA-EF5A-4707-BF30-5EAB6B67AA9D}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C597BE72-608E-4A61-A26A-1EEBFCD5FF19}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C70CDAD8-4508-49F2-B6DD-38E14494FAB5}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C937ADF3-75F2-47E4-A1DB-97ABC4C404B7}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC5C44C7-5490-4492-A759-73C2939D952A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D0FEDF04-BBFC-47F6-AD43-171686135D63}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D654D110-878A-4D92-9C4F-148D4A34E09D}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D6963523-72BC-4FA6-89F4-41EE24606A60}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D6BC1140-629B-446E-B3A0-8BDA7F49A88B}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7986490-1EB5-49DF-883C-790868A24778}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D93A2DCB-B4D0-4FA9-BB9A-7206D8E9B18A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DDEB7F81-1C58-4058-87BF-13C4A69483F8}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE56D43D-E70E-4CC0-8A65-7492F01FCAB2}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE672BC6-A0AE-476D-912A-E1F5F6FB0A7F}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DEC1F115-B1C9-4BE7-ABD0-31FF611256BC}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFC4602D-5927-4ECE-B5E5-26B281B6B1C1}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E104BDE5-81A1-4782-B001-123992CAAB42}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E52205DB-6811-4B0D-BD60-C8481E822C4D}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E60D64C6-2BA4-41D6-B4B1-6EE9447FAFCD}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E65630A8-C375-4384-B497-91DF93951116}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E981632C-3B90-4406-A51C-F4030738B0D9}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1D705A2-A206-4837-89D0-E8EF000A4B05}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F3034001-5926-4A9F-B3F1-54B1DC34CAC5}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F651A0FC-AF83-43A0-85CA-4FED49991202}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F8099862-4B16-477B-917B-0A5F34AE9671}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F86F8069-2E5C-4A35-872B-C9826E60E39A}.xps
c:\users\awa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE36F8BE-0354-4FD4-B3C1-27D428745E58}.xps
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-07 bis 2015-04-07  ))))))))))))))))))))))))))))))
.
.
2015-04-07 10:11 . 2015-04-07 10:11	--------	d-----w-	c:\users\swi.*****\AppData\Local\temp
2015-04-07 10:11 . 2015-04-07 10:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-07 10:11 . 2015-04-07 10:11	--------	d-----w-	c:\users\cga\AppData\Local\temp
2015-04-07 10:11 . 2015-04-07 10:11	--------	d-----w-	c:\users\awa.*****\AppData\Local\temp
2015-04-07 09:32 . 2015-04-07 09:36	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-31 12:09 . 2015-01-30 08:00	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM52x64.sys;c:\windows\SYSNATIVE\drivers\ifM52x64.sys [x]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP52X64.sys;c:\windows\SYSNATIVE\drivers\ifP52X64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-07 07:34	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 11:59]
.
2015-03-31 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2014-05-27 07:05]
.
2015-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 12:26]
.
2015-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 12:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-17 219480]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.18.11 192.168.18.1
FF - ProfilePath - 
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-sv.net - r:\ra\svnet\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-07  12:29:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-07 10:29
.
Vor Suchlauf: 18 Verzeichnis(se), 56.310.726.656 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 59.383.382.016 Bytes frei
.
- - End Of File - - BD81C8AAE10D8F5D489996CEC1685587
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows 7 Professional x64
Ran by hwu on 21.04.2015 at 15:11:36,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\hwu.*****\appdata\local\iac





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.04.2015 at 15:15:25,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

Alt 21.04.2015, 16:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Malware / Trojaner Schädlingsbeseitigung - Standard

Malware / Trojaner Schädlingsbeseitigung



hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________

__________________

Alt 22.04.2015, 13:52   #3
HtHNightwolf
 
Malware / Trojaner Schädlingsbeseitigung - Standard

Malware / Trojaner Schädlingsbeseitigung



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by hwu at 2015-04-22 14:45:00 Run:1
Running from C:\Users\hwu.GAPPMAYER\Downloads
Loaded Profiles: hwu (Available profiles: Serviceuser & awa & hwu & swi & hka & tvr & sku & dwa & serviceuser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
Emptytemp:
*****************

C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 14:47:53 ====
__________________

Alt 23.04.2015, 07:34   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Malware / Trojaner Schädlingsbeseitigung - Standard

Malware / Trojaner Schädlingsbeseitigung



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.04.2015, 08:21   #5
HtHNightwolf
 
Malware / Trojaner Schädlingsbeseitigung - Standard

Malware / Trojaner Schädlingsbeseitigung



Von unserer Seite aus nicht, vielen Dank.
Das war es?


Alt 23.04.2015, 14:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Malware / Trojaner Schädlingsbeseitigung - Standard

Malware / Trojaner Schädlingsbeseitigung



ja



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
--> Malware / Trojaner Schädlingsbeseitigung

Antwort

Themen zu Malware / Trojaner Schädlingsbeseitigung
adware, askbar, browser, combofix, cpu, defender, explorer, firefox, flash player, helper, home, kaspersky, malware, mozilla, object, programm, prozesse, realtek, registry, security, services.exe, svchost.exe, system, tracker, trojaner, warnung, windows




Ähnliche Themen: Malware / Trojaner Schädlingsbeseitigung


  1. malware und trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2015 (11)
  2. V9 Trojaner u. Malware auf dem PC
    Log-Analyse und Auswertung - 16.09.2015 (7)
  3. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  4. BKA-Trojaner und Malware
    Log-Analyse und Auswertung - 29.03.2013 (9)
  5. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  6. Trojaner und Malware
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  7. Malware Trojaner auf PC
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (16)
  8. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  9. Trojaner + Malware was tun?!
    Log-Analyse und Auswertung - 11.08.2011 (4)
  10. VLCsetup.exe Malware Trojaner? Malware Dropper!!
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (2)
  11. Malware, Trojaner?
    Log-Analyse und Auswertung - 31.08.2010 (20)
  12. Malware Trojaner ?
    Log-Analyse und Auswertung - 30.12.2009 (10)
  13. Trojaner/Malware?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (1)
  14. Zig Trojaner und Malware
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (31)
  15. Trojaner+Malware P2P
    Log-Analyse und Auswertung - 28.10.2008 (1)
  16. HELP...Trojaner und Malware auf´m PC!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (8)
  17. Trojaner/Malware
    Plagegeister aller Art und deren Bekämpfung - 10.08.2008 (1)

Zum Thema Malware / Trojaner Schädlingsbeseitigung - Hallo Trojaner-Board-Team, wie ich das mit cosinus in diesem Thread besprochen hatte, gibt es einen zweiten Rechner, der womöglich infiziert ist. Mögt ihr bitte schauen, ob sich nach Kaspersky und - Malware / Trojaner Schädlingsbeseitigung...
Archiv
Du betrachtest: Malware / Trojaner Schädlingsbeseitigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.