|
Plagegeister aller Art und deren Bekämpfung: BundestrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.03.2014, 10:15 | #16 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BundestrojanerZitat:
Bei der Softwareausstattung könnte man das schon meinen....
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 10:24 | #17 |
| Bundestrojaner Nein, ist es nicht ;-) Als Maschinenbaustudent benötigt man eben so manches Handwerkszeug.
__________________Ist der Trojaner nun vollständig entfernt? Geändert von Dieter R. (18.03.2014 um 10:40 Uhr) |
18.03.2014, 11:38 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Bevor es weitergeht wollte ich wissen warum diese teure Software da drauf ist
__________________Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
18.03.2014, 13:32 | #19 |
| Bundestrojaner Hier das Logfile: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.03.18.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Lubarda :: LUBI-PC [administrator] 18.03.2014 11:55:13 mbar-log-2014-03-18 (11-55-13).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 276179 Time elapsed: 27 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Lubi\AppData\Local\Temp\Low\Whot.dll (Trojan.FakeMS) -> Delete on reboot. C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) |
18.03.2014, 13:35 | #20 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BundestrojanerZitat:
Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 13:53 | #21 |
| Bundestrojaner Ok, habe das Office nun deinstalliert. |
18.03.2014, 13:59 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Hoffentlich alles Illegale Da MBAR was gefunden bitte nun einen neuen Lauf mit diesem Tool machen
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 14:02 | #23 |
| Bundestrojaner Habe es schon ein zweites Mal durchlaufen lassen und es wurde nichts gefunden ;-) |
18.03.2014, 14:19 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 15:25 | #25 |
| Bundestrojaner adwCleaner Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 14:23:22 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Lubi - LUBI-PC # Gestartet von : C:\Users\Lubi\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\Lubi\AppData\Local\Temp\OCS ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v21.0 (de) [ Datei : C:\Users\Lubi\AppData\Roaming\Mozilla\Firefox\Profiles\mpc7yvur.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ Datei : C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1279 octets] - [18/03/2014 14:22:29] AdwCleaner[S0].txt - [1158 octets] - [18/03/2014 14:23:22] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1218 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Professional x64 Ran by Lubi on 18.03.2014 at 14:30:46,11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18.03.2014 at 14:36:47,59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Lubi (administrator) on Lubi-PC on 18-03-2014 15:13:29 Running from C:\Users\Lubi\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (Hewlett-Packard) C:\Windows\system32\Hpservice.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Akamai Technologies, Inc.) C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Akamai Technologies, Inc.) C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (PortableApps.com) C:\Users\Lubi\Downloads\Notepad++Portable\Notepad++Portable.exe (Don HO don.h@free.fr) C:\Users\Lubi\Downloads\Notepad++Portable\App\Notepad++\notepad++.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /installquiet HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16406632 2010-02-27] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity) HKLM\...\Run: [] - [X] HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity) HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-21] (NEC Electronics Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [HP Connection Manager.exe] - [X] HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-28] (Microsoft Corporation) HKU\S-1-5-21-576883963-3904081357-3319189133-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.) HKU\S-1-5-21-576883963-3904081357-3319189133-1000\...\MountPoints2: {b7835ed5-c472-11e2-9e63-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe Lsa: [Notification Packages] DPPassFilter scecli ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0661223C8872CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Lubi\AppData\Roaming\Mozilla\Firefox\Profiles\mpc7yvur.default FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-18] CHR Extension: (Google Drive) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-24] CHR Extension: (YouTube) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-24] CHR Extension: (Google-Suche) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-24] CHR Extension: (Google Wallet) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Google Mail) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-24] ==================== Services (Whitelisted) ================= R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 CFD 2014 Server; C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe [374784 2013-03-01] (Autodesk, Inc.) R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.) R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-24] (DigitalPersona, Inc.) S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd) R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-18] (Hewlett-Packard Development Company, L.P) R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.) R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 2009-10-02] (Infineon Technologies AG) R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( ) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-10-02] (Infineon Technologies AG) R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.) R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [84808 2010-06-08] (Smith Micro Software, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-10-02] (Infineon Technologies AG) R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2009-10-01] (QUALCOMM Incorporated) R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [235008 2009-10-01] (QUALCOMM Incorporated) R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121216 2009-10-01] (QUALCOMM Incorporated) R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1798400 2009-12-18] () R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG) S3 cpuz134; \??\C:\Users\Lubi\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-18 15:10 - 2014-03-18 15:10 - 00000000 ____D () C:\N++RECOV 2014-03-18 14:36 - 2014-03-18 14:36 - 00000693 _____ () C:\Users\Lubi\Desktop\JRT.txt 2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Windows\ERUNT 2014-03-18 14:29 - 2014-03-18 14:30 - 01037734 _____ (Thisisu) C:\Users\Lubi\Downloads\JRT.exe 2014-03-18 14:27 - 2014-03-18 14:28 - 00001280 _____ () C:\Users\Lubi\Desktop\AdwCleaner[S0].txt 2014-03-18 14:26 - 2014-03-18 14:26 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-18 14:22 - 2014-03-18 14:23 - 00000000 ____D () C:\AdwCleaner 2014-03-18 14:21 - 2014-03-18 14:21 - 01950720 _____ () C:\Users\Lubi\Downloads\adwcleaner.exe 2014-03-18 11:55 - 2014-03-18 12:34 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-18 11:53 - 2014-03-18 12:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-18 11:53 - 2014-03-18 11:53 - 00000000 ____D () C:\Users\Lubi\mbar 2014-03-18 10:06 - 2014-03-18 10:06 - 00000000 ____D () C:\Users\Lubi\Downloads\Notepad++Portable 2014-03-18 09:59 - 2014-03-18 09:59 - 00030776 _____ () C:\Users\Lubi\Downloads\Addition.txt 2014-03-18 09:58 - 2014-03-18 15:13 - 00020130 _____ () C:\Users\Lubi\Downloads\FRST.txt 2014-03-18 09:57 - 2014-03-18 09:57 - 02157056 _____ (Farbar) C:\Users\Lubi\Downloads\FRST64.exe 2014-03-18 09:56 - 2014-03-18 09:56 - 01145856 _____ (Farbar) C:\Users\Lubi\Downloads\FRST.exe 2014-03-18 09:51 - 2014-03-18 09:51 - 00003416 ____N () C:\bootsqm.dat 2014-03-17 00:26 - 2014-03-18 15:13 - 00000000 ____D () C:\FRST 2014-03-12 09:03 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 09:03 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 09:03 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 09:03 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 09:03 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 09:03 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 09:03 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 09:03 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 09:03 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 09:03 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 09:03 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 09:03 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 09:03 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 09:03 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 09:03 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 09:03 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 09:03 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 09:03 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 09:03 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 09:03 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 09:03 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 09:03 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 09:03 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 09:03 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 09:03 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 09:03 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 09:03 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 09:03 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 09:03 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 09:03 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 09:03 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 09:03 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 09:03 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 09:03 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 09:03 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 09:03 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 09:03 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 09:03 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 09:03 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 09:03 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 09:03 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 09:03 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 09:03 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 09:03 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 09:00 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 09:00 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 09:00 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 09:00 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-02-26 14:18 - 2014-03-18 13:49 - 00191410 _____ () C:\Windows\PFRO.log ==================== One Month Modified Files and Folders ======= 2014-03-18 15:13 - 2014-03-18 09:58 - 00020130 _____ () C:\Users\Lubi\Downloads\FRST.txt 2014-03-18 15:13 - 2014-03-17 00:26 - 00000000 ____D () C:\FRST 2014-03-18 15:10 - 2014-03-18 15:10 - 00000000 ____D () C:\N++RECOV 2014-03-18 14:53 - 2013-05-24 16:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-18 14:36 - 2014-03-18 14:36 - 00000693 _____ () C:\Users\Lubi\Desktop\JRT.txt 2014-03-18 14:32 - 2009-07-14 05:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-18 14:32 - 2009-07-14 05:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Windows\ERUNT 2014-03-18 14:30 - 2014-03-18 14:29 - 01037734 _____ (Thisisu) C:\Users\Lubi\Downloads\JRT.exe 2014-03-18 14:29 - 2013-05-24 14:12 - 01053980 _____ () C:\Windows\WindowsUpdate.log 2014-03-18 14:28 - 2014-03-18 14:27 - 00001280 _____ () C:\Users\Lubi\Desktop\AdwCleaner[S0].txt 2014-03-18 14:26 - 2014-03-18 14:26 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-18 14:25 - 2013-05-24 16:21 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-18 14:25 - 2013-05-24 15:09 - 00000000 ____D () C:\ProgramData\HPQLOG 2014-03-18 14:24 - 2013-10-31 13:22 - 00020496 _____ () C:\Windows\setupact.log 2014-03-18 14:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-18 14:23 - 2014-03-18 14:22 - 00000000 ____D () C:\AdwCleaner 2014-03-18 14:21 - 2014-03-18 14:21 - 01950720 _____ () C:\Users\Lubi\Downloads\adwcleaner.exe 2014-03-18 13:51 - 2013-05-24 15:02 - 00183952 _____ () C:\Users\Lubi\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-18 13:49 - 2014-02-26 14:18 - 00191410 _____ () C:\Windows\PFRO.log 2014-03-18 13:49 - 2009-07-14 05:45 - 00590024 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-18 13:47 - 2013-05-24 16:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-18 13:46 - 2013-05-24 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-03-18 13:46 - 2013-05-24 14:25 - 00000000 ___RD () C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-18 13:46 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\ShellNew 2014-03-18 13:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-03-18 13:45 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini 2014-03-18 13:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-18 12:35 - 2009-08-30 06:25 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-03-18 12:35 - 2009-08-30 06:25 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-03-18 12:35 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-18 12:34 - 2014-03-18 11:55 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-18 12:34 - 2014-03-18 11:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-18 12:27 - 2013-05-26 09:27 - 00000000 ____D () C:\Windows\HPQ 2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-18 11:53 - 2014-03-18 11:53 - 00000000 ____D () C:\Users\Lubi\mbar 2014-03-18 11:53 - 2013-05-24 14:25 - 00000000 ____D () C:\Users\Lubi 2014-03-18 10:56 - 2013-05-24 16:39 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Akamai 2014-03-18 10:06 - 2014-03-18 10:06 - 00000000 ____D () C:\Users\Lubi\Downloads\Notepad++Portable 2014-03-18 09:59 - 2014-03-18 09:59 - 00030776 _____ () C:\Users\Lubi\Downloads\Addition.txt 2014-03-18 09:57 - 2014-03-18 09:57 - 02157056 _____ (Farbar) C:\Users\Lubi\Downloads\FRST64.exe 2014-03-18 09:56 - 2014-03-18 09:56 - 01145856 _____ (Farbar) C:\Users\Lubi\Downloads\FRST.exe 2014-03-18 09:51 - 2014-03-18 09:51 - 00003416 ____N () C:\bootsqm.dat 2014-03-14 07:39 - 2013-05-24 15:10 - 00000000 ____D () C:\ProgramData\PDFC 2014-03-13 16:44 - 2014-02-04 14:32 - 00000000 ____D () C:\Users\Lubi\AppData\Roaming\Spotify 2014-03-13 09:07 - 2013-05-24 16:18 - 00000000 ____D () C:\Users\Lubi\Documents\Outlook-Dateien 2014-03-11 08:56 - 2014-02-04 14:32 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Spotify 2014-03-10 14:28 - 2013-09-03 17:23 - 00000000 ____D () C:\Users\Lubi\Desktop\Blech und Technik 2014-03-10 14:25 - 2013-05-24 15:52 - 00000000 ____D () C:\Users\Public\Documents\Bewerbung 2014-03-10 09:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-01 07:05 - 2014-03-12 09:03 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-12 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-12 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-12 09:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-12 09:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-12 09:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-12 09:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-12 09:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-12 09:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-12 09:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-12 09:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-12 09:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-12 09:03 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-12 09:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-12 09:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-12 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-12 09:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-12 09:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-12 09:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-12 09:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-12 09:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-12 09:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-12 09:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-12 09:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-12 09:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-12 09:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-12 09:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-12 09:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-12 09:03 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-12 09:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-12 09:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 09:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 09:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-12 09:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-12 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 09:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 09:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 09:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 09:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 09:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 22:53 - 2013-05-24 17:17 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-27 08:17 - 2013-05-24 15:33 - 00000000 ____D () C:\Users\Lubi\AppData\Local\PDFC 2014-02-25 21:43 - 2013-11-05 15:29 - 00000000 ____D () C:\Users\Lubi\.maplesoft Some content of TEMP: ==================== C:\Users\Lubi\AppData\Local\Temp\avgnt.exe C:\Users\Lubi\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 14:52 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Lubi at 2014-03-18 15:13:43 Running from C:\Users\Lubi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems) Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.) Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.) Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (HKLM\...\{B46DECD1-1764-4EF1-0000-22D71E81877C}) (Version: 17.0.13800.0000 - Autodesk) Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.) Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2013 R1 (HKLM\...\Autodesk Inventor Fusion 2013 R1) (Version: 3.0.0.5 - Autodesk, Inc.) Autodesk Inventor Fusion 2013 R1 (Version: 3.0.0.5 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion for Inventor 2013 Add-in (HKLM\...\{08BCFE15-8AA1-4A58-B018-4FEF486BA922}) (Version: 1.0.0.111 - Autodesk) Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000 - Autodesk) Hidden Autodesk Inventor Professional 2013 Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2013) (Version: 17.0.13800.0000 - Autodesk) Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000 - Autodesk) Hidden Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk) Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk) Autodesk Simulation CFD 2014 (HKLM\...\Simulation CFD 2014) (Version: 14.0.0.0 - Autodesk) Autodesk Simulation CFD Viewer 2014 (HKLM-x32\...\{F273D6E8-4D51-46B1-8515-8B1B759AE760}) (Version: 14.0.0.0 - Autodesk) Autodesk Simulation Mechanical 2014 (HKLM\...\Autodesk Simulation Mechanical 2014) (Version: 2014.00.00.0513 - Autodesk, Inc.) Autodesk Simulation Mechanical 2014 (Version: 2014.00.00.0513 - Autodesk, Inc.) Hidden Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.) Autodesk Vault Basic 2013 (Client) (HKLM-x32\...\Autodesk Vault Basic 2013 (Client)) (Version: 17.0.61.0 - Autodesk) Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0 - Autodesk) Hidden Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0 - Autodesk) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.4 - Hewlett-Packard) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Drive Encryption for HP ProtectTools (HKLM\...\{3757846C-2E0E-4860-886A-2EE0FAEB7D56}) (Version: 5.0.2.10 - Hewlett-Packard) DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk) DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden Eco Materials Adviser for Autodesk Inventor 2013 (HKLM\...\{792A9A32-718A-40D1-9867-A903F76AE2F8}) (Version: 3.9.12.0 - Granta Design Limited) Embedded Security for HP ProtectTools (HKLM\...\{544A04F6-28FD-4C24-A34D-FC2B89222505}) (Version: 5.7.000 - Hewlett-Packard) File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.1 - Hewlett-Packard) Formelsammlung Roloff-Matek (HKLM-x32\...\Formelsammlung Roloff-Matek) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}) (Version: 4.0.4.1 - Hewlett-Packard) HP Business Card Reader (HKLM-x32\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - Hewlett-Packard) HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard) HP Connection Manager (HKLM-x32\...\{EBF2741D-5A35-4509-AD94-F07C18D0CE19}) (Version: 3.3.0 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden HP ESU for Microsoft Windows 7 (HKLM-x32\...\{E33B9BEB-305A-425B-88AF-DADFB7BB0D1E}) (Version: 1.1.1.1 - Hewlett-Packard Company) HP Power Assistant (HKLM\...\{58EF063D-3A99-4B76-BD1A-713B23364858}) (Version: 1.0.2.4 - Hewlett-Packard) HP Power Data (HKLM\...\{7F41676C-B432-4360-B988-99D11095F3C1}) (Version: 1.0.11.114 - Hewlett-Packard) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.03.635 - Hewlett-Packard) HP ProtectTools Security Manager (Version: 5.03.635 - Hewlett-Packard) Hidden HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}) (Version: 4.3.1.2 - Hewlett-Packard) HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio) HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.5 - Sonix) HP Wireless Assistant (HKLM\...\{6AF618BF-C95B-4049-B7B4-1388469F1E0C}) (Version: 4.0.2.4 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6268.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java Card Security for HP ProtectTools (HKLM\...\{80B7BAE0-5728-4E5D-BA99-DBA497F8A869}) (Version: 5.0.4.1 - Hewlett-Packard) Maple 15 (HKLM\...\Maple 15) (Version: - Maplesoft) Maple 15 (HKLM-x32\...\Maple 15) (Version: 15.0.0.0 - Maplesoft) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 21.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden NeuroCheck 6.0 (HKLM\...\{2653BD07-0238-4E3C-BD3A-4D9FD384310A}) (Version: 6.0.70.0 - NeuroCheck GmbH) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.00 - NVIDIA Corporation) OpenVPN 2.1.1 (HKLM-x32\...\OpenVPN) (Version: 2.1.1 - ) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc) Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{2E512A6C-AABE-414D-B52D-3E434D291989}) (Version: 1.1.18 - QUALCOMM) RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Roxio Creator Business v10 (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Tools (x32 Version: 3.8.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio MyDVD (x32 Version: 10.3.349 - Roxio) Hidden Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (HKLM\...\{D25FF5C1-1764-469A-9794-69309387C193}) (Version: 17.0.13800.0000 - Autodesk) Simulation CFD 2014 (Version: 14.0.0.0 - Autodesk) Hidden Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated) Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard) Validity Fingerprint Driver (HKLM\...\{BE9ED4AF-949C-4B95-B2FD-0A2F228A7689}) (Version: 4.0.8.0 - Validity Sensors, Inc.) VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN) WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00a of 2009-Dec-03 (Build 129) (Setup) - WIBU-SYSTEMS AG) Wiederbeschaffung bei Diebstahl (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows 7 Default Setting (HKLM-x32\...\{CC63C5BD-5096-4044-AC12-0FC6F1A6028D}) (Version: 1.0.1.5 - Hewlett-Packard Company) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {4D35D023-32A0-4ABC-93CA-85B37D67A879} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-10] (Hewlett-Packard) Task: {5BA5E290-C1D8-408D-A5E9-E0B872EE29B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {71DBFF87-F8B5-4547-84C5-5FC02C9D4A30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8DF65D37-FF2B-4051-AB33-BE9D37BE63FB} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-10] (Hewlett-Packard) Task: {D6B7CCC5-6109-4399-874A-F0CC617A777B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.) Task: {F02B5695-4CD9-4848-A51A-DD0C2F1CEFCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-09-21 14:04 - 2009-09-21 14:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2009-10-28 16:57 - 2009-10-28 16:57 - 00100864 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2009-11-19 14:14 - 2009-11-19 14:14 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll 2009-11-19 14:14 - 2009-11-19 14:14 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll 2009-11-19 14:11 - 2009-11-19 14:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll 2009-11-19 14:11 - 2009-11-19 14:11 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll 2012-02-05 21:14 - 2012-02-05 21:14 - 00498176 _____ () C:\Program Files\Autodesk\Autodesk Sync\log4cplusU.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00055232 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00917952 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00043968 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00222656 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll 2013-05-24 15:56 - 2013-01-25 09:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2010-06-08 05:51 - 2010-06-08 05:51 - 00171864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll 2014-03-18 15:10 - 2014-03-18 15:10 - 00011264 _____ () C:\Users\Lubi\AppData\Local\Temp\nsrDE11.tmp\System.dll 2014-03-18 15:10 - 2014-03-18 15:10 - 00008704 _____ () C:\Users\Lubi\AppData\Local\Temp\nsrDE11.tmp\newadvsplash.dll 2014-03-18 15:10 - 2014-03-18 15:10 - 00029696 _____ () C:\Users\Lubi\AppData\Local\Temp\nsrDE11.tmp\registry.dll 2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () C:\Users\Lubi\Downloads\Notepad++Portable\App\Notepad++\plugins\NppExport.dll 2014-01-07 00:42 - 2014-01-07 00:42 - 01611264 _____ () C:\Users\Lubi\Downloads\Notepad++Portable\App\Notepad++\plugins\NppFTP.dll 2014-03-18 11:16 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-18 11:16 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-18 11:16 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-18 11:16 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-18 11:16 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-18 11:16 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-03-18 11:16 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8047.38 MB Available physical RAM: 5664.09 MB Total Pagefile: 16092.94 MB Available Pagefile: 13054.43 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:448.46 GB) (Free:326.88 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:14.91 GB) NTFS Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAF111DB) Partition: GPT Partition Type. ==================== End Of Log ============================ |
18.03.2014, 15:30 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 23:14 | #27 |
| Bundestrojaner ESET Online Scanner hat kein Logfile hinterlassen, konnte jedoch ausser den beiden Dateien in der Quarantäne (im Verzeichnis C:\FRST\Quarantine) nichts finden. Schätze, der Trojaner ist nun endgültig bezwungen? ;-) |
19.03.2014, 12:09 | #28 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Ist doch beschrieben wo ESET das Log ablegt Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Bundestrojaner |
.exe, 64bit, anhang, bereits, bundes, bundestrojaner, entferne, entfernen, erstell, erstellt, frst64.exe, gestern, hilfe, laptop, logfile, programm, vorgehen, windows, windows 7 |