|
Plagegeister aller Art und deren Bekämpfung: BundestrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.03.2014, 15:55 | #1 |
| Bundestrojaner Hallo, ich habe seit gestern den Bundestrojaner auf meinem Laptop (Windows 7, 64Bit). Ich habe bereits mittels dem Programm "frst64.exe" ein Logfile erstellt, was im Anhang zu finden ist. Wie kann ich nun weiter vorgehen, um den Trojaner zu entfernen? Vielen Dank für die Hilfe, Dieter R. |
16.03.2014, 16:02 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Hi,
__________________Logs bitte nicht in den Anhang stecken Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
16.03.2014, 19:29 | #3 |
| Bundestrojaner Danke, dann hier einmal richtig ;-) :
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by SYSTEM on MININT-GFSVC0O on 16-03-2014 15:26:45 Running from H:\ Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-28] (IDT, Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /installquiet HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16406632 2010-02-26] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity) HKLM\...\Run: [] - [X] HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity) HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [HP Connection Manager.exe] - [X] HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-03] (Hewlett-Packard) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation) HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-12] (Sonic Solutions) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\Lubi\...\Run: [Akamai NetSession Interface] - C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-25] (Akamai Technologies, Inc.) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvbn10t.lnk ShortcutTarget: fvbn10t.lnk -> C:\ProgramData\t01nbvf.cpp (Microsoft Corporation) Startup: C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity) S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S2 CFD 2014 Server; C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe [374784 2013-02-28] (Autodesk, Inc.) S3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-10] (McAfee, Inc.) S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-24] (DigitalPersona, Inc.) S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd) S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-18] (Hewlett-Packard Development Company, L.P) S2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-10] (McAfee, Inc.) S2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) S2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 2009-10-02] (Infineon Technologies AG) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-30] ( ) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-11] () S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) S2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-10-02] (Infineon Technologies AG) S2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.) S2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [84808 2010-06-07] (Smith Micro Software, Inc.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-28] (IDT, Inc.) S2 Winmgmt; C:\ProgramData\fvbn10t.zvv [332536 2014-03-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) S1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-10-02] (Infineon Technologies AG) S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2009-10-01] (QUALCOMM Incorporated) S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [235008 2009-10-01] (QUALCOMM Incorporated) S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121216 2009-10-01] (QUALCOMM Incorporated) S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-10] (McAfee, Inc.) S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-10] (McAfee, Inc.) S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-10] (McAfee, Inc.) S0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-10] (McAfee, Inc.) S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) S0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-10] (McAfee, Inc.) S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-10] (McAfee, Inc.) S0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-10] (McAfee, Inc.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1798400 2009-12-18] () S2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-02] (WIBU-SYSTEMS AG) S3 cpuz134; \??\C:\Users\Lubi\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-16 15:26 - 2014-03-16 15:26 - 00000000 ____D () C:\FRST 2014-03-13 22:43 - 2014-03-13 22:45 - 95027928 ____T () C:\ProgramData\fvbn10t.fee 2014-03-13 22:43 - 2014-03-13 22:43 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\fvbn10t.zvv 2014-03-13 22:43 - 2014-03-13 22:43 - 00228393 _____ (Microsoft Corporation) C:\ProgramData\t01nbvf.cpp 2014-03-12 00:03 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-03-12 00:03 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-03-12 00:03 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-03-12 00:03 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-03-12 00:03 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-03-12 00:03 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-03-12 00:03 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-03-12 00:03 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-03-12 00:03 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-03-12 00:03 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-03-12 00:03 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-03-12 00:03 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-03-12 00:03 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 00:03 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-12 00:03 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-03-12 00:03 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 00:03 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-03-12 00:03 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-03-12 00:03 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 00:03 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 00:03 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 00:03 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 00:03 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 00:03 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-03-12 00:03 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 00:03 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 00:03 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 00:03 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-03-12 00:03 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-03-12 00:03 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 00:03 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 00:03 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-03-12 00:03 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 00:03 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 00:03 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 00:03 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-03-12 00:03 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 00:03 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 00:03 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-03-12 00:03 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 00:03 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-03-12 00:03 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll 2014-03-12 00:03 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 00:03 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2014-03-12 00:00 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2014-03-12 00:00 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2014-03-12 00:00 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 00:00 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-02-26 05:18 - 2014-02-26 05:18 - 00190090 _____ () C:\Windows\PFRO.log 2014-02-17 02:26 - 2014-02-17 02:26 - 01388376 _____ () C:\Users\Lubi\Downloads\8MSA3.zip ==================== One Month Modified Files and Folders ======= 2014-03-16 15:26 - 2014-03-16 15:26 - 00000000 ____D () C:\FRST 2014-03-16 06:21 - 2013-05-24 05:12 - 02034840 _____ () C:\Windows\WindowsUpdate.log 2014-03-16 06:13 - 2013-05-28 07:16 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-16 06:13 - 2013-05-24 07:21 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-16 06:12 - 2009-07-13 20:45 - 00009712 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-16 06:12 - 2009-07-13 20:45 - 00009712 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-16 06:07 - 2013-05-24 06:09 - 00000000 ____D () C:\ProgramData\HPQLOG 2014-03-16 06:02 - 2013-10-31 04:22 - 00020104 _____ () C:\Windows\setupact.log 2014-03-16 06:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-13 22:53 - 2013-05-24 07:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-13 22:45 - 2014-03-13 22:43 - 95027928 ____T () C:\ProgramData\fvbn10t.fee 2014-03-13 22:43 - 2014-03-13 22:43 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\fvbn10t.zvv 2014-03-13 22:43 - 2014-03-13 22:43 - 00228393 _____ (Microsoft Corporation) C:\ProgramData\t01nbvf.cpp 2014-03-13 22:41 - 2013-05-24 07:39 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Akamai 2014-03-13 22:39 - 2013-05-24 06:10 - 00000000 ____D () C:\ProgramData\PDFC 2014-03-13 07:44 - 2014-02-04 05:32 - 00000000 ____D () C:\Users\Lubi\AppData\Roaming\Spotify 2014-03-13 00:07 - 2013-05-24 07:18 - 00000000 ____D () C:\Users\Lubi\Documents\Outlook-Dateien 2014-03-12 05:20 - 2009-07-13 20:45 - 00593800 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-03-11 04:35 - 2009-08-29 21:25 - 00699666 _____ () C:\Windows\System32\perfh007.dat 2014-03-11 04:35 - 2009-08-29 21:25 - 00149774 _____ () C:\Windows\System32\perfc007.dat 2014-03-11 04:35 - 2009-07-13 21:13 - 01620612 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-10 23:56 - 2014-02-04 05:32 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Spotify 2014-03-10 05:28 - 2013-09-03 08:23 - 00000000 ____D () C:\Users\Lubi\Desktop\Blech und Technik 2014-03-10 05:25 - 2013-05-24 06:52 - 00000000 ____D () C:\Users\Public\Documents\Bewerbung 2014-03-10 00:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF 2014-02-28 22:05 - 2014-03-12 00:03 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-28 21:17 - 2014-03-12 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-28 21:16 - 2014-03-12 00:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-02-28 20:58 - 2014-03-12 00:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-28 20:52 - 2014-03-12 00:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-28 20:51 - 2014-03-12 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-02-28 20:42 - 2014-03-12 00:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-28 20:40 - 2014-03-12 00:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-28 20:37 - 2014-03-12 00:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-02-28 20:33 - 2014-03-12 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-02-28 20:33 - 2014-03-12 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-02-28 20:32 - 2014-03-12 00:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-02-28 20:30 - 2014-03-12 00:03 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-28 20:23 - 2014-03-12 00:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-02-28 20:17 - 2014-03-12 00:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-28 20:11 - 2014-03-12 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-28 20:02 - 2014-03-12 00:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-28 19:54 - 2014-03-12 00:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-28 19:52 - 2014-03-12 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-28 19:51 - 2014-03-12 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-28 19:47 - 2014-03-12 00:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-28 19:43 - 2014-03-12 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-28 19:43 - 2014-03-12 00:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-28 19:42 - 2014-03-12 00:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-28 19:40 - 2014-03-12 00:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-28 19:38 - 2014-03-12 00:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-28 19:37 - 2014-03-12 00:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-28 19:35 - 2014-03-12 00:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-02-28 19:18 - 2014-03-12 00:03 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-28 19:16 - 2014-03-12 00:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-28 19:14 - 2014-03-12 00:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-28 19:10 - 2014-03-12 00:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-28 19:03 - 2014-03-12 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-28 19:00 - 2014-03-12 00:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-28 18:57 - 2014-03-12 00:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-28 18:38 - 2014-03-12 00:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-28 18:32 - 2014-03-12 00:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-28 18:27 - 2014-03-12 00:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-28 18:25 - 2014-03-12 00:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-02-28 18:25 - 2014-03-12 00:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 13:53 - 2013-05-24 08:17 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-26 23:17 - 2013-05-24 06:33 - 00000000 ____D () C:\Users\Lubi\AppData\Local\PDFC 2014-02-26 05:18 - 2014-02-26 05:18 - 00190090 _____ () C:\Windows\PFRO.log 2014-02-25 12:43 - 2013-11-05 06:29 - 00000000 ____D () C:\Users\Lubi\.maplesoft 2014-02-17 02:26 - 2014-02-17 02:26 - 01388376 _____ () C:\Users\Lubi\Downloads\8MSA3.zip 2014-02-15 01:48 - 2013-05-24 07:21 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-15 01:48 - 2013-05-24 07:21 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Files to move or delete: ==================== C:\ProgramData\fvbn10t.fee C:\ProgramData\fvbn10t.zvv Some content of TEMP: ==================== C:\Users\Lubi\AppData\Local\Temp\AcDeltree.exe C:\Users\Lubi\AppData\Local\Temp\avgnt.exe C:\Users\Lubi\AppData\Local\Temp\FileSystemView.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-03-10 06:00:05 Restore point made on: 2014-03-10 06:00:12 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8047.38 MB Available physical RAM: 7115.18 MB Total Pagefile: 8045.53 MB Available Pagefile: 7111.5 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:448.46 GB) (Free:324.19 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:14.91 GB) NTFS Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32 Drive h: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAF111DB) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 248 MB) (Disk ID: 6E652072) No partition Table on disk 1. LastRegBack: 2014-03-10 05:52 ==================== End Of Log ============================ |
16.03.2014, 20:18 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Startet Windows nicht mehr normal?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.03.2014, 22:11 | #5 |
| Bundestrojaner Das Betriebssystem fährt wie gewöhnlich hoch, jedoch dauert es außergewöhnlich lange, bis der Anmeldebildschirm kommt. Nachdem ich mein Kennwort eingegeben habe, startet der Desktop und kurz darauf kommt der bekannte Sperrbildschirm mit den Inhalten des Trojaners (es seien illegale Inhalte gefunden worden, ...). |
16.03.2014, 22:30 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] Startup: C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvbn10t.lnk ShortcutTarget: fvbn10t.lnk -> C:\ProgramData\t01nbvf.cpp (Microsoft Corporation) C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvbn10t.lnk C:\ProgramData\t01nbvf.cpp
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ --> Bundestrojaner |
16.03.2014, 23:59 | #7 |
| Bundestrojaner Danke für die schnelle Hilfe! Hier der Dateiinhalt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by SYSTEM at 2014-03-16 23:56:08 Run:1 Running from H:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] Startup: C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvbn10t.lnk ShortcutTarget: fvbn10t.lnk -> C:\ProgramData\t01nbvf.cpp (Microsoft Corporation) C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvbn10t.lnk C:\ProgramData\t01nbvf.cpp ***************** HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP => Key deleted successfully. C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvbn10t.lnk => Moved successfully. C:\ProgramData\t01nbvf.cpp => Moved successfully. "C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvbn10t.lnk" => File/Directory not found. "C:\ProgramData\t01nbvf.cpp" => File/Directory not found. ==== End of Fixlog ==== |
17.03.2014, 00:46 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Startet Windows wieder normal?
__________________ Logfiles bitte immer in CODE-Tags posten |
17.03.2014, 22:44 | #9 |
| Bundestrojaner Nein, jetzt kommt die Startseite, in welcher ich meinen Benutzer auswählen und das Passwort eingeben kann nicht mehr. Weißt du woran das liegen könnte? Der Bildschirm sieht wie in etwa dieser aus: (Quelle: hxxp://www.overclock.net/t/791565/windows-7-boot-from-cd-problem) Edit: Nach 10 Minuten Wartezeit wurden mir jetzt doch noch alle verfügbaren Benutzer angezeigt. Nach dem Anmelden erscheint die Fehlermeldung "Problem beim Starten von t01nbvf.cpp Das angegebene Modul wurde nicht gefunden". Der Trojaner scheint noch nicht ganz entfernt zu sein, stimmts? Geändert von Dieter R. (17.03.2014 um 22:50 Uhr) |
17.03.2014, 23:11 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Neues Log mit FRST machen
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 07:58 | #11 |
| Bundestrojaner Ein weiterer Durchlauf ergab: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by SYSTEM on MININT-0GFBVU6 on 18-03-2014 07:52:21 Running from H:\ Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-28] (IDT, Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /installquiet HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16406632 2010-02-26] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity) HKLM\...\Run: [] - [X] HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity) HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [HP Connection Manager.exe] - [X] HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-03] (Hewlett-Packard) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation) HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-12] (Sonic Solutions) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, HKU\Lubi\...\Run: [Akamai NetSession Interface] - C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-25] (Akamai Technologies, Inc.) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity) S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S2 CFD 2014 Server; C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe [374784 2013-02-28] (Autodesk, Inc.) S3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-10] (McAfee, Inc.) S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-24] (DigitalPersona, Inc.) S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd) S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-18] (Hewlett-Packard Development Company, L.P) S2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-10] (McAfee, Inc.) S2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) S2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 2009-10-02] (Infineon Technologies AG) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-30] ( ) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-11] () S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) S2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-10-02] (Infineon Technologies AG) S2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.) S2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [84808 2010-06-07] (Smith Micro Software, Inc.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-28] (IDT, Inc.) S2 Winmgmt; C:\ProgramData\fvbn10t.zvv [332536 2014-03-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) S1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-10-02] (Infineon Technologies AG) S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2009-10-01] (QUALCOMM Incorporated) S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [235008 2009-10-01] (QUALCOMM Incorporated) S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121216 2009-10-01] (QUALCOMM Incorporated) S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-10] (McAfee, Inc.) S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-10] (McAfee, Inc.) S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-10] (McAfee, Inc.) S0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-10] (McAfee, Inc.) S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) S0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-10] (McAfee, Inc.) S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-10] (McAfee, Inc.) S0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-10] (McAfee, Inc.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1798400 2009-12-18] () S2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-02] (WIBU-SYSTEMS AG) S3 cpuz134; \??\C:\Users\Lubi\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-16 15:26 - 2014-03-18 07:52 - 00000000 ____D () C:\FRST 2014-03-13 22:43 - 2014-03-13 22:45 - 95027928 ____T () C:\ProgramData\fvbn10t.fee 2014-03-13 22:43 - 2014-03-13 22:43 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\fvbn10t.zvv 2014-03-12 00:03 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-03-12 00:03 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-03-12 00:03 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-03-12 00:03 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-03-12 00:03 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-03-12 00:03 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-03-12 00:03 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-03-12 00:03 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-03-12 00:03 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-03-12 00:03 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-03-12 00:03 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-03-12 00:03 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-03-12 00:03 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 00:03 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-12 00:03 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-03-12 00:03 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 00:03 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-03-12 00:03 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-03-12 00:03 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 00:03 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 00:03 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 00:03 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 00:03 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 00:03 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-03-12 00:03 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 00:03 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 00:03 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 00:03 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-03-12 00:03 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-03-12 00:03 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 00:03 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 00:03 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-03-12 00:03 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 00:03 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 00:03 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 00:03 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-03-12 00:03 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 00:03 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 00:03 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-03-12 00:03 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 00:03 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-03-12 00:03 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll 2014-03-12 00:03 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 00:03 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2014-03-12 00:00 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2014-03-12 00:00 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2014-03-12 00:00 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 00:00 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-02-26 05:18 - 2014-02-26 05:18 - 00190090 _____ () C:\Windows\PFRO.log 2014-02-17 02:26 - 2014-02-17 02:26 - 01388376 _____ () C:\Users\Lubi\Downloads\8MSA3.zip ==================== One Month Modified Files and Folders ======= 2014-03-18 07:52 - 2014-03-16 15:26 - 00000000 ____D () C:\FRST 2014-03-17 13:57 - 2013-05-24 05:12 - 02045095 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 13:53 - 2013-05-24 07:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 13:47 - 2013-05-28 07:16 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-17 13:47 - 2013-05-24 07:21 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 13:43 - 2009-07-13 20:45 - 00009712 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 13:43 - 2009-07-13 20:45 - 00009712 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 13:39 - 2013-05-24 06:09 - 00000000 ____D () C:\ProgramData\HPQLOG 2014-03-17 13:34 - 2013-10-31 04:22 - 00020272 _____ () C:\Windows\setupact.log 2014-03-17 13:34 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-13 22:45 - 2014-03-13 22:43 - 95027928 ____T () C:\ProgramData\fvbn10t.fee 2014-03-13 22:43 - 2014-03-13 22:43 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\fvbn10t.zvv 2014-03-13 22:41 - 2013-05-24 07:39 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Akamai 2014-03-13 22:39 - 2013-05-24 06:10 - 00000000 ____D () C:\ProgramData\PDFC 2014-03-13 07:44 - 2014-02-04 05:32 - 00000000 ____D () C:\Users\Lubi\AppData\Roaming\Spotify 2014-03-13 00:07 - 2013-05-24 07:18 - 00000000 ____D () C:\Users\Lubi\Documents\Outlook-Dateien 2014-03-12 05:20 - 2009-07-13 20:45 - 00593800 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-03-11 04:35 - 2009-08-29 21:25 - 00699666 _____ () C:\Windows\System32\perfh007.dat 2014-03-11 04:35 - 2009-08-29 21:25 - 00149774 _____ () C:\Windows\System32\perfc007.dat 2014-03-11 04:35 - 2009-07-13 21:13 - 01620612 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-10 23:56 - 2014-02-04 05:32 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Spotify 2014-03-10 05:28 - 2013-09-03 08:23 - 00000000 ____D () C:\Users\Lubi\Desktop\Blech und Technik 2014-03-10 05:25 - 2013-05-24 06:52 - 00000000 ____D () C:\Users\Public\Documents\Bewerbung 2014-03-10 00:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF 2014-02-28 22:05 - 2014-03-12 00:03 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-28 21:17 - 2014-03-12 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-28 21:16 - 2014-03-12 00:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-02-28 20:58 - 2014-03-12 00:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-28 20:52 - 2014-03-12 00:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-28 20:51 - 2014-03-12 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-02-28 20:42 - 2014-03-12 00:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-28 20:40 - 2014-03-12 00:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-28 20:37 - 2014-03-12 00:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-02-28 20:33 - 2014-03-12 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-02-28 20:33 - 2014-03-12 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-02-28 20:32 - 2014-03-12 00:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-02-28 20:30 - 2014-03-12 00:03 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-28 20:23 - 2014-03-12 00:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-02-28 20:17 - 2014-03-12 00:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-28 20:11 - 2014-03-12 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-28 20:02 - 2014-03-12 00:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-28 19:54 - 2014-03-12 00:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-28 19:52 - 2014-03-12 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-28 19:51 - 2014-03-12 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-28 19:47 - 2014-03-12 00:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-28 19:43 - 2014-03-12 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-28 19:43 - 2014-03-12 00:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-28 19:42 - 2014-03-12 00:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-28 19:40 - 2014-03-12 00:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-28 19:38 - 2014-03-12 00:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-28 19:37 - 2014-03-12 00:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-28 19:35 - 2014-03-12 00:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-02-28 19:18 - 2014-03-12 00:03 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-28 19:16 - 2014-03-12 00:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-28 19:14 - 2014-03-12 00:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-28 19:10 - 2014-03-12 00:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-28 19:03 - 2014-03-12 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-28 19:00 - 2014-03-12 00:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-28 18:57 - 2014-03-12 00:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-28 18:38 - 2014-03-12 00:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-28 18:32 - 2014-03-12 00:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-28 18:27 - 2014-03-12 00:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-28 18:25 - 2014-03-12 00:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-02-28 18:25 - 2014-03-12 00:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 13:53 - 2013-05-24 08:17 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-26 23:17 - 2013-05-24 06:33 - 00000000 ____D () C:\Users\Lubi\AppData\Local\PDFC 2014-02-26 05:18 - 2014-02-26 05:18 - 00190090 _____ () C:\Windows\PFRO.log 2014-02-25 12:43 - 2013-11-05 06:29 - 00000000 ____D () C:\Users\Lubi\.maplesoft 2014-02-17 02:26 - 2014-02-17 02:26 - 01388376 _____ () C:\Users\Lubi\Downloads\8MSA3.zip Files to move or delete: ==================== C:\ProgramData\fvbn10t.fee C:\ProgramData\fvbn10t.zvv Some content of TEMP: ==================== C:\Users\Lubi\AppData\Local\Temp\AcDeltree.exe C:\Users\Lubi\AppData\Local\Temp\avgnt.exe C:\Users\Lubi\AppData\Local\Temp\FileSystemView.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-03-10 06:00:05 Restore point made on: 2014-03-10 06:00:12 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8047.38 MB Available physical RAM: 7115.91 MB Total Pagefile: 8045.53 MB Available Pagefile: 7112.72 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:448.46 GB) (Free:324.35 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:14.91 GB) NTFS Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32 Drive h: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAF111DB) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 248 MB) (Disk ID: 6E652072) No partition Table on disk 1. LastRegBack: 2014-03-10 05:52 ==================== End Of Log ============================ |
18.03.2014, 08:34 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 Winmgmt; C:\ProgramData\fvbn10t.zvv [332536 2014-03-13] (Microsoft Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () C:\ProgramData\fvbn10t.fee C:\ProgramData\fvbn10t.zvv C:\Users\Lubi\AppData\Local\Temp\AcDeltree.exe C:\Users\Lubi\AppData\Local\Temp\avgnt.exe C:\Users\Lubi\AppData\Local\Temp\FileSystemView.dll C:\Users\Lubi\Downloads\8MSA3.zip Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 09:37 | #13 |
| Bundestrojaner Vielen Dank für die schnelle Antwort! Hier der Dateiinhalt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by SYSTEM at 2014-03-18 09:34:53 Run:2 Running from H:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** S2 Winmgmt; C:\ProgramData\fvbn10t.zvv [332536 2014-03-13] (Microsoft Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () C:\ProgramData\fvbn10t.fee C:\ProgramData\fvbn10t.zvv C:\Users\Lubi\AppData\Local\Temp\AcDeltree.exe C:\Users\Lubi\AppData\Local\Temp\avgnt.exe C:\Users\Lubi\AppData\Local\Temp\FileSystemView.dll C:\Users\Lubi\Downloads\8MSA3.zip ***************** Winmgmt => Service restored successfully. KMService => Service deleted successfully. C:\ProgramData\fvbn10t.fee => Moved successfully. C:\ProgramData\fvbn10t.zvv => Moved successfully. C:\Users\Lubi\AppData\Local\Temp\AcDeltree.exe => Moved successfully. C:\Users\Lubi\AppData\Local\Temp\avgnt.exe => Moved successfully. C:\Users\Lubi\AppData\Local\Temp\FileSystemView.dll => Moved successfully. C:\Users\Lubi\Downloads\8MSA3.zip => Moved successfully. ==== End of Fixlog ==== |
18.03.2014, 09:41 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner Startet Windows jetzt wieder normal? Wenn ja, auf dem normalen Wege Logs mit FRST machen. Stell sicher, dass dabei ein Haken bei additions gesetzt ist. Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 10:12 | #15 |
| Bundestrojaner Ja, Windows startet nach einer Datenträgerüberprüfung jetzt wieder wie gewohnt. Hier der Dateiinhalt von FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Lubi (administrator) on Lubi-PC on 18-03-2014 09:58:07 Running from C:\Users\Lubi\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (Hewlett-Packard) C:\Windows\system32\Hpservice.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Akamai Technologies, Inc.) C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Akamai Technologies, Inc.) C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /installquiet HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16406632 2010-02-27] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity) HKLM\...\Run: [] - [X] HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity) HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-21] (NEC Electronics Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [HP Connection Manager.exe] - [X] HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-28] (Microsoft Corporation) HKU\S-1-5-21-576883963-3904081357-3319189133-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.) HKU\S-1-5-21-576883963-3904081357-3319189133-1000\...\MountPoints2: {b7835ed5-c472-11e2-9e63-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0661223C8872CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Lubi\AppData\Roaming\Mozilla\Firefox\Profiles\mpc7yvur.default FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Extension: (Google Drive) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-24] CHR Extension: (YouTube) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-24] CHR Extension: (Google-Suche) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-24] CHR Extension: (Google Wallet) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Google Mail) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-24] ==================== Services (Whitelisted) ================= R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 CFD 2014 Server; C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe [374784 2013-03-01] (Autodesk, Inc.) R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.) R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-24] (DigitalPersona, Inc.) S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd) R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-18] (Hewlett-Packard Development Company, L.P) R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.) R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG) R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 2009-10-02] (Infineon Technologies AG) R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( ) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-10-02] (Infineon Technologies AG) R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.) R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [84808 2010-06-08] (Smith Micro Software, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-10-02] (Infineon Technologies AG) R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2009-10-01] (QUALCOMM Incorporated) R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [235008 2009-10-01] (QUALCOMM Incorporated) R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121216 2009-10-01] (QUALCOMM Incorporated) R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1798400 2009-12-18] () R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG) S3 cpuz134; \??\C:\Users\Lubi\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-18 09:58 - 2014-03-18 09:58 - 00022128 _____ () C:\Users\Lubi\Downloads\FRST.txt 2014-03-18 09:58 - 2014-03-18 09:58 - 00000000 ____D () C:\3304236462db0fbd5995ef02 2014-03-18 09:57 - 2014-03-18 09:57 - 02157056 _____ (Farbar) C:\Users\Lubi\Downloads\FRST64.exe 2014-03-18 09:56 - 2014-03-18 09:56 - 01145856 _____ (Farbar) C:\Users\Lubi\Downloads\FRST.exe 2014-03-18 09:51 - 2014-03-18 09:51 - 00003416 ____N () C:\bootsqm.dat 2014-03-17 00:26 - 2014-03-18 09:58 - 00000000 ____D () C:\FRST 2014-03-12 09:03 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 09:03 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 09:03 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 09:03 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 09:03 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 09:03 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 09:03 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 09:03 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 09:03 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 09:03 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 09:03 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 09:03 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 09:03 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 09:03 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 09:03 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 09:03 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 09:03 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 09:03 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 09:03 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 09:03 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 09:03 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 09:03 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 09:03 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 09:03 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 09:03 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 09:03 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 09:03 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 09:03 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 09:03 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 09:03 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 09:03 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 09:03 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 09:03 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 09:03 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 09:03 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 09:03 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 09:03 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 09:03 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 09:03 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 09:03 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 09:03 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 09:03 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 09:03 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 09:03 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 09:00 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 09:00 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 09:00 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 09:00 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-02-26 14:18 - 2014-02-26 14:18 - 00190090 _____ () C:\Windows\PFRO.log ==================== One Month Modified Files and Folders ======= 2014-03-18 09:58 - 2014-03-18 09:58 - 00022128 _____ () C:\Users\Lubi\Downloads\FRST.txt 2014-03-18 09:58 - 2014-03-18 09:58 - 00000000 ____D () C:\3304236462db0fbd5995ef02 2014-03-18 09:58 - 2014-03-17 00:26 - 00000000 ____D () C:\FRST 2014-03-18 09:58 - 2013-05-24 14:12 - 02071070 _____ () C:\Windows\WindowsUpdate.log 2014-03-18 09:57 - 2014-03-18 09:57 - 02157056 _____ (Farbar) C:\Users\Lubi\Downloads\FRST64.exe 2014-03-18 09:56 - 2014-03-18 09:56 - 01145856 _____ (Farbar) C:\Users\Lubi\Downloads\FRST.exe 2014-03-18 09:54 - 2013-05-28 16:16 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-18 09:54 - 2013-05-24 16:21 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-18 09:53 - 2013-05-24 16:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-18 09:52 - 2013-10-31 13:22 - 00020328 _____ () C:\Windows\setupact.log 2014-03-18 09:52 - 2013-05-24 15:09 - 00000000 ____D () C:\ProgramData\HPQLOG 2014-03-18 09:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-18 09:51 - 2014-03-18 09:51 - 00003416 ____N () C:\bootsqm.dat 2014-03-17 22:43 - 2009-07-14 05:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 22:43 - 2009-07-14 05:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 08:56 - 2013-05-24 14:25 - 00000000 ___RD () C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-14 07:41 - 2013-05-24 16:39 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Akamai 2014-03-14 07:39 - 2013-05-24 15:10 - 00000000 ____D () C:\ProgramData\PDFC 2014-03-13 16:44 - 2014-02-04 14:32 - 00000000 ____D () C:\Users\Lubi\AppData\Roaming\Spotify 2014-03-13 09:07 - 2013-05-24 16:18 - 00000000 ____D () C:\Users\Lubi\Documents\Outlook-Dateien 2014-03-12 14:20 - 2009-07-14 05:45 - 00593800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-11 13:35 - 2009-08-30 06:25 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-03-11 13:35 - 2009-08-30 06:25 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-03-11 13:35 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-11 08:56 - 2014-02-04 14:32 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Spotify 2014-03-10 14:28 - 2013-09-03 17:23 - 00000000 ____D () C:\Users\Lubi\Desktop\Blech und Technik 2014-03-10 14:25 - 2013-05-24 15:52 - 00000000 ____D () C:\Users\Public\Documents\Bewerbung 2014-03-10 09:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-01 07:05 - 2014-03-12 09:03 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-12 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-12 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-12 09:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-12 09:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-12 09:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-12 09:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-12 09:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-12 09:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-12 09:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-12 09:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-12 09:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-12 09:03 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-12 09:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-12 09:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-12 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-12 09:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-12 09:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-12 09:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-12 09:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-12 09:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-12 09:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-12 09:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-12 09:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-12 09:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-12 09:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-12 09:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-12 09:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-12 09:03 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-12 09:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-12 09:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 09:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 09:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-12 09:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-12 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 09:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 09:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 09:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 09:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 09:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 22:53 - 2013-05-24 17:17 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-27 08:17 - 2013-05-24 15:33 - 00000000 ____D () C:\Users\Lubi\AppData\Local\PDFC 2014-02-26 14:18 - 2014-02-26 14:18 - 00190090 _____ () C:\Windows\PFRO.log 2014-02-25 21:43 - 2013-11-05 15:29 - 00000000 ____D () C:\Users\Lubi\.maplesoft Some content of TEMP: ==================== C:\Users\Lubi\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 14:52 ==================== End Of Log ============================ --- --- --- ... und von addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Lubi at 2014-03-18 09:59:04 Running from C:\Users\Lubi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems) Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.) Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.) Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (HKLM\...\{B46DECD1-1764-4EF1-0000-22D71E81877C}) (Version: 17.0.13800.0000 - Autodesk) Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.) Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2013 R1 (HKLM\...\Autodesk Inventor Fusion 2013 R1) (Version: 3.0.0.5 - Autodesk, Inc.) Autodesk Inventor Fusion 2013 R1 (Version: 3.0.0.5 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion for Inventor 2013 Add-in (HKLM\...\{08BCFE15-8AA1-4A58-B018-4FEF486BA922}) (Version: 1.0.0.111 - Autodesk) Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000 - Autodesk) Hidden Autodesk Inventor Professional 2013 Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2013) (Version: 17.0.13800.0000 - Autodesk) Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000 - Autodesk) Hidden Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk) Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk) Autodesk Simulation CFD 2014 (HKLM\...\Simulation CFD 2014) (Version: 14.0.0.0 - Autodesk) Autodesk Simulation CFD Viewer 2014 (HKLM-x32\...\{F273D6E8-4D51-46B1-8515-8B1B759AE760}) (Version: 14.0.0.0 - Autodesk) Autodesk Simulation Mechanical 2014 (HKLM\...\Autodesk Simulation Mechanical 2014) (Version: 2014.00.00.0513 - Autodesk, Inc.) Autodesk Simulation Mechanical 2014 (Version: 2014.00.00.0513 - Autodesk, Inc.) Hidden Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.) Autodesk Vault Basic 2013 (Client) (HKLM-x32\...\Autodesk Vault Basic 2013 (Client)) (Version: 17.0.61.0 - Autodesk) Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0 - Autodesk) Hidden Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0 - Autodesk) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.4 - Hewlett-Packard) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Drive Encryption for HP ProtectTools (HKLM\...\{3757846C-2E0E-4860-886A-2EE0FAEB7D56}) (Version: 5.0.2.10 - Hewlett-Packard) DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk) DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden Eco Materials Adviser for Autodesk Inventor 2013 (HKLM\...\{792A9A32-718A-40D1-9867-A903F76AE2F8}) (Version: 3.9.12.0 - Granta Design Limited) Embedded Security for HP ProtectTools (HKLM\...\{544A04F6-28FD-4C24-A34D-FC2B89222505}) (Version: 5.7.000 - Hewlett-Packard) File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.1 - Hewlett-Packard) Formelsammlung Roloff-Matek (HKLM-x32\...\Formelsammlung Roloff-Matek) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}) (Version: 4.0.4.1 - Hewlett-Packard) HP Business Card Reader (HKLM-x32\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - Hewlett-Packard) HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard) HP Connection Manager (HKLM-x32\...\{EBF2741D-5A35-4509-AD94-F07C18D0CE19}) (Version: 3.3.0 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden HP ESU for Microsoft Windows 7 (HKLM-x32\...\{E33B9BEB-305A-425B-88AF-DADFB7BB0D1E}) (Version: 1.1.1.1 - Hewlett-Packard Company) HP Power Assistant (HKLM\...\{58EF063D-3A99-4B76-BD1A-713B23364858}) (Version: 1.0.2.4 - Hewlett-Packard) HP Power Data (HKLM\...\{7F41676C-B432-4360-B988-99D11095F3C1}) (Version: 1.0.11.114 - Hewlett-Packard) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.03.635 - Hewlett-Packard) HP ProtectTools Security Manager (Version: 5.03.635 - Hewlett-Packard) Hidden HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}) (Version: 4.3.1.2 - Hewlett-Packard) HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio) HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.5 - Sonix) HP Wireless Assistant (HKLM\...\{6AF618BF-C95B-4049-B7B4-1388469F1E0C}) (Version: 4.0.2.4 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6268.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java Card Security for HP ProtectTools (HKLM\...\{80B7BAE0-5728-4E5D-BA99-DBA497F8A869}) (Version: 5.0.4.1 - Hewlett-Packard) Maple 15 (HKLM\...\Maple 15) (Version: - Maplesoft) Maple 15 (HKLM-x32\...\Maple 15) (Version: 15.0.0.0 - Maplesoft) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 21.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden NeuroCheck 6.0 (HKLM\...\{2653BD07-0238-4E3C-BD3A-4D9FD384310A}) (Version: 6.0.70.0 - NeuroCheck GmbH) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.00 - NVIDIA Corporation) OpenVPN 2.1.1 (HKLM-x32\...\OpenVPN) (Version: 2.1.1 - ) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc) Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{2E512A6C-AABE-414D-B52D-3E434D291989}) (Version: 1.1.18 - QUALCOMM) RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Roxio Creator Business v10 (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Tools (x32 Version: 3.8.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio MyDVD (x32 Version: 10.3.349 - Roxio) Hidden Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (HKLM\...\{D25FF5C1-1764-469A-9794-69309387C193}) (Version: 17.0.13800.0000 - Autodesk) Simulation CFD 2014 (Version: 14.0.0.0 - Autodesk) Hidden Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated) Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard) Validity Fingerprint Driver (HKLM\...\{BE9ED4AF-949C-4B95-B2FD-0A2F228A7689}) (Version: 4.0.8.0 - Validity Sensors, Inc.) VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN) WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00a of 2009-Dec-03 (Build 129) (Setup) - WIBU-SYSTEMS AG) Wiederbeschaffung bei Diebstahl (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows 7 Default Setting (HKLM-x32\...\{CC63C5BD-5096-4044-AC12-0FC6F1A6028D}) (Version: 1.0.1.5 - Hewlett-Packard Company) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Restore Points ========================= 18-03-2014 08:57:20 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {4D35D023-32A0-4ABC-93CA-85B37D67A879} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-10] (Hewlett-Packard) Task: {5BA5E290-C1D8-408D-A5E9-E0B872EE29B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {71DBFF87-F8B5-4547-84C5-5FC02C9D4A30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8DF65D37-FF2B-4051-AB33-BE9D37BE63FB} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-10] (Hewlett-Packard) Task: {D6B7CCC5-6109-4399-874A-F0CC617A777B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.) Task: {F02B5695-4CD9-4848-A51A-DD0C2F1CEFCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-09-21 14:04 - 2009-09-21 14:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2009-10-28 16:57 - 2009-10-28 16:57 - 00100864 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2009-11-19 14:14 - 2009-11-19 14:14 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll 2009-11-19 14:14 - 2009-11-19 14:14 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll 2009-11-19 14:11 - 2009-11-19 14:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll 2009-11-19 14:11 - 2009-11-19 14:11 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll 2012-02-05 21:14 - 2012-02-05 21:14 - 00498176 _____ () C:\Program Files\Autodesk\Autodesk Sync\log4cplusU.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00055232 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00917952 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00043968 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll 2012-02-05 21:18 - 2012-02-05 21:18 - 00222656 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll 2013-05-24 15:56 - 2013-01-25 09:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2010-06-08 05:51 - 2010-06-08 05:51 - 00171864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll 2014-03-07 13:55 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll 2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-03-07 13:55 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll 2014-03-07 13:55 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll 2014-03-07 13:55 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll 2014-03-07 13:55 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll 2014-03-07 13:55 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/17/2014 10:44:53 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (03/15/2014 08:23:00 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden. Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. . Error: (03/14/2014 07:59:39 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden. Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. . Error: (03/14/2014 07:41:33 AM) (Source: MsiInstaller) (User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (03/14/2014 07:41:04 AM) (Source: MsiInstaller) (User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (03/13/2014 03:40:57 PM) (Source: MsiInstaller) (User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (03/13/2014 03:40:26 PM) (Source: MsiInstaller) (User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (03/13/2014 08:35:33 AM) (Source: MsiInstaller) (User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (03/13/2014 08:35:00 AM) (Source: MsiInstaller) (User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (03/12/2014 01:25:35 PM) (Source: MsiInstaller) (User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. System errors: ============= Error: (03/17/2014 10:57:07 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:56:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:56:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:55:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:55:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:54:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:54:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:53:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:53:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (03/17/2014 10:52:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Microsoft Office Sessions: ========================= Error: (03/17/2014 10:44:53 PM) (Source: Windows Backup)(User: ) Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (03/15/2014 08:23:00 AM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. Error: (03/14/2014 07:59:39 AM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. Error: (03/14/2014 07:41:33 AM) (Source: MsiInstaller)(User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/14/2014 07:41:04 AM) (Source: MsiInstaller)(User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/13/2014 03:40:57 PM) (Source: MsiInstaller)(User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/13/2014 03:40:26 PM) (Source: MsiInstaller)(User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/13/2014 08:35:33 AM) (Source: MsiInstaller)(User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/13/2014 08:35:00 AM) (Source: MsiInstaller)(User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/12/2014 01:25:35 PM) (Source: MsiInstaller)(User: Lubi-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Lubi\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 8047.38 MB Available physical RAM: 5321.83 MB Total Pagefile: 16092.94 MB Available Pagefile: 12868.08 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:448.46 GB) (Free:323.35 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:14.91 GB) NTFS Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAF111DB) Partition: GPT Partition Type. ==================== End Of Log ============================ |
Themen zu Bundestrojaner |
.exe, 64bit, anhang, bereits, bundes, bundestrojaner, entferne, entfernen, erstell, erstellt, frst64.exe, gestern, hilfe, laptop, logfile, programm, vorgehen, windows, windows 7 |