Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundestrojaner (https://www.trojaner-board.de/151123-bundestrojaner.html)

cosinus 18.03.2014 10:15
Zitat:
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013)
Sagma, ist das eine gewerblich genutzte Kiste?
Bei der Softwareausstattung könnte man das schon meinen....

Dieter R. 18.03.2014 10:24
Nein, ist es nicht ;-) Als Maschinenbaustudent benötigt man eben so manches Handwerkszeug.

Ist der Trojaner nun vollständig entfernt?

cosinus 18.03.2014 11:38
Bevor es weitergeht wollte ich wissen warum diese teure Software da drauf ist


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Dieter R. 18.03.2014 13:32
Hier das Logfile:
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Lubarda :: LUBI-PC [administrator]

18.03.2014 11:55:13
mbar-log-2014-03-18 (11-55-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 276179
Time elapsed: 27 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Lubi\AppData\Local\Temp\Low\Whot.dll (Trojan.FakeMS) -> Delete on reboot.
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Ist das Problem nun gelöst?

cosinus 18.03.2014 13:35
Zitat:
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.
Du hast ein illegales MS-Office drauf. Das und weitere illegale Sachen (falls vorhanden) müssen jetzt runter. Erst dann geht es wieder weiter mit der Hilfe.

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Dieter R. 18.03.2014 13:53
Ok, habe das Office nun deinstalliert.

cosinus 18.03.2014 13:59
Hoffentlich alles Illegale :pfeiff:
Da MBAR was gefunden bitte nun einen neuen Lauf mit diesem Tool machen

Dieter R. 18.03.2014 14:02
Habe es schon ein zweites Mal durchlaufen lassen und es wurde nichts gefunden ;-)

cosinus 18.03.2014 14:19
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Dieter R. 18.03.2014 15:25
adwCleaner
Code:
# AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 14:23:22
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Lubi - LUBI-PC
# Gestartet von : C:\Users\Lubi\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Lubi\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v21.0 (de)

[ Datei : C:\Users\Lubi\AppData\Roaming\Mozilla\Firefox\Profiles\mpc7yvur.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1279 octets] - [18/03/2014 14:22:29]
AdwCleaner[S0].txt - [1158 octets] - [18/03/2014 14:23:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1218 octets] ##########
JRT - Junkware Removal Tool
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Lubi on 18.03.2014 at 14:30:46,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2014 at 14:36:47,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lubi (administrator) on Lubi-PC on 18-03-2014 15:13:29
Running from C:\Users\Lubi\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Akamai Technologies, Inc.) C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Akamai Technologies, Inc.) C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(PortableApps.com) C:\Users\Lubi\Downloads\Notepad++Portable\Notepad++Portable.exe
(Don HO don.h@free.fr) C:\Users\Lubi\Downloads\Notepad++Portable\App\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16406632 2010-02-27] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Connection Manager.exe] - [X]
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-28] (Microsoft Corporation)
HKU\S-1-5-21-576883963-3904081357-3319189133-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Lubi\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-576883963-3904081357-3319189133-1000\...\MountPoints2: {b7835ed5-c472-11e2-9e63-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0661223C8872CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lubi\AppData\Roaming\Mozilla\Firefox\Profiles\mpc7yvur.default
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-18]
CHR Extension: (Google Drive) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-24]
CHR Extension: (YouTube) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-24]
CHR Extension: (Google-Suche) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-24]
CHR Extension: (Google Wallet) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Lubi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-24]

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 CFD 2014 Server; C:\Program Files\Autodesk\Simulation CFD 2014\SimCFDServer.exe [374784 2013-03-01] (Autodesk, Inc.)
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-18] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 2009-10-02] (Infineon Technologies AG)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-10-02] (Infineon Technologies AG)
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [84808 2010-06-08] (Smith Micro Software, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-10-02] (Infineon Technologies AG)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2009-10-01] (QUALCOMM Incorporated)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [235008 2009-10-01] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121216 2009-10-01] (QUALCOMM Incorporated)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1798400 2009-12-18] ()
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 cpuz134; \??\C:\Users\Lubi\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 15:10 - 2014-03-18 15:10 - 00000000 ____D () C:\N++RECOV
2014-03-18 14:36 - 2014-03-18 14:36 - 00000693 _____ () C:\Users\Lubi\Desktop\JRT.txt
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-18 14:29 - 2014-03-18 14:30 - 01037734 _____ (Thisisu) C:\Users\Lubi\Downloads\JRT.exe
2014-03-18 14:27 - 2014-03-18 14:28 - 00001280 _____ () C:\Users\Lubi\Desktop\AdwCleaner[S0].txt
2014-03-18 14:26 - 2014-03-18 14:26 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-18 14:22 - 2014-03-18 14:23 - 00000000 ____D () C:\AdwCleaner
2014-03-18 14:21 - 2014-03-18 14:21 - 01950720 _____ () C:\Users\Lubi\Downloads\adwcleaner.exe
2014-03-18 11:55 - 2014-03-18 12:34 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 11:53 - 2014-03-18 12:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 11:53 - 2014-03-18 11:53 - 00000000 ____D () C:\Users\Lubi\mbar
2014-03-18 10:06 - 2014-03-18 10:06 - 00000000 ____D () C:\Users\Lubi\Downloads\Notepad++Portable
2014-03-18 09:59 - 2014-03-18 09:59 - 00030776 _____ () C:\Users\Lubi\Downloads\Addition.txt
2014-03-18 09:58 - 2014-03-18 15:13 - 00020130 _____ () C:\Users\Lubi\Downloads\FRST.txt
2014-03-18 09:57 - 2014-03-18 09:57 - 02157056 _____ (Farbar) C:\Users\Lubi\Downloads\FRST64.exe
2014-03-18 09:56 - 2014-03-18 09:56 - 01145856 _____ (Farbar) C:\Users\Lubi\Downloads\FRST.exe
2014-03-18 09:51 - 2014-03-18 09:51 - 00003416 ____N () C:\bootsqm.dat
2014-03-17 00:26 - 2014-03-18 15:13 - 00000000 ____D () C:\FRST
2014-03-12 09:03 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 09:03 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 09:03 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 09:03 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 09:03 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 09:03 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 09:03 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 09:03 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 09:03 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 09:03 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 09:03 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 09:03 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 09:03 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 09:03 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 09:03 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 09:03 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 09:03 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 09:03 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 09:03 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 09:03 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 09:03 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 09:03 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 09:03 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 09:03 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 09:03 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 09:03 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 09:03 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 09:03 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 09:03 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 09:03 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 09:03 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 09:03 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 09:03 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 09:03 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 09:03 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 09:03 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 09:03 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 09:03 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 09:03 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 09:03 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 09:03 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 09:03 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 09:03 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 09:03 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 09:00 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 09:00 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 09:00 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 09:00 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-26 14:18 - 2014-03-18 13:49 - 00191410 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

2014-03-18 15:13 - 2014-03-18 09:58 - 00020130 _____ () C:\Users\Lubi\Downloads\FRST.txt
2014-03-18 15:13 - 2014-03-17 00:26 - 00000000 ____D () C:\FRST
2014-03-18 15:10 - 2014-03-18 15:10 - 00000000 ____D () C:\N++RECOV
2014-03-18 14:53 - 2013-05-24 16:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 14:36 - 2014-03-18 14:36 - 00000693 _____ () C:\Users\Lubi\Desktop\JRT.txt
2014-03-18 14:32 - 2009-07-14 05:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 14:32 - 2009-07-14 05:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-18 14:30 - 2014-03-18 14:29 - 01037734 _____ (Thisisu) C:\Users\Lubi\Downloads\JRT.exe
2014-03-18 14:29 - 2013-05-24 14:12 - 01053980 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 14:28 - 2014-03-18 14:27 - 00001280 _____ () C:\Users\Lubi\Desktop\AdwCleaner[S0].txt
2014-03-18 14:26 - 2014-03-18 14:26 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-18 14:25 - 2013-05-24 16:21 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 14:25 - 2013-05-24 15:09 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-03-18 14:24 - 2013-10-31 13:22 - 00020496 _____ () C:\Windows\setupact.log
2014-03-18 14:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 14:23 - 2014-03-18 14:22 - 00000000 ____D () C:\AdwCleaner
2014-03-18 14:21 - 2014-03-18 14:21 - 01950720 _____ () C:\Users\Lubi\Downloads\adwcleaner.exe
2014-03-18 13:51 - 2013-05-24 15:02 - 00183952 _____ () C:\Users\Lubi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 13:49 - 2014-02-26 14:18 - 00191410 _____ () C:\Windows\PFRO.log
2014-03-18 13:49 - 2009-07-14 05:45 - 00590024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 13:47 - 2013-05-24 16:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-18 13:46 - 2013-05-24 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-18 13:46 - 2013-05-24 14:25 - 00000000 ___RD () C:\Users\Lubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 13:46 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\ShellNew
2014-03-18 13:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-03-18 13:45 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2014-03-18 13:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-18 12:35 - 2009-08-30 06:25 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-03-18 12:35 - 2009-08-30 06:25 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-03-18 12:35 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 12:34 - 2014-03-18 11:55 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 12:34 - 2014-03-18 11:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 12:27 - 2013-05-26 09:27 - 00000000 ____D () C:\Windows\HPQ
2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 11:53 - 2014-03-18 11:53 - 00000000 ____D () C:\Users\Lubi\mbar
2014-03-18 11:53 - 2013-05-24 14:25 - 00000000 ____D () C:\Users\Lubi
2014-03-18 10:56 - 2013-05-24 16:39 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Akamai
2014-03-18 10:06 - 2014-03-18 10:06 - 00000000 ____D () C:\Users\Lubi\Downloads\Notepad++Portable
2014-03-18 09:59 - 2014-03-18 09:59 - 00030776 _____ () C:\Users\Lubi\Downloads\Addition.txt
2014-03-18 09:57 - 2014-03-18 09:57 - 02157056 _____ (Farbar) C:\Users\Lubi\Downloads\FRST64.exe
2014-03-18 09:56 - 2014-03-18 09:56 - 01145856 _____ (Farbar) C:\Users\Lubi\Downloads\FRST.exe
2014-03-18 09:51 - 2014-03-18 09:51 - 00003416 ____N () C:\bootsqm.dat
2014-03-14 07:39 - 2013-05-24 15:10 - 00000000 ____D () C:\ProgramData\PDFC
2014-03-13 16:44 - 2014-02-04 14:32 - 00000000 ____D () C:\Users\Lubi\AppData\Roaming\Spotify
2014-03-13 09:07 - 2013-05-24 16:18 - 00000000 ____D () C:\Users\Lubi\Documents\Outlook-Dateien
2014-03-11 08:56 - 2014-02-04 14:32 - 00000000 ____D () C:\Users\Lubi\AppData\Local\Spotify
2014-03-10 14:28 - 2013-09-03 17:23 - 00000000 ____D () C:\Users\Lubi\Desktop\Blech und Technik
2014-03-10 14:25 - 2013-05-24 15:52 - 00000000 ____D () C:\Users\Public\Documents\Bewerbung
2014-03-10 09:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 09:03 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 09:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 09:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 09:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 09:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 09:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 09:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 09:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 09:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 09:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 09:03 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 09:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 09:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 09:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 09:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 09:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 09:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 09:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 09:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 09:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 09:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 09:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 09:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 09:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 09:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 09:03 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 09:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 09:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 09:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 09:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 09:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 09:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 09:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 09:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 09:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 09:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 22:53 - 2013-05-24 17:17 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 08:17 - 2013-05-24 15:33 - 00000000 ____D () C:\Users\Lubi\AppData\Local\PDFC
2014-02-25 21:43 - 2013-11-05 15:29 - 00000000 ____D () C:\Users\Lubi\.maplesoft

Some content of TEMP:
====================
C:\Users\Lubi\AppData\Local\Temp\avgnt.exe
C:\Users\Lubi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 14:52

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Lubi at 2014-03-18 15:13:43
Running from C:\Users\Lubi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (HKLM\...\{B46DECD1-1764-4EF1-0000-22D71E81877C}) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2013 R1 (HKLM\...\Autodesk Inventor Fusion 2013 R1) (Version: 3.0.0.5 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 R1 (Version: 3.0.0.5 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion for Inventor 2013 Add-in (HKLM\...\{08BCFE15-8AA1-4A58-B018-4FEF486BA922}) (Version: 1.0.0.111 - Autodesk)
Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2013 Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2013) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)
Autodesk Simulation CFD 2014 (HKLM\...\Simulation CFD 2014) (Version: 14.0.0.0 - Autodesk)
Autodesk Simulation CFD Viewer 2014 (HKLM-x32\...\{F273D6E8-4D51-46B1-8515-8B1B759AE760}) (Version: 14.0.0.0 - Autodesk)
Autodesk Simulation Mechanical 2014 (HKLM\...\Autodesk Simulation Mechanical 2014) (Version: 2014.00.00.0513 - Autodesk, Inc.)
Autodesk Simulation Mechanical 2014 (Version: 2014.00.00.0513 - Autodesk, Inc.) Hidden
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Autodesk Vault Basic 2013 (Client) (HKLM-x32\...\Autodesk Vault Basic 2013 (Client)) (Version: 17.0.61.0 - Autodesk)
Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0 - Autodesk) Hidden
Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0 - Autodesk) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.4 - Hewlett-Packard)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption for HP ProtectTools (HKLM\...\{3757846C-2E0E-4860-886A-2EE0FAEB7D56}) (Version: 5.0.2.10 - Hewlett-Packard)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2013 (HKLM\...\{792A9A32-718A-40D1-9867-A903F76AE2F8}) (Version: 3.9.12.0 - Granta Design Limited)
Embedded Security for HP ProtectTools (HKLM\...\{544A04F6-28FD-4C24-A34D-FC2B89222505}) (Version: 5.7.000 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.1 - Hewlett-Packard)
Formelsammlung Roloff-Matek (HKLM-x32\...\Formelsammlung Roloff-Matek) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Business Card Reader (HKLM-x32\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - Hewlett-Packard)
HP Client Automation Agent Preload  (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{EBF2741D-5A35-4509-AD94-F07C18D0CE19}) (Version: 3.3.0 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{E33B9BEB-305A-425B-88AF-DADFB7BB0D1E}) (Version: 1.1.1.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{58EF063D-3A99-4B76-BD1A-713B23364858}) (Version: 1.0.2.4 - Hewlett-Packard)
HP Power Data (HKLM\...\{7F41676C-B432-4360-B988-99D11095F3C1}) (Version: 1.0.11.114 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.03.635 - Hewlett-Packard)
HP ProtectTools Security Manager (Version: 5.03.635 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}) (Version: 4.3.1.2 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.5 - Sonix)
HP Wireless Assistant (HKLM\...\{6AF618BF-C95B-4049-B7B4-1388469F1E0C}) (Version: 4.0.2.4 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6268.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java Card Security for HP ProtectTools (HKLM\...\{80B7BAE0-5728-4E5D-BA99-DBA497F8A869}) (Version: 5.0.4.1 - Hewlett-Packard)
Maple 15 (HKLM\...\Maple 15) (Version:  - Maplesoft)
Maple 15 (HKLM-x32\...\Maple 15) (Version: 15.0.0.0 - Maplesoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 21.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NeuroCheck 6.0 (HKLM\...\{2653BD07-0238-4E3C-BD3A-4D9FD384310A}) (Version: 6.0.70.0 - NeuroCheck GmbH)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.00 - NVIDIA Corporation)
OpenVPN 2.1.1 (HKLM-x32\...\OpenVPN) (Version: 2.1.1 - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{2E512A6C-AABE-414D-B52D-3E434D291989}) (Version: 1.1.18 - QUALCOMM)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business v10 (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (x32 Version: 10.3.349 - Roxio) Hidden
Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (HKLM\...\{D25FF5C1-1764-469A-9794-69309387C193}) (Version: 17.0.13800.0000 - Autodesk)
Simulation CFD 2014 (Version: 14.0.0.0 - Autodesk) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Validity Fingerprint Driver (HKLM\...\{BE9ED4AF-949C-4B95-B2FD-0A2F228A7689}) (Version: 4.0.8.0 - Validity Sensors, Inc.)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00a of 2009-Dec-03 (Build 129) (Setup) - WIBU-SYSTEMS AG)
Wiederbeschaffung bei Diebstahl (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 Default Setting (HKLM-x32\...\{CC63C5BD-5096-4044-AC12-0FC6F1A6028D}) (Version: 1.0.1.5 - Hewlett-Packard Company)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4D35D023-32A0-4ABC-93CA-85B37D67A879} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-10] (Hewlett-Packard)
Task: {5BA5E290-C1D8-408D-A5E9-E0B872EE29B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {71DBFF87-F8B5-4547-84C5-5FC02C9D4A30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8DF65D37-FF2B-4051-AB33-BE9D37BE63FB} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-10] (Hewlett-Packard)
Task: {D6B7CCC5-6109-4399-874A-F0CC617A777B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {F02B5695-4CD9-4848-A51A-DD0C2F1CEFCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 14:04 - 2009-09-21 14:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-10-28 16:57 - 2009-10-28 16:57 - 00100864 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2009-11-19 14:14 - 2009-11-19 14:14 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-11-19 14:14 - 2009-11-19 14:14 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2009-11-19 14:11 - 2009-11-19 14:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-11-19 14:11 - 2009-11-19 14:11 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-02-05 21:14 - 2012-02-05 21:14 - 00498176 _____ () C:\Program Files\Autodesk\Autodesk Sync\log4cplusU.dll
2012-02-05 21:18 - 2012-02-05 21:18 - 00055232 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2012-02-05 21:18 - 2012-02-05 21:18 - 00917952 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2012-02-05 21:18 - 2012-02-05 21:18 - 00043968 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2012-02-05 21:18 - 2012-02-05 21:18 - 00222656 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll
2013-05-24 15:56 - 2013-01-25 09:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-06-08 05:51 - 2010-06-08 05:51 - 00171864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2014-03-18 15:10 - 2014-03-18 15:10 - 00011264 _____ () C:\Users\Lubi\AppData\Local\Temp\nsrDE11.tmp\System.dll
2014-03-18 15:10 - 2014-03-18 15:10 - 00008704 _____ () C:\Users\Lubi\AppData\Local\Temp\nsrDE11.tmp\newadvsplash.dll
2014-03-18 15:10 - 2014-03-18 15:10 - 00029696 _____ () C:\Users\Lubi\AppData\Local\Temp\nsrDE11.tmp\registry.dll
2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () C:\Users\Lubi\Downloads\Notepad++Portable\App\Notepad++\plugins\NppExport.dll
2014-01-07 00:42 - 2014-01-07 00:42 - 01611264 _____ () C:\Users\Lubi\Downloads\Notepad++Portable\App\Notepad++\plugins\NppFTP.dll
2014-03-18 11:16 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-18 11:16 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-18 11:16 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-18 11:16 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-18 11:16 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-18 11:16 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-18 11:16 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8047.38 MB
Available physical RAM: 5664.09 MB
Total Pagefile: 16092.94 MB
Available Pagefile: 13054.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.46 GB) (Free:326.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:14.91 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAF111DB)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus 18.03.2014 15:30
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Dieter R. 18.03.2014 23:14
ESET Online Scanner hat kein Logfile hinterlassen, konnte jedoch ausser den beiden Dateien in der Quarantäne (im Verzeichnis C:\FRST\Quarantine) nichts finden.
Schätze, der Trojaner ist nun endgültig bezwungen? ;-)

cosinus 19.03.2014 12:09
Ist doch beschrieben wo ESET das Log ablegt

Zitat:
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:46 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19