Windows Defender: Problem beim Entfernen von Trojan:Win32/Necurs.A und Trojan:WinNT/Necurs.A unter Windows 7

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014
Ran by Jörg (administrator) on BEETHOVEN on 07-03-2014 22:08:03
Running from C:\Users\Jörg\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
() C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\DCService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Nokia Corp.) C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\system32\mmc.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [G Data AntiVirus Tray Application] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [996936 2010-08-26] (G Data Software AG)
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1538120 2010-08-26] (G Data Software AG)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [DataCardMonitor] - C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe [253952 2011-04-22] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Nokia Tray Application] - C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe [425984 2003-01-03] (Nokia)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-3956389187-1643806333-1776510576-1000\...\MountPoints2: {391dea39-7420-11e0-85dc-001e337fa516} - F:\AutoRun.exe
HKU\S-1-5-21-3956389187-1643806333-1776510576-1000\...\MountPoints2: {9648ae83-6b89-11e0-ad8d-001e337fa516} - F:\AutoRun.exe
HKU\S-1-5-21-3956389187-1643806333-1776510576-1000\...\MountPoints2: {9648ae8f-6b89-11e0-ad8d-001e337fa516} - F:\AutoRun.exe
Startup: C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x131F0EDEDC2BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

========================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1178184 2010-08-27] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [410696 2010-03-31] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [1330792 2010-08-25] ()
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] ()
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [1607344 2010-08-25] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [340552 2010-08-25] (G Data Software AG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
R2 syshost32; C:\Windows\Installer\{49DD8FF3-6331-EFC6-FD30-0817DCDEABCE}\syshost.exe [70144 2014-02-02] ()

==================== Drivers (Whitelisted) ====================

S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [33480 2011-01-04] (G Data Software AG)
S1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [62024 2011-01-04] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [47560 2011-01-04] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [40904 2011-01-04] (G DATA Software AG)
S1 GRD; C:\Windows\system32\drivers\GRD.sys [29992 2011-01-04] (G Data Software)
S1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [38856 2011-01-04] (G Data Software AG)
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] ()
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [177152 2009-07-14] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173648 2009-07-14] ()
R2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [37376 2006-11-14] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [275048 2010-06-23] ()
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] ()
R3 sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [84992 2009-10-10] ()
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] ()
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] ()
S3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [11264 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [12288 2009-07-14] ()
S3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [12800 2009-10-10] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] ()
S3 sisagp; C:\Windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] ()
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [310784 2010-08-27] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [308736 2010-08-27] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [113664 2010-08-27] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] ()
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [203312 2008-08-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1286016 2010-06-14] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1286016 2010-06-14] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24192 2009-12-15] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2009-07-14] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] ()
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] ()
R0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23640 2007-11-09] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] ()
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] ()
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] ()
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [41472 2009-07-14] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2009-07-14] ()
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [20480 2009-07-14] ()
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [19968 2009-07-14] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [74752 2009-07-14] ()
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2009-07-14] ()
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146304 2010-03-04] ()
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] ()
S3 viaagp; C:\Windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] ()
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] ()
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] ()
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] ()
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] ()
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] ()
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [34944 2009-07-14] ()
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] ()
U5 2af407cd8554d782; C:\Windows\System32\Drivers\2af407cd8554d782.sys [61952 2014-02-02] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [208896 2010-08-31] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 22:08 - 2014-03-07 22:08 - 00015096 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-07 22:06 - 2014-03-07 13:57 - 01145344 _____ (Farbar) C:\Users\Jörg\Desktop\FRST.exe
2014-03-07 22:05 - 2014-03-07 22:08 - 00000000 ____D () C:\FRST
2014-03-04 15:10 - 2014-03-04 15:26 - 232837912 _____ () C:\Users\Jörg\Documents\Documents.7z
2014-03-01 16:35 - 2014-03-04 10:32 - 00000000 ____D () C:\Users\Jörg\Desktop\2014-03-01 Necurs.A

==================== One Month Modified Files and Folders =======

2014-03-07 22:08 - 2014-03-07 22:08 - 00015096 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-07 22:08 - 2014-03-07 22:05 - 00000000 ____D () C:\FRST
2014-03-07 19:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-07 13:57 - 2014-03-07 22:06 - 01145344 _____ (Farbar) C:\Users\Jörg\Desktop\FRST.exe
2014-03-04 16:06 - 2012-02-13 20:46 - 00000000 ____D () C:\Users\Jörg\Documents\Mein Steuer-Sparbuch Heute
2014-03-04 15:26 - 2014-03-04 15:10 - 232837912 _____ () C:\Users\Jörg\Documents\Documents.7z
2014-03-04 12:55 - 2009-07-14 05:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 12:55 - 2009-07-14 05:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 10:32 - 2014-03-01 16:35 - 00000000 ____D () C:\Users\Jörg\Desktop\2014-03-01 Necurs.A
2014-03-03 15:11 - 2014-01-19 16:24 - 00000000 ____D () C:\Users\Jörg\Desktop\desk und URL 14
2014-03-02 17:57 - 2013-08-02 15:50 - 00000000 ____D () C:\test
2014-03-02 14:58 - 2010-12-28 00:00 - 00000000 ____D () C:\Users\Jörg
2014-02-28 20:33 - 2010-12-27 23:53 - 01761089 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 20:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 20:28 - 2009-07-14 05:39 - 00048924 _____ () C:\Windows\setupact.log
2014-02-28 20:10 - 2011-01-23 22:31 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Microsoft Help
2014-02-28 20:10 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-28 20:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-28 20:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-02-28 20:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-02-28 20:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-22 22:19 - 2010-12-28 13:06 - 00000000 ____D () C:\ProgramData\FreePDF
2014-02-07 17:02 - 2010-12-28 00:03 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 19:10 - 2011-12-17 15:49 - 00000000 ____D () C:\Users\Jörg\Desktop\Emma

Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\Jörg\AppData\Local\Temp\FileSystemView.dll
C:\Users\Jörg\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Jörg\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Jörg\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2009-07-14 00:11] - [2009-07-14 02:19] - 0245328 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys IS INFECTED. <===== ATTENTION!



LastRegBack: 2014-02-28 23:39

==================== End Of Log ============================
         

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014
Ran by Jörg at 2014-03-07 22:08:26
Running from C:\Users\Jörg\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2011 (Enabled - Out of date) {54ACC2FC-837E-E665-7A92-5352D560D5EF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C9743D9-C911-E73D-51CD-FA672BB39294}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Ant Renamer (HKLM\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Kurzwahlprogramm (HKLM\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version:  - )
Canon MX890 series Benutzerregistrierung (HKLM\...\Canon MX890 series Benutzerregistrierung) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Canon MX890 series On-screen Manual (HKLM\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
G Data InternetSecurity 2011 (HKLM\...\{C670480D-10CE-4E2E-929E-EE453EDE6BE2}) (Version: 21.0.0.0 - G Data Software AG)
GPL Ghostscript 8.64 (HKLM\...\GPL Ghostscript 8.64) (Version:  - )
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nokia PC Suite 4.88 (HKLM\...\{BCB8B85E-E28A-424F-AE81-A7553DAA32A4}) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.190.0 - Tracker Software Products Ltd)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Telekom Internet Manager (HKLM\...\Telekom Internet Manager) (Version: 11.301.05.05.748 - Huawei Technologies Co.,Ltd)
VLC media player 1.1.8 (HKLM\...\VLC media player) (Version: 1.1.8 - VideoLAN)
WISO Sparbuch 2010 (HKLM\...\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}) (Version: 17.00.6531 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.09.7121 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {9C31B752-9308-4229-A5BA-A7044D24CE7A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) =============

2009-07-14 00:11 - 2009-07-14 02:15 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 00:11 - 2009-07-14 02:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 00:11 - 2009-07-14 02:16 - 00033280 _____ () c:\windows\system32\pcwum.DLL
2011-01-04 01:03 - 2010-08-25 23:28 - 01330792 _____ () C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
2009-07-14 00:11 - 2009-07-14 02:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2010-12-28 13:06 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-19 09:52 - 2010-08-19 09:52 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2011-01-04 01:03 - 2010-08-25 23:38 - 00211016 _____ () C:\Program Files\G Data\InternetSecurity\Firewall\PktIcpt2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: GDBehave
Description: GDBehave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GDBehave
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: GDMnIcpt
Description: GDMnIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GDMnIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: GDPkIcpt
Description: GDPkIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GDPkIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: G DATA WFP CD
Description: G DATA WFP CD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: gdwfpcd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: G Data Rootkit Detector Driver
Description: G Data Rootkit Detector Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GRD
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HookCentre
Description: HookCentre
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HookCentre
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2014 05:15:35 PM) (Source: Application Hang) (User: )
Description: Programm Ribbons.scr, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cb4

Startzeit: 01cf37c489828e36

Endzeit: 14652

Anwendungspfad: C:\Windows\system32\Ribbons.scr

Berichts-ID: f8778adc-a3b7-11e3-827a-001e337fa516

Error: (03/04/2014 02:44:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 14.0.4754.1000, Zeitstempel: 0x4b967cf0
Name des fehlerhaften Moduls: ppcore.dll, Version: 14.0.4754.1000, Zeitstempel: 0x4b967d28
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017bd88
ID des fehlerhaften Prozesses: 0x61c
Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0
Pfad der fehlerhaften Anwendung: POWERPNT.EXE1
Pfad des fehlerhaften Moduls: POWERPNT.EXE2
Berichtskennung: POWERPNT.EXE3

Error: (03/04/2014 10:08:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38624772

Error: (03/04/2014 10:08:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38624772

Error: (03/04/2014 10:08:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2014 05:25:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21611303

Error: (03/04/2014 05:25:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21611303

Error: (03/04/2014 05:25:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2014 05:25:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21610226

Error: (03/04/2014 05:25:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21610226


System errors:
=============
Error: (03/07/2014 09:31:13 PM) (Source: DCOM) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (03/04/2014 02:33:49 PM) (Source: DCOM) (User: Beethoven)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BeethovenJörgS-1-5-21-3956389187-1643806333-1776510576-1000LocalHost (unter Verwendung von LRPC)

Error: (03/04/2014 02:08:05 PM) (Source: DCOM) (User: Beethoven)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BeethovenJörgS-1-5-21-3956389187-1643806333-1776510576-1000LocalHost (unter Verwendung von LRPC)

Error: (03/04/2014 10:08:55 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/04/2014 05:25:15 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/03/2014 08:45:58 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/03/2014 06:54:52 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/03/2014 02:35:23 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/03/2014 00:33:49 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/03/2014 11:08:39 AM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (03/04/2014 05:15:35 PM) (Source: Application Hang)(User: )
Description: Ribbons.scr6.1.7600.16385cb401cf37c489828e3614652C:\Windows\system32\Ribbons.scrf8778adc-a3b7-11e3-827a-001e337fa516

Error: (03/04/2014 02:44:59 PM) (Source: Application Error)(User: )
Description: POWERPNT.EXE14.0.4754.10004b967cf0ppcore.dll14.0.4754.10004b967d28c00000050017bd8861c01cf37afdfd58327C:\PROGRA~1\MICROS~2\Office14\POWERPNT.EXEC:\PROGRA~1\MICROS~2\Office14\ppcore.dll2cf43315-a3a3-11e3-827a-001e337fa516

Error: (03/04/2014 10:08:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38624772

Error: (03/04/2014 10:08:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38624772

Error: (03/04/2014 10:08:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2014 05:25:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21611303

Error: (03/04/2014 05:25:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21611303

Error: (03/04/2014 05:25:21 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2014 05:25:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21610226

Error: (03/04/2014 05:25:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21610226


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3070 MB
Available physical RAM: 1999.45 MB
Total Pagefile: 6138.28 MB
Available Pagefile: 4601.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.91 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:148.89 GB) (Free:73.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:147.73 GB) (Free:90.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D39222F7)

Partition: GPT Partition Type.

==================== End Of Log ============================