Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr

Samos · 24.04.2014, 21:14

Guten Abend und vielen Dank schon einmal vorab für Eure Mühe.

Seit kurzer Zeit funktioniert mein GData AntivirusClient nicht mehr (Dienst nicht mehr gefunden) Taskmgr ließ sich nicht öffnen. GData deinstalliert und erneut installiert - keine Veränderung. Dann mit Hilfe von AVCleaner nochmals entfernt ohne Neuinstallation. Das Problem mit dem Taskmanager konnte ich mit Spybot S&D beheben. Dort wurde beim Scan kein Trojaner gefunden sondern lediglich Registry Veränderungen (s. Log). Das aktuelle Windows Tool zum Entfernen böser Software hat auch nichts gefunden.

Trotzdem Rootkit Check gemäß eurer Anleitung durchgeführt. Anbei die Logs mit der Bitte um Rückmeldung ob die Rootkits unbedenklich sind. Ich hoffe ich habe nichts falsch gemacht.

Mfg Samos

Code:

ATTFilter

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Ver****2 at 2014-04-24 20:47:43
Running from C:\Users\Ver***2.HV-*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data AntiVirus (Disabled - Out of date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data AntiVirus (Disabled - Out of date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Catalyst Control Center (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0218.1838.33398 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help English (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help French (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help German (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
ccc-utility64 (Version: 2011.0218.1838.33398 - ATI) Hidden
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4418 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
Depends (HKLM-x32\...\{0186DCDD-46DA-4554-8850-74A6557737B7}) (Version: 1.00.0000 - GFAD Systemhaus AG)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
HausSoft (HKLM-x32\...\InstallShield_{BE8FCB8D-4F99-4793-ADEB-0A596AFE15F5}) (Version: 3.2.286 - GFAD Systemhaus AG)
HausSoft (x32 Version: 3.2.286 - GFAD Systemhaus AG) Hidden
HiPath TAPI 120 SP V2 (HKLM\...\{42C95128-4207-4516-B4FF-12DBDADC58E0}) (Version: 2.0.64.0000 - Siemens Enterprise Communications GmbH & Co. KG)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Dell)
Intel(R) Network Connections 16.5.2.0 (Version: 16.5.2.0 - Dell) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SEPA Account Converter (HKLM-x32\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.25.2 - Star Finanz GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHARP MX/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX/MX-M Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Sharpdesk (HKLM-x32\...\{2A30AFBD-6DA5-499F-A83B-7CB2DFF21C23}) (Version: 3.3 - SHARP CORPORATION)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
xp-AntiSpy 3.98 (HKLM-x32\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-12-28 22:38 - 00000847 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.1.250 fritz.box

==================== Scheduled Tasks (whitelisted) =============

Task: {303D08FE-C036-4620-BC1A-561F7F752909} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {607636D0-68FD-4C5C-8C4E-E2C0457337F8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {A93B82D0-91E2-40DE-B5DF-EA2510E9611F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C9F4FDEC-851B-40FC-86AA-B44CFECCAAFD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-11 09:08 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2011-12-28 22:28 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.DLL
2011-02-18 20:36 - 2011-02-18 20:36 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-26 18:12 - 2010-08-26 18:12 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-17 10:38 - 2014-02-17 10:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-11-28 10:44 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-18 20:43 - 2013-12-18 20:43 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2011-04-19 15:06 - 2011-04-19 15:06 - 00006144 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\discoveryps.dll
2011-04-19 15:18 - 2011-04-19 15:18 - 00930304 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\SCprMfpif.dll
2014-04-24 19:38 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-24 19:38 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-24 19:38 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-24 19:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-31 11:07 - 2014-03-31 11:07 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GFAD PhoneCenter.lnk => C:\Windows\pss\GFAD PhoneCenter.lnk.CommonStartup
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

==================== Faulty Device Manager Devices =============

Name: GDBehave
Description: GDBehave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GDBehave
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: GDMnIcpt
Description: GDMnIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GDMnIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: HookCentre
Description: HookCentre
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HookCentre
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2014 07:33:41 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (04/24/2014 07:30:57 PM) (Source: Winlogon) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (04/24/2014 07:20:49 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

Error: (04/24/2014 07:20:26 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:19:59 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

Error: (04/24/2014 07:19:32 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

Error: (04/24/2014 07:18:46 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:05:18 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:03:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: O990-A18.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c25d
ID des fehlerhaften Prozesses: 0xdd8
Startzeit der fehlerhaften Anwendung: 0xO990-A18.exe0
Pfad der fehlerhaften Anwendung: O990-A18.exe1
Pfad des fehlerhaften Moduls: O990-A18.exe2
Berichtskennung: O990-A18.exe3

Error: (04/24/2014 07:03:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/24/2014 07:39:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/24/2014 07:39:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (04/24/2014 07:33:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (04/24/2014 07:20:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (04/24/2014 07:20:33 PM) (Source: DCOM) (User: )
Description: 1075AVKWCtl-Service{BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (04/24/2014 07:19:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (04/24/2014 07:19:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (04/24/2014 07:19:14 PM) (Source: DCOM) (User: )
Description: 1075AVKWCtl-Service{BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (04/24/2014 07:17:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/24/2014 07:17:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Dateisystem Wächter erreicht.


Microsoft Office Sessions:
=========================
Error: (04/24/2014 07:33:41 PM) (Source: Software Protection Platform Service)(User: )
Description: 0xD00000226.1.7601.17514

Error: (04/24/2014 07:30:57 PM) (Source: Winlogon)(User: )
Description: 

Error: (04/24/2014 07:20:49 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/24/2014 07:20:26 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:19:59 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/24/2014 07:19:32 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/24/2014 07:18:46 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:05:18 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:03:42 PM) (Source: Application Error)(User: )
Description: O990-A18.exe0.0.0.000000000unknown0.0.0.000000000c00000050004c25ddd801cf5fdf24eb1578C:\Users\Administrator\Desktop\O990-A18.exeunknown62af6bb0-cbd2-11e3-a96b-180373d14ab5

Error: (04/24/2014 07:03:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-04-24 20:45:22.193
  Description: N/A

  Date: 2014-04-09 18:46:30.995
  Description: N/A

  Date: 2014-04-09 18:31:04.358
  Description: N/A

  Date: 2014-04-01 13:30:10.117
  Description: N/A

  Date: 2014-04-01 13:30:10.068
  Description: N/A

  Date: 2014-03-14 18:01:06.574
  Description: N/A

  Date: 2014-03-14 17:44:26.841
  Description: N/A

  Date: 2014-02-23 01:38:25.578
  Description: N/A

  Date: 2014-02-22 21:15:52.779
  Description: N/A

  Date: 2014-02-22 21:07:28.356
  Description: N/A


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 8149.02 MB
Available physical RAM: 4793.55 MB
Total Pagefile: 16296.21 MB
Available Pagefile: 12775.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.8 GB) (Free:200.3 GB) NTFS
Drive d: (Reichelt-***** ) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive f: (Daten_NEU) (Network) (Total:220 GB) (Free:135.67 GB) NTFS
Drive p: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS
Drive q: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS
Drive z: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CDFC01C4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Tennlinie

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by ver*****2 (administrator) on ver*****2-PC on 24-04-2014 20:47:28
Running from C:\Users\ver*****2.HV-*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Dell) C:\Users\ver*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
(Microsoft Corporation) c:\bdc9a445550166d881531b7900f0\mrtstub.exe
(Microsoft Corporation) C:\Windows\system32\MRT.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\rdpclip.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SharpTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [131584 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [820224 2011-04-19] (SHARP CORPORATION)
HKLM-x32\...\Run: [IndexTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [395264 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Run: [DellSystemDetect] => C:\Users\ver*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\system: [NoDispScrSavPage] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [TaskbarLockAll] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceClassicControlPanel] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\MountPoints2: E - E:\ting.exe
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\MountPoints2: {15e0ae4c-7b37-11e2-98c5-180373d14ab5} - E:\ting.exe
HKU\S-1-5-21-2524561109-972703396-2741487341-500\...\Run: [DellSystemDetect] => C:\Users\Administrator\AppData\Local\Apps\2.0\ZK1WEW81.OA3\QQ2CXO32.WD4\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\ver*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GFAD PhoneCenter.lnk
ShortcutTarget: GFAD PhoneCenter.lnk -> C:\Program Files (x86)\GFAD\PhoneCenter\gPhoneCenter.exe (GFAD Systemhaus AG)
Startup: C:\Users\ver*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GFAD PhoneCenter.lnk
ShortcutTarget: GFAD PhoneCenter.lnk -> C:\Program Files (x86)\GFAD\PhoneCenter\gPhoneCenter.exe (GFAD Systemhaus AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0A199814-C811-40F1-B5C7-860B46557B13} URL = 
SearchScopes: HKCU - {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} -  No File
Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
Hosts: 192.168.1.250 fritz.box
Tcpip\..\Interfaces\{B1E823EF-B08D-4E46-963C-D1994057A2A7}: [NameServer]192.168.1.6

FireFox:
========
FF ProfilePath: C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\searchplugins\preissuchmaschine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-26]
FF Extension: FRITZ!Box AddOn - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: WOT - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-03]
FF Extension: Adblock Plus - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-28]

==================== Services (Whitelisted) =================

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 syshost32; C:\Windows\Installer\{2A05AD0F-BA3A-B16D-A14C-1E0D810830C6}\syshost.exe [89600 2014-04-01] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
S2 AVKWCtl; "C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe" [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 20:47 - 2014-04-24 20:47 - 00015212 _____ () C:\Users\ver*****2.HV-*****\Desktop\FRST.txt
2014-04-24 20:47 - 2014-04-24 20:47 - 00000000 ____D () C:\FRST
2014-04-24 20:46 - 2014-04-24 20:46 - 02061824 _____ (Farbar) C:\Users\ver*****2.HV-*****\Desktop\FRST64.exe
2014-04-24 20:45 - 2014-04-24 20:45 - 00000484 _____ () C:\Users\ver*****2.HV-*****\Desktop\defogger_disable.log
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\ver*****2.HV-*****\defogger_reenable
2014-04-24 20:44 - 2014-04-24 20:45 - 00050477 _____ () C:\Users\ver*****2.HV-*****\Desktop\Defogger.exe
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-24 19:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:38 - 2014-04-24 19:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2014-04-24 19:38 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-24 19:36 - 2014-04-24 19:36 - 00613200 _____ (Chip Digital GmbH) C:\Users\ver*****2.HV-*****\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 26747104 _____ (Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 00000000 ____D () C:\bdc9a445550166d881531b7900f0
2014-04-24 19:16 - 2014-04-24 19:16 - 00411144 _____ () C:\Users\ver*****2.HV-*****\Desktop\AVCleaner.exe
2014-04-24 19:16 - 2014-04-24 19:16 - 00094200 _____ (G Data Software AG) C:\Users\ver*****2.HV-*****\Desktop\svchost.exe
2014-04-24 19:11 - 2014-04-24 20:17 - 00002192 ____H () C:\Users\ver*****2.HV-*****\Documents\Default.rdp
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:55 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:52 - 2014-04-24 18:52 - 02087752 _____ (Dell Inc) C:\Users\ver*****2.HV-*****\Desktop\aulauncher.exe
2014-04-24 18:49 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\A18 Bios
2014-04-24 18:49 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\Chipsatz
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-01 13:30 - 2014-04-01 13:30 - 00077776 _____ () C:\Windows\system32\Drivers\1cbccdb6771da47b.sys
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-24 20:47 - 2014-04-24 20:47 - 00015212 _____ () C:\Users\ver*****2.HV-*****\Desktop\FRST.txt
2014-04-24 20:47 - 2014-04-24 20:47 - 00000000 ____D () C:\FRST
2014-04-24 20:46 - 2014-04-24 20:46 - 02061824 _____ (Farbar) C:\Users\ver*****2.HV-*****\Desktop\FRST64.exe
2014-04-24 20:45 - 2014-04-24 20:45 - 00000484 _____ () C:\Users\ver*****2.HV-*****\Desktop\defogger_disable.log
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\ver*****2.HV-*****\defogger_reenable
2014-04-24 20:45 - 2014-04-24 20:44 - 00050477 _____ () C:\Users\ver*****2.HV-*****\Desktop\Defogger.exe
2014-04-24 20:45 - 2011-12-05 19:38 - 00000000 ____D () C:\Users\ver*****2.HV-*****
2014-04-24 20:38 - 2012-07-16 16:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 20:17 - 2014-04-24 19:11 - 00002192 ____H () C:\Users\ver*****2.HV-*****\Documents\Default.rdp
2014-04-24 19:45 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:42 - 2014-04-24 19:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-24 19:38 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 19:36 - 2014-04-24 19:36 - 00613200 _____ (Chip Digital GmbH) C:\Users\ver*****2.HV-*****\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-24 19:35 - 2011-11-28 10:30 - 01191531 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 19:24 - 2014-04-24 19:24 - 26747104 _____ (Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 00000000 ____D () C:\bdc9a445550166d881531b7900f0
2014-04-24 19:21 - 2011-12-05 19:28 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-04-24 19:19 - 2012-04-22 18:46 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-24 19:18 - 2011-12-05 19:36 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-24 19:17 - 2011-12-05 19:33 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Local\G DATA
2014-04-24 19:17 - 2011-12-05 19:28 - 00000000 ____D () C:\ProgramData\G Data
2014-04-24 19:16 - 2014-04-24 19:16 - 00411144 _____ () C:\Users\ver*****2.HV-*****\Desktop\AVCleaner.exe
2014-04-24 19:16 - 2014-04-24 19:16 - 00094200 _____ (G Data Software AG) C:\Users\ver*****2.HV-*****\Desktop\svchost.exe
2014-04-24 19:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 19:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 19:05 - 2010-11-21 08:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-04-24 19:05 - 2010-11-21 08:50 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-04-24 19:05 - 2009-07-14 07:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-24 19:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 19:01 - 2009-07-14 06:51 - 00072016 _____ () C:\Windows\setupact.log
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:56 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:56 - 2011-12-05 18:39 - 00000000 ____D () C:\Users\Administrator
2014-04-24 18:56 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-24 18:55 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\A18 Bios
2014-04-24 18:53 - 2014-02-22 21:57 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Local\Deployment
2014-04-24 18:52 - 2014-04-24 18:52 - 02087752 _____ (Dell Inc) C:\Users\ver*****2.HV-*****\Desktop\aulauncher.exe
2014-04-24 18:51 - 2011-11-28 10:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-04-24 18:50 - 2014-02-22 21:59 - 00000000 ____D () C:\ProgramData\dell
2014-04-24 18:49 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\Chipsatz
2014-04-23 15:29 - 2012-01-02 11:25 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Roaming\.oit
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-15 09:03 - 2010-11-21 05:47 - 00281774 _____ () C:\Windows\PFRO.log
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:48 - 2011-12-05 18:38 - 00004666 __RSH () C:\Users\ver*****2.HV-*****\ntuser.pol
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-02 09:33 - 2012-07-09 10:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 13:30 - 2014-04-01 13:30 - 00077776 _____ () C:\Windows\system32\Drivers\1cbccdb6771da47b.sys
2014-04-01 13:04 - 2014-02-22 21:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-31 03:51 - 2011-12-05 19:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 05:23] - [2010-11-21 05:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-04-09 17:48

==================== End Of Log ============================

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:45 on 24/04/2014 (****2)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-24 21:43:54
Windows 6.1.7601 Service Pack 1 x64 
Running: Gmer-19357.exe


---- Services - GMER 2.1 ----

Service  System32\Drivers\1cbccdb6771da47b.sys (*** hidden *** )               [BOOT] 1cbccdb6771da47b                             <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@ImagePath     \SystemRoot\System32\Drivers\1cbccdb6771da47b.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Group         Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@ErrorControl  0
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Type          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Start         0
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Tag           1
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@DisplayName   syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b               
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@ImagePath         \SystemRoot\System32\Drivers\1cbccdb6771da47b.sys
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Group             Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@ErrorControl      0
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Type              1
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Start             0
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Tag               1
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@DisplayName       syshost.exe

---- EOF - GMER 2.1 ----

Code:

ATTFilter

Search results from Spybot - Search & Destroy

24.04.2014 21:13:42
Scan took 00:13:55.
47 items found.

DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\OCS\lastPID

DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\OCS\PID

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.System: [SBI $7F8E43F4] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Ver******2 (default)) (Browser: Cookie, nothing done)
  

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Imaging: [SBI $39A58B51] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Kodak\Imaging\Recent File List

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $8390E60B] Network map history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (29) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (4) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (10505) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (99) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDScan.exe (2.2.18.177)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2012-03-22 SDWSCSvc.exe (2.0.8.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-04-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-22 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-22 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-22 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-22 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr

Log-Analyse und Auswertung: Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr

Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr

Ähnliche Themen: Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr