Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr (https://www.trojaner-board.de/153009-windows-7-gdata-antivirus-client-taskmgr-einige-exe-starten-mehr.html)

Samos 24.04.2014 21:14
Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr
 
Guten Abend und vielen Dank schon einmal vorab für Eure Mühe.

Seit kurzer Zeit funktioniert mein GData AntivirusClient nicht mehr (Dienst nicht mehr gefunden) Taskmgr ließ sich nicht öffnen. GData deinstalliert und erneut installiert - keine Veränderung. Dann mit Hilfe von AVCleaner nochmals entfernt ohne Neuinstallation. Das Problem mit dem Taskmanager konnte ich mit Spybot S&D beheben. Dort wurde beim Scan kein Trojaner gefunden sondern lediglich Registry Veränderungen (s. Log). Das aktuelle Windows Tool zum Entfernen böser Software hat auch nichts gefunden.

Trotzdem Rootkit Check gemäß eurer Anleitung durchgeführt. Anbei die Logs mit der Bitte um Rückmeldung ob die Rootkits unbedenklich sind. Ich hoffe ich habe nichts falsch gemacht.

Mfg Samos

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Ver****2 at 2014-04-24 20:47:43
Running from C:\Users\Ver***2.HV-*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data AntiVirus (Disabled - Out of date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data AntiVirus (Disabled - Out of date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Catalyst Control Center (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0218.1838.33398 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help English (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help French (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help German (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
ccc-utility64 (Version: 2011.0218.1838.33398 - ATI) Hidden
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4418 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
Depends (HKLM-x32\...\{0186DCDD-46DA-4554-8850-74A6557737B7}) (Version: 1.00.0000 - GFAD Systemhaus AG)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
HausSoft (HKLM-x32\...\InstallShield_{BE8FCB8D-4F99-4793-ADEB-0A596AFE15F5}) (Version: 3.2.286 - GFAD Systemhaus AG)
HausSoft (x32 Version: 3.2.286 - GFAD Systemhaus AG) Hidden
HiPath TAPI 120 SP V2 (HKLM\...\{42C95128-4207-4516-B4FF-12DBDADC58E0}) (Version: 2.0.64.0000 - Siemens Enterprise Communications GmbH & Co. KG)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Dell)
Intel(R) Network Connections 16.5.2.0 (Version: 16.5.2.0 - Dell) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SEPA Account Converter (HKLM-x32\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.25.2 - Star Finanz GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHARP MX/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX/MX-M Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Sharpdesk (HKLM-x32\...\{2A30AFBD-6DA5-499F-A83B-7CB2DFF21C23}) (Version: 3.3 - SHARP CORPORATION)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
xp-AntiSpy 3.98 (HKLM-x32\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-12-28 22:38 - 00000847 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.1.250 fritz.box

==================== Scheduled Tasks (whitelisted) =============

Task: {303D08FE-C036-4620-BC1A-561F7F752909} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {607636D0-68FD-4C5C-8C4E-E2C0457337F8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {A93B82D0-91E2-40DE-B5DF-EA2510E9611F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C9F4FDEC-851B-40FC-86AA-B44CFECCAAFD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-11 09:08 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2011-12-28 22:28 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.DLL
2011-02-18 20:36 - 2011-02-18 20:36 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-26 18:12 - 2010-08-26 18:12 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-17 10:38 - 2014-02-17 10:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-11-28 10:44 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-18 20:43 - 2013-12-18 20:43 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2011-04-19 15:06 - 2011-04-19 15:06 - 00006144 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\discoveryps.dll
2011-04-19 15:18 - 2011-04-19 15:18 - 00930304 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\SCprMfpif.dll
2014-04-24 19:38 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-24 19:38 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-24 19:38 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-24 19:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-31 11:07 - 2014-03-31 11:07 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GFAD PhoneCenter.lnk => C:\Windows\pss\GFAD PhoneCenter.lnk.CommonStartup
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

==================== Faulty Device Manager Devices =============

Name: GDBehave
Description: GDBehave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: GDBehave
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: GDMnIcpt
Description: GDMnIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: GDMnIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: HookCentre
Description: HookCentre
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HookCentre
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2014 07:33:41 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (04/24/2014 07:30:57 PM) (Source: Winlogon) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (04/24/2014 07:20:49 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

Error: (04/24/2014 07:20:26 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:19:59 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

Error: (04/24/2014 07:19:32 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

Error: (04/24/2014 07:18:46 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:05:18 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:03:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: O990-A18.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c25d
ID des fehlerhaften Prozesses: 0xdd8
Startzeit der fehlerhaften Anwendung: 0xO990-A18.exe0
Pfad der fehlerhaften Anwendung: O990-A18.exe1
Pfad des fehlerhaften Moduls: O990-A18.exe2
Berichtskennung: O990-A18.exe3

Error: (04/24/2014 07:03:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/24/2014 07:39:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/24/2014 07:39:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (04/24/2014 07:33:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%5

Error: (04/24/2014 07:20:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (04/24/2014 07:20:33 PM) (Source: DCOM) (User: )
Description: 1075AVKWCtl-Service{BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (04/24/2014 07:19:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (04/24/2014 07:19:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (04/24/2014 07:19:14 PM) (Source: DCOM) (User: )
Description: 1075AVKWCtl-Service{BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (04/24/2014 07:17:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/24/2014 07:17:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Dateisystem Wächter erreicht.


Microsoft Office Sessions:
=========================
Error: (04/24/2014 07:33:41 PM) (Source: Software Protection Platform Service)(User: )
Description: 0xD00000226.1.7601.17514

Error: (04/24/2014 07:30:57 PM) (Source: Winlogon)(User: )
Description:

Error: (04/24/2014 07:20:49 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/24/2014 07:20:26 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:19:59 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/24/2014 07:19:32 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/24/2014 07:18:46 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:05:18 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar.  (0x8215110b)

Error: (04/24/2014 07:03:42 PM) (Source: Application Error)(User: )
Description: O990-A18.exe0.0.0.000000000unknown0.0.0.000000000c00000050004c25ddd801cf5fdf24eb1578C:\Users\Administrator\Desktop\O990-A18.exeunknown62af6bb0-cbd2-11e3-a96b-180373d14ab5

Error: (04/24/2014 07:03:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-04-24 20:45:22.193
  Description: N/A

  Date: 2014-04-09 18:46:30.995
  Description: N/A

  Date: 2014-04-09 18:31:04.358
  Description: N/A

  Date: 2014-04-01 13:30:10.117
  Description: N/A

  Date: 2014-04-01 13:30:10.068
  Description: N/A

  Date: 2014-03-14 18:01:06.574
  Description: N/A

  Date: 2014-03-14 17:44:26.841
  Description: N/A

  Date: 2014-02-23 01:38:25.578
  Description: N/A

  Date: 2014-02-22 21:15:52.779
  Description: N/A

  Date: 2014-02-22 21:07:28.356
  Description: N/A


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 8149.02 MB
Available physical RAM: 4793.55 MB
Total Pagefile: 16296.21 MB
Available Pagefile: 12775.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.8 GB) (Free:200.3 GB) NTFS
Drive d: (Reichelt-***** ) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive f: (Daten_NEU) (Network) (Total:220 GB) (Free:135.67 GB) NTFS
Drive p: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS
Drive q: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS
Drive z: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CDFC01C4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Tennlinie

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by ver*****2 (administrator) on ver*****2-PC on 24-04-2014 20:47:28
Running from C:\Users\ver*****2.HV-*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Dell) C:\Users\ver*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
(Microsoft Corporation) c:\bdc9a445550166d881531b7900f0\mrtstub.exe
(Microsoft Corporation) C:\Windows\system32\MRT.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\rdpclip.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SharpTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [131584 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [820224 2011-04-19] (SHARP CORPORATION)
HKLM-x32\...\Run: [IndexTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [395264 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Run: [DellSystemDetect] => C:\Users\ver*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\system: [NoDispScrSavPage] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [TaskbarLockAll] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceClassicControlPanel] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\MountPoints2: E - E:\ting.exe
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\MountPoints2: {15e0ae4c-7b37-11e2-98c5-180373d14ab5} - E:\ting.exe
HKU\S-1-5-21-2524561109-972703396-2741487341-500\...\Run: [DellSystemDetect] => C:\Users\Administrator\AppData\Local\Apps\2.0\ZK1WEW81.OA3\QQ2CXO32.WD4\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\ver*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GFAD PhoneCenter.lnk
ShortcutTarget: GFAD PhoneCenter.lnk -> C:\Program Files (x86)\GFAD\PhoneCenter\gPhoneCenter.exe (GFAD Systemhaus AG)
Startup: C:\Users\ver*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GFAD PhoneCenter.lnk
ShortcutTarget: GFAD PhoneCenter.lnk -> C:\Program Files (x86)\GFAD\PhoneCenter\gPhoneCenter.exe (GFAD Systemhaus AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0A199814-C811-40F1-B5C7-860B46557B13} URL =
SearchScopes: HKCU - {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} -  No File
Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
Hosts: 192.168.1.250 fritz.box
Tcpip\..\Interfaces\{B1E823EF-B08D-4E46-963C-D1994057A2A7}: [NameServer]192.168.1.6

FireFox:
========
FF ProfilePath: C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\searchplugins\preissuchmaschine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-26]
FF Extension: FRITZ!Box AddOn - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: WOT - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-03]
FF Extension: Adblock Plus - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-28]

==================== Services (Whitelisted) =================

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 syshost32; C:\Windows\Installer\{2A05AD0F-BA3A-B16D-A14C-1E0D810830C6}\syshost.exe [89600 2014-04-01] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
S2 AVKWCtl; "C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe" [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 20:47 - 2014-04-24 20:47 - 00015212 _____ () C:\Users\ver*****2.HV-*****\Desktop\FRST.txt
2014-04-24 20:47 - 2014-04-24 20:47 - 00000000 ____D () C:\FRST
2014-04-24 20:46 - 2014-04-24 20:46 - 02061824 _____ (Farbar) C:\Users\ver*****2.HV-*****\Desktop\FRST64.exe
2014-04-24 20:45 - 2014-04-24 20:45 - 00000484 _____ () C:\Users\ver*****2.HV-*****\Desktop\defogger_disable.log
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\ver*****2.HV-*****\defogger_reenable
2014-04-24 20:44 - 2014-04-24 20:45 - 00050477 _____ () C:\Users\ver*****2.HV-*****\Desktop\Defogger.exe
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-24 19:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:38 - 2014-04-24 19:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2014-04-24 19:38 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-24 19:36 - 2014-04-24 19:36 - 00613200 _____ (Chip Digital GmbH) C:\Users\ver*****2.HV-*****\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 26747104 _____ (Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 00000000 ____D () C:\bdc9a445550166d881531b7900f0
2014-04-24 19:16 - 2014-04-24 19:16 - 00411144 _____ () C:\Users\ver*****2.HV-*****\Desktop\AVCleaner.exe
2014-04-24 19:16 - 2014-04-24 19:16 - 00094200 _____ (G Data Software AG) C:\Users\ver*****2.HV-*****\Desktop\svchost.exe
2014-04-24 19:11 - 2014-04-24 20:17 - 00002192 ____H () C:\Users\ver*****2.HV-*****\Documents\Default.rdp
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:55 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:52 - 2014-04-24 18:52 - 02087752 _____ (Dell Inc) C:\Users\ver*****2.HV-*****\Desktop\aulauncher.exe
2014-04-24 18:49 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\A18 Bios
2014-04-24 18:49 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\Chipsatz
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-01 13:30 - 2014-04-01 13:30 - 00077776 _____ () C:\Windows\system32\Drivers\1cbccdb6771da47b.sys
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-24 20:47 - 2014-04-24 20:47 - 00015212 _____ () C:\Users\ver*****2.HV-*****\Desktop\FRST.txt
2014-04-24 20:47 - 2014-04-24 20:47 - 00000000 ____D () C:\FRST
2014-04-24 20:46 - 2014-04-24 20:46 - 02061824 _____ (Farbar) C:\Users\ver*****2.HV-*****\Desktop\FRST64.exe
2014-04-24 20:45 - 2014-04-24 20:45 - 00000484 _____ () C:\Users\ver*****2.HV-*****\Desktop\defogger_disable.log
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\ver*****2.HV-*****\defogger_reenable
2014-04-24 20:45 - 2014-04-24 20:44 - 00050477 _____ () C:\Users\ver*****2.HV-*****\Desktop\Defogger.exe
2014-04-24 20:45 - 2011-12-05 19:38 - 00000000 ____D () C:\Users\ver*****2.HV-*****
2014-04-24 20:38 - 2012-07-16 16:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 20:17 - 2014-04-24 19:11 - 00002192 ____H () C:\Users\ver*****2.HV-*****\Documents\Default.rdp
2014-04-24 19:45 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:42 - 2014-04-24 19:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-24 19:38 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 19:36 - 2014-04-24 19:36 - 00613200 _____ (Chip Digital GmbH) C:\Users\ver*****2.HV-*****\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-24 19:35 - 2011-11-28 10:30 - 01191531 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 19:24 - 2014-04-24 19:24 - 26747104 _____ (Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 00000000 ____D () C:\bdc9a445550166d881531b7900f0
2014-04-24 19:21 - 2011-12-05 19:28 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-04-24 19:19 - 2012-04-22 18:46 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-24 19:18 - 2011-12-05 19:36 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-24 19:17 - 2011-12-05 19:33 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Local\G DATA
2014-04-24 19:17 - 2011-12-05 19:28 - 00000000 ____D () C:\ProgramData\G Data
2014-04-24 19:16 - 2014-04-24 19:16 - 00411144 _____ () C:\Users\ver*****2.HV-*****\Desktop\AVCleaner.exe
2014-04-24 19:16 - 2014-04-24 19:16 - 00094200 _____ (G Data Software AG) C:\Users\ver*****2.HV-*****\Desktop\svchost.exe
2014-04-24 19:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 19:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 19:05 - 2010-11-21 08:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-04-24 19:05 - 2010-11-21 08:50 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-04-24 19:05 - 2009-07-14 07:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-24 19:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 19:01 - 2009-07-14 06:51 - 00072016 _____ () C:\Windows\setupact.log
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:56 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:56 - 2011-12-05 18:39 - 00000000 ____D () C:\Users\Administrator
2014-04-24 18:56 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-24 18:55 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\A18 Bios
2014-04-24 18:53 - 2014-02-22 21:57 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Local\Deployment
2014-04-24 18:52 - 2014-04-24 18:52 - 02087752 _____ (Dell Inc) C:\Users\ver*****2.HV-*****\Desktop\aulauncher.exe
2014-04-24 18:51 - 2011-11-28 10:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-04-24 18:50 - 2014-02-22 21:59 - 00000000 ____D () C:\ProgramData\dell
2014-04-24 18:49 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\Chipsatz
2014-04-23 15:29 - 2012-01-02 11:25 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Roaming\.oit
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-15 09:03 - 2010-11-21 05:47 - 00281774 _____ () C:\Windows\PFRO.log
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:48 - 2011-12-05 18:38 - 00004666 __RSH () C:\Users\ver*****2.HV-*****\ntuser.pol
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-02 09:33 - 2012-07-09 10:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 13:30 - 2014-04-01 13:30 - 00077776 _____ () C:\Windows\system32\Drivers\1cbccdb6771da47b.sys
2014-04-01 13:04 - 2014-02-22 21:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-31 03:51 - 2011-12-05 19:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 05:23] - [2010-11-21 05:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-04-09 17:48

==================== End Of Log ============================
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:45 on 24/04/2014 (****2)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

GMER

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-24 21:43:54
Windows 6.1.7601 Service Pack 1 x64
Running: Gmer-19357.exe


---- Services - GMER 2.1 ----

Service  System32\Drivers\1cbccdb6771da47b.sys (*** hidden *** )              [BOOT] 1cbccdb6771da47b                            <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@ImagePath    \SystemRoot\System32\Drivers\1cbccdb6771da47b.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Group        Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@ErrorControl  0
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Type          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Start        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Tag          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@DisplayName  syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b             
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@ImagePath        \SystemRoot\System32\Drivers\1cbccdb6771da47b.sys
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Group            Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@ErrorControl      0
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Type              1
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Start            0
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Tag              1
Reg      HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@DisplayName      syshost.exe

---- EOF - GMER 2.1 ----
Code:
Search results from Spybot - Search & Destroy

24.04.2014 21:13:42
Scan took 00:13:55.
47 items found.

DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\OCS\lastPID

DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\OCS\PID

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.System: [SBI $7F8E43F4] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Ver******2 (default)) (Browser: Cookie, nothing done)
 

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Imaging: [SBI $39A58B51] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Kodak\Imaging\Recent File List

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $8390E60B] Network map history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (29) (Browser: Cookie, nothing done)
 

Cache: [SBI $49804B54] Browser: Cache (4) (Browser: Cache, nothing done)
 

Verlauf: [SBI $49804B54] Browser: History (10505) (Browser: History, nothing done)
 

Cookie: [SBI $49804B54] Browser: Cookie (99) (Browser: Cookie, nothing done)
 


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDScan.exe (2.2.18.177)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2012-03-22 SDWSCSvc.exe (2.0.8.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-04-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-22 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-22 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-22 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-22 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

mort 24.04.2014 21:23
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld :)

Samos 25.04.2014 10:12
Vielen Dank mort, ich habe eben noch zusätzlich festgestellt, dass Windows Update nicht funktioniert. Der Dient "Windows-Update" ist unter services.msc verschwunden.

Hallo mort,

REG Einträge, die mit ADWCleaner gefunden wurden, sind nach jedem Neustart wieder da.
Die mit GMER gefundenen Einträge lassen sich nicht löschen/deaktivieren,
Nach Rücksprache mit einem befreundetem Admin, komme ich um ein Neu Aufsetzen des Systems nicht herum:headbang:. Ich bitte Dich daher meinen Fall zu schließen und danke für die Zeit Mühe!

Viel Erfolg weiterhin!
Mfg
Samos

mort 25.04.2014 12:30
Hallo Samos und
:hallo:

Ich werde dir bei der Bereinigung des Computers helfen.
  • Arbeite meine Anleitungen nacheinander ab.
  • Poste deine Logs in Code-Tags: [code]Hier der Inhalt des Logs[/code]
  • Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.


Falls du noch nicht formatiert hast kanst du hier gerne weitermachen.

Zitat:
Seit kurzer Zeit funktioniert mein GData AntivirusClient nicht mehr
Ja, das liegt wahrscheinlich am Rootkit das du da hast.


Schritt 1

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Samos 25.04.2014 15:16
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo mort,

vielen Dank für die Lösung!!!

Einzig der empfohlene TDSSKiller war in der Lage, den Befall zu beheben (ADWCleaner z. B. nicht). Beim ersten Scandurchgang wurde ein Befall festgestellt (Log 1) nach dem Neustart habe ich den Scan nochmals gemacht (diesmal alles angehakt) und es wurde 2 mal "Rootkit.Win32.Necurs.gen" (Log2) gefunden und beseitigt. Seitdem funktioniert alles wieder bestens! Ich bin Dir sehr dankbar, weil ich viel Zeit für ein Neuaufsetzen des Systems gespart habe!

Schönes Wochenende
Samos

Code:
15:26:44.0067 0x0b74  TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50
15:26:44.0379 0x0b74  ============================================================
15:26:44.0379 0x0b74  Current date / time: 2014/04/25 15:26:44.0379
15:26:44.0379 0x0b74  SystemInfo:
15:26:44.0379 0x0b74 
15:26:44.0379 0x0b74  OS Version: 6.1.7601 ServicePack: 1.0
15:26:44.0379 0x0b74  Product type: Workstation
15:26:44.0379 0x0b74  ComputerName:
15:26:44.0379 0x0b74  UserName:
15:26:44.0379 0x0b74  Windows directory: C:\Windows
15:26:44.0379 0x0b74  System windows directory: C:\Windows
15:26:44.0379 0x0b74  Running under WOW64
15:26:44.0379 0x0b74  Processor architecture: Intel x64
15:26:44.0379 0x0b74  Number of processors: 8
15:26:44.0379 0x0b74  Page size: 0x1000
15:26:44.0379 0x0b74  Boot type: Normal boot
15:26:44.0379 0x0b74  ============================================================
15:26:44.0410 0x0b74  BG loaded
15:26:47.0514 0x0b74  System UUID: {47825797-1968-70A5-E70A-EB250F488D52}
15:26:48.0341 0x0b74  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:48.0357 0x0b74  ============================================================
15:26:48.0357 0x0b74  \Device\Harddisk0\DR0:
15:26:48.0372 0x0b74  MBR partitions:
15:26:48.0372 0x0b74  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1880000
15:26:48.0372 0x0b74  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0x23B9A000
15:26:48.0372 0x0b74  ============================================================
15:26:48.0450 0x0b74  C: <-> \Device\Harddisk0\DR0\Partition2
15:26:48.0450 0x0b74  ============================================================
15:26:48.0450 0x0b74  Initialize success
15:26:48.0450 0x0b74  ============================================================
15:26:58.0080 0x0cc4  ============================================================
15:26:58.0080 0x0cc4  Scan started
15:26:58.0080 0x0cc4  Mode: Manual;
15:26:58.0080 0x0cc4  ============================================================
15:26:58.0080 0x0cc4  KSN ping started
15:27:01.0310 0x0cc4  KSN ping finished: true
15:27:03.0509 0x0cc4  ================ Scan system memory ========================
15:27:03.0509 0x0cc4  System memory - ok
15:27:03.0509 0x0cc4  ================ Scan services =============================
15:27:04.0991 0x0cc4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:27:04.0991 0x0cc4  1394ohci - ok
15:27:05.0007 0x0cc4  Suspicious service (NoAccess): 1cbccdb6771da47b
15:27:05.0116 0x0cc4  [ 039015F79A88101FB4D195583DDAA964, 5C885D57B0B8EC27C83650EE15703CDACEA9E25410679BF4BB3DC04A51BE5325 ] 1cbccdb6771da47b C:\Windows\System32\Drivers\1cbccdb6771da47b.sys
15:27:05.0116 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\1cbccdb6771da47b.sys. md5: 039015F79A88101FB4D195583DDAA964, sha256: 5C885D57B0B8EC27C83650EE15703CDACEA9E25410679BF4BB3DC04A51BE5325
15:27:05.0178 0x0cc4  1cbccdb6771da47b - detected Rootkit.Win32.Necurs.gen ( 0 )
15:27:07.0674 0x0cc4  1cbccdb6771da47b ( Rootkit.Win32.Necurs.gen ) - infected
15:27:07.0674 0x0cc4  Force sending object to P2P due to detect: C:\Windows\System32\Drivers\1cbccdb6771da47b.sys
15:27:10.0202 0x0cc4  Object send P2P result: true
15:27:13.0946 0x0cc4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:27:13.0961 0x0cc4  ACPI - ok
15:27:13.0992 0x0cc4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
15:27:14.0008 0x0cc4  AcpiPmi - ok
15:27:14.0304 0x0cc4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:14.0304 0x0cc4  AdobeARMservice - ok
15:27:14.0788 0x0cc4  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:14.0819 0x0cc4  AdobeFlashPlayerUpdateSvc - ok
15:27:14.0866 0x0cc4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
15:27:14.0882 0x0cc4  adp94xx - ok
15:27:14.0928 0x0cc4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\drivers\adpahci.sys
15:27:14.0944 0x0cc4  adpahci - ok
15:27:15.0053 0x0cc4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
15:27:15.0053 0x0cc4  adpu320 - ok
15:27:15.0116 0x0cc4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:27:15.0116 0x0cc4  AeLookupSvc - ok
15:27:15.0240 0x0cc4  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD            C:\Windows\system32\drivers\afd.sys
15:27:15.0240 0x0cc4  AFD - ok
15:27:15.0272 0x0cc4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:27:15.0272 0x0cc4  agp440 - ok
15:27:15.0287 0x0cc4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
15:27:15.0287 0x0cc4  ALG - ok
15:27:15.0334 0x0cc4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:27:15.0334 0x0cc4  aliide - ok
15:27:15.0412 0x0cc4  [ B9C8770F3061582DA3F9AB39071DEE37, 058C948F10B54EBDB95025A9EAC55F45CF3616BA834A1733B80A269E4ADF391B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:27:15.0412 0x0cc4  AMD External Events Utility - ok
15:27:15.0584 0x0cc4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:27:15.0584 0x0cc4  amdide - ok
15:27:15.0615 0x0cc4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
15:27:15.0615 0x0cc4  AmdK8 - ok
15:27:16.0083 0x0cc4  [ 31D7999C389C7F1EFFD4B861B64ECAA9, 50D9EE9F3D85D65ED50A87C70284FA130348464C314960EFED4232787016C7C8 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:27:16.0208 0x0cc4  amdkmdag - ok
15:27:16.0254 0x0cc4  [ 48E49CB63CB14E1A6EE80A14381213B0, 7A150F1D8B8C9FD5BFAB76C8999AD08F0771DE9D824D64F829B04E09CE29EB33 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:27:16.0270 0x0cc4  amdkmdap - ok
15:27:16.0286 0x0cc4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:27:16.0301 0x0cc4  AmdPPM - ok
15:27:16.0332 0x0cc4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:27:16.0348 0x0cc4  amdsata - ok
15:27:16.0379 0x0cc4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:27:16.0395 0x0cc4  amdsbs - ok
15:27:16.0395 0x0cc4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:27:16.0395 0x0cc4  amdxata - ok
15:27:16.0410 0x0cc4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\Windows\system32\drivers\appid.sys
15:27:16.0426 0x0cc4  AppID - ok
15:27:16.0457 0x0cc4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:27:16.0457 0x0cc4  AppIDSvc - ok
15:27:16.0488 0x0cc4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
15:27:16.0504 0x0cc4  Appinfo - ok
15:27:16.0535 0x0cc4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt        C:\Windows\System32\appmgmts.dll
15:27:16.0535 0x0cc4  AppMgmt - ok
15:27:16.0535 0x0cc4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\drivers\arc.sys
15:27:16.0551 0x0cc4  arc - ok
15:27:16.0551 0x0cc4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:27:16.0551 0x0cc4  arcsas - ok
15:27:16.0676 0x0cc4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:27:16.0722 0x0cc4  aspnet_state - ok
15:27:16.0754 0x0cc4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:16.0754 0x0cc4  AsyncMac - ok
15:27:16.0800 0x0cc4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
15:27:16.0800 0x0cc4  atapi - ok
15:27:16.0894 0x0cc4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:27:16.0910 0x0cc4  AudioEndpointBuilder - ok
15:27:16.0956 0x0cc4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:27:16.0972 0x0cc4  AudioSrv - ok
15:27:17.0034 0x0cc4  AVKWCtl - ok
15:27:17.0112 0x0cc4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:27:17.0112 0x0cc4  AxInstSV - ok
15:27:17.0190 0x0cc4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
15:27:17.0222 0x0cc4  b06bdrv - ok
15:27:17.0300 0x0cc4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:17.0300 0x0cc4  b57nd60a - ok
15:27:17.0378 0x0cc4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:27:17.0378 0x0cc4  BDESVC - ok
15:27:17.0409 0x0cc4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:27:17.0409 0x0cc4  Beep - ok
15:27:17.0487 0x0cc4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
15:27:17.0502 0x0cc4  BFE - ok
15:27:17.0580 0x0cc4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:27:17.0612 0x0cc4  BITS - ok
15:27:17.0658 0x0cc4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:27:17.0658 0x0cc4  blbdrive - ok
15:27:17.0752 0x0cc4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:27:17.0752 0x0cc4  bowser - ok
15:27:17.0783 0x0cc4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:27:17.0783 0x0cc4  BrFiltLo - ok
15:27:17.0783 0x0cc4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:27:17.0799 0x0cc4  BrFiltUp - ok
15:27:18.0407 0x0cc4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
15:27:20.0420 0x0cc4  Browser - ok
15:27:20.0466 0x0cc4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:27:20.0482 0x0cc4  Brserid - ok
15:27:20.0498 0x0cc4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:20.0498 0x0cc4  BrSerWdm - ok
15:27:20.0498 0x0cc4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:20.0513 0x0cc4  BrUsbMdm - ok
15:27:20.0513 0x0cc4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:27:20.0513 0x0cc4  BrUsbSer - ok
15:27:20.0529 0x0cc4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:27:20.0529 0x0cc4  BTHMODEM - ok
15:27:20.0576 0x0cc4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
15:27:20.0576 0x0cc4  bthserv - ok
15:27:20.0607 0x0cc4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:27:20.0622 0x0cc4  cdfs - ok
15:27:20.0654 0x0cc4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:27:20.0654 0x0cc4  cdrom - ok
15:27:20.0685 0x0cc4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
15:27:20.0700 0x0cc4  CertPropSvc - ok
15:27:20.0732 0x0cc4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:27:20.0732 0x0cc4  circlass - ok
15:27:20.0841 0x0cc4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:27:20.0872 0x0cc4  CLFS - ok
15:27:21.0106 0x0cc4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:21.0106 0x0cc4  clr_optimization_v2.0.50727_32 - ok
15:27:21.0246 0x0cc4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:21.0246 0x0cc4  clr_optimization_v2.0.50727_64 - ok
15:27:21.0558 0x0cc4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:22.0385 0x0cc4  clr_optimization_v4.0.30319_32 - ok
15:27:22.0385 0x0cc4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:22.0572 0x0cc4  clr_optimization_v4.0.30319_64 - ok
15:27:22.0604 0x0cc4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:27:22.0619 0x0cc4  CmBatt - ok
15:27:22.0650 0x0cc4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:27:22.0650 0x0cc4  cmdide - ok
15:27:22.0728 0x0cc4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG            C:\Windows\system32\Drivers\cng.sys
15:27:22.0728 0x0cc4  CNG - ok
15:27:22.0760 0x0cc4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:27:22.0775 0x0cc4  Compbatt - ok
15:27:22.0791 0x0cc4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:27:22.0791 0x0cc4  CompositeBus - ok
15:27:22.0806 0x0cc4  COMSysApp - ok
15:27:22.0838 0x0cc4  [ 3CA734CE373E5675FBC15CA2C45228E5, A6C6E9FABDE5EA18D266DB71C0CC6B51D682116D1898CCB4E9BA730F15C44B32 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
15:27:22.0853 0x0cc4  cpudrv64 - ok
15:27:22.0853 0x0cc4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
15:27:22.0869 0x0cc4  crcdisk - ok
15:27:22.0916 0x0cc4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:27:22.0916 0x0cc4  CryptSvc - ok
15:27:22.0962 0x0cc4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC            C:\Windows\system32\drivers\csc.sys
15:27:22.0962 0x0cc4  CSC - ok
15:27:23.0134 0x0cc4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:27:23.0150 0x0cc4  CscService - ok
15:27:23.0274 0x0cc4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:27:23.0274 0x0cc4  DcomLaunch - ok
15:27:23.0321 0x0cc4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
15:27:23.0321 0x0cc4  defragsvc - ok
15:27:23.0337 0x0cc4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:27:23.0337 0x0cc4  DfsC - ok
15:27:23.0415 0x0cc4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:27:23.0415 0x0cc4  Dhcp - ok
15:27:23.0493 0x0cc4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:27:23.0493 0x0cc4  discache - ok
15:27:23.0540 0x0cc4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:27:23.0540 0x0cc4  Disk - ok
15:27:23.0602 0x0cc4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc          C:\Windows\system32\drivers\dmvsc.sys
15:27:23.0602 0x0cc4  dmvsc - ok
15:27:23.0664 0x0cc4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:27:23.0664 0x0cc4  Dnscache - ok
15:27:23.0742 0x0cc4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:27:23.0758 0x0cc4  dot3svc - ok
15:27:23.0805 0x0cc4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
15:27:23.0820 0x0cc4  DPS - ok
15:27:23.0852 0x0cc4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:27:23.0867 0x0cc4  drmkaud - ok
15:27:23.0961 0x0cc4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:27:23.0976 0x0cc4  DXGKrnl - ok
15:27:24.0054 0x0cc4  [ BA01A130D2B850CA87483CE6AC1A2BBA, DFF760DB1A6F60A856D64F01C67B8FC075ABED9DD80FFA50AA681296FF56FCE0 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
15:27:24.0054 0x0cc4  e1cexpress - ok
15:27:24.0070 0x0cc4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
15:27:24.0070 0x0cc4  EapHost - ok
15:27:24.0507 0x0cc4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
15:27:24.0600 0x0cc4  ebdrv - ok
15:27:24.0663 0x0cc4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS            C:\Windows\System32\lsass.exe
15:27:24.0663 0x0cc4  EFS - ok
15:27:24.0788 0x0cc4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:27:24.0819 0x0cc4  ehRecvr - ok
15:27:24.0834 0x0cc4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
15:27:24.0834 0x0cc4  ehSched - ok
15:27:24.0897 0x0cc4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
15:27:24.0912 0x0cc4  elxstor - ok
15:27:24.0928 0x0cc4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:27:24.0928 0x0cc4  ErrDev - ok
15:27:24.0959 0x0cc4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
15:27:24.0975 0x0cc4  EventSystem - ok
15:27:25.0006 0x0cc4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
15:27:25.0006 0x0cc4  exfat - ok
15:27:25.0022 0x0cc4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:27:25.0037 0x0cc4  fastfat - ok
15:27:25.0084 0x0cc4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
15:27:25.0100 0x0cc4  Fax - ok
15:27:25.0100 0x0cc4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\drivers\fdc.sys
15:27:25.0100 0x0cc4  fdc - ok
15:27:25.0115 0x0cc4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
15:27:25.0115 0x0cc4  fdPHost - ok
15:27:25.0131 0x0cc4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:27:25.0131 0x0cc4  FDResPub - ok
15:27:25.0162 0x0cc4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:27:25.0162 0x0cc4  FileInfo - ok
15:27:25.0178 0x0cc4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:27:25.0178 0x0cc4  Filetrace - ok
15:27:25.0178 0x0cc4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:27:25.0178 0x0cc4  flpydisk - ok
15:27:25.0193 0x0cc4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:27:25.0209 0x0cc4  FltMgr - ok
15:27:25.0334 0x0cc4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache      C:\Windows\system32\FntCache.dll
15:27:25.0349 0x0cc4  FontCache - ok
15:27:25.0458 0x0cc4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:25.0458 0x0cc4  FontCache3.0.0.0 - ok
15:27:25.0490 0x0cc4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:27:25.0505 0x0cc4  FsDepends - ok
15:27:25.0536 0x0cc4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:27:25.0536 0x0cc4  Fs_Rec - ok
15:27:25.0583 0x0cc4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:27:25.0583 0x0cc4  fvevol - ok
15:27:25.0599 0x0cc4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:27:25.0599 0x0cc4  gagp30kx - ok
15:27:25.0599 0x0cc4  GDBehave - ok
15:27:25.0614 0x0cc4  GDMnIcpt - ok
15:27:25.0661 0x0cc4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
15:27:25.0677 0x0cc4  gpsvc - ok
15:27:25.0692 0x0cc4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:27:25.0692 0x0cc4  hcw85cir - ok
15:27:25.0724 0x0cc4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:27:25.0724 0x0cc4  HDAudBus - ok
15:27:25.0724 0x0cc4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
15:27:25.0724 0x0cc4  HidBatt - ok
15:27:25.0739 0x0cc4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:27:25.0739 0x0cc4  HidBth - ok
15:27:25.0770 0x0cc4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\drivers\hidir.sys
15:27:25.0770 0x0cc4  HidIr - ok
15:27:25.0786 0x0cc4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\system32\hidserv.dll
15:27:25.0802 0x0cc4  hidserv - ok
15:27:25.0833 0x0cc4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:27:25.0833 0x0cc4  HidUsb - ok
15:27:25.0848 0x0cc4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:27:25.0848 0x0cc4  hkmsvc - ok
15:27:25.0864 0x0cc4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:27:25.0880 0x0cc4  HomeGroupListener - ok
15:27:25.0895 0x0cc4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:27:25.0895 0x0cc4  HomeGroupProvider - ok
15:27:25.0926 0x0cc4  [ 4CA17EE22B340DE8B85F6CEB3445E6DB, EE9D30CCDC80C16DA25F8054CF152586A3CCBACF2EEBE279C3BF7175D15375BB ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
15:27:25.0926 0x0cc4  HookCentre - ok
15:27:25.0958 0x0cc4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:27:25.0958 0x0cc4  HpSAMD - ok
15:27:25.0989 0x0cc4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:27:26.0004 0x0cc4  HTTP - ok
15:27:26.0020 0x0cc4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:27:26.0020 0x0cc4  hwpolicy - ok
15:27:26.0051 0x0cc4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:27:26.0051 0x0cc4  i8042prt - ok
15:27:26.0082 0x0cc4  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:27:26.0098 0x0cc4  iaStor - ok
15:27:26.0160 0x0cc4  [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:27:26.0160 0x0cc4  IAStorDataMgrSvc - ok
15:27:26.0176 0x0cc4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:27:26.0192 0x0cc4  iaStorV - ok
15:27:26.0363 0x0cc4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:26.0410 0x0cc4  idsvc - ok
15:27:26.0426 0x0cc4  IEEtwCollectorService - ok
15:27:26.0441 0x0cc4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
15:27:26.0457 0x0cc4  iirsp - ok
15:27:26.0504 0x0cc4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:27:26.0519 0x0cc4  IKEEXT - ok
15:27:26.0597 0x0cc4  [ 19F9D8F7C996D5AE22E913491C912009, 1E733E34F2D39203216F3542F1A5818F3EA21CE51F434FE3B255CB6BF0B048FC ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
15:27:26.0597 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTDVHD64.sys. md5: 19F9D8F7C996D5AE22E913491C912009, sha256: 1E733E34F2D39203216F3542F1A5818F3EA21CE51F434FE3B255CB6BF0B048FC
15:27:26.0597 0x0cc4  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
15:27:29.0000 0x0cc4  Detect skipped due to KSN trusted
15:27:29.0000 0x0cc4  IntcAzAudAddService - ok
15:27:29.0031 0x0cc4  [ D7B978F4504D3DA95A21002863D0E7EE, 17B4B4F9334EF874FF7DF30C63D4541142DD0324F842050AC755B170F46C3159 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
15:27:29.0031 0x0cc4  Intel(R) PROSet Monitoring Service - ok
15:27:29.0062 0x0cc4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:27:29.0062 0x0cc4  intelide - ok
15:27:29.0109 0x0cc4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:27:29.0109 0x0cc4  intelppm - ok
15:27:29.0156 0x0cc4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:27:29.0171 0x0cc4  IPBusEnum - ok
15:27:29.0187 0x0cc4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:29.0187 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
15:27:29.0187 0x0cc4  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
15:27:31.0589 0x0cc4  Detect skipped due to KSN trusted
15:27:31.0589 0x0cc4  IpFilterDriver - ok
15:27:32.0057 0x0cc4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:27:32.0073 0x0cc4  iphlpsvc - ok
15:27:32.0120 0x0cc4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
15:27:32.0120 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
15:27:32.0120 0x0cc4  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
15:27:34.0584 0x0cc4  Detect skipped due to KSN trusted
15:27:34.0584 0x0cc4  IPMIDRV - ok
15:27:34.0694 0x0cc4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:27:34.0694 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
15:27:34.0694 0x0cc4  IPNAT - detected LockedFile.Multi.Generic ( 1 )
15:27:37.0096 0x0cc4  Detect skipped due to KSN trusted
15:27:37.0096 0x0cc4  IPNAT - ok
15:27:37.0704 0x0cc4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:27:37.0704 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
15:27:37.0704 0x0cc4  IRENUM - detected LockedFile.Multi.Generic ( 1 )
15:27:40.0169 0x0cc4  Detect skipped due to KSN trusted
15:27:40.0169 0x0cc4  IRENUM - ok
15:27:40.0278 0x0cc4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:27:40.0278 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
15:27:40.0278 0x0cc4  isapnp - detected LockedFile.Multi.Generic ( 1 )
15:27:42.0743 0x0cc4  Detect skipped due to KSN trusted
15:27:42.0743 0x0cc4  isapnp - ok
15:27:42.0837 0x0cc4  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:27:42.0837 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
15:27:42.0837 0x0cc4  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
15:27:45.0317 0x0cc4  Detect skipped due to KSN trusted
15:27:45.0317 0x0cc4  iScsiPrt - ok
15:27:45.0411 0x0cc4  [ 6C85719A21B3F62C2C76280F4BD36C7B, 471E333467937720EF9369419EEDE5C2246C976123B437E0AC66F394CF1C056A ] jhi_service    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
15:27:45.0426 0x0cc4  jhi_service - ok
15:27:45.0473 0x0cc4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:27:45.0473 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
15:27:45.0473 0x0cc4  kbdclass - detected LockedFile.Multi.Generic ( 1 )
15:27:47.0875 0x0cc4  Detect skipped due to KSN trusted
15:27:47.0875 0x0cc4  kbdclass - ok
15:27:47.0875 0x0cc4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:27:47.0875 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
15:27:47.0875 0x0cc4  kbdhid - detected LockedFile.Multi.Generic ( 1 )
15:27:50.0979 0x0cc4  Detect skipped due to KSN trusted
15:27:50.0979 0x0cc4  kbdhid - ok
15:27:51.0010 0x0cc4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
15:27:51.0010 0x0cc4  KeyIso - ok
15:27:51.0072 0x0cc4  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:27:51.0072 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A
15:27:51.0072 0x0cc4  KSecDD - detected LockedFile.Multi.Generic ( 1 )
15:27:53.0535 0x0cc4  Detect skipped due to KSN trusted
15:27:53.0535 0x0cc4  KSecDD - ok
15:27:53.0551 0x0cc4  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:27:53.0551 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD
15:27:53.0551 0x0cc4  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
15:27:55.0952 0x0cc4  Detect skipped due to KSN trusted
15:27:55.0952 0x0cc4  KSecPkg - ok
15:27:55.0983 0x0cc4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
15:27:55.0983 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
15:27:55.0983 0x0cc4  ksthunk - detected LockedFile.Multi.Generic ( 1 )
15:27:58.0446 0x0cc4  Detect skipped due to KSN trusted
15:27:58.0446 0x0cc4  ksthunk - ok
15:27:58.0680 0x0cc4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:27:58.0696 0x0cc4  KtmRm - ok
15:27:58.0742 0x0cc4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:27:58.0742 0x0cc4  LanmanServer - ok
15:27:58.0758 0x0cc4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:27:58.0758 0x0cc4  LanmanWorkstation - ok
15:27:58.0789 0x0cc4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:27:58.0789 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
15:27:58.0789 0x0cc4  lltdio - detected LockedFile.Multi.Generic ( 1 )
15:28:01.0268 0x0cc4  Detect skipped due to KSN trusted
15:28:01.0268 0x0cc4  lltdio - ok
15:28:01.0299 0x0cc4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:28:01.0315 0x0cc4  lltdsvc - ok
15:28:01.0346 0x0cc4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:28:01.0346 0x0cc4  lmhosts - ok
15:28:01.0408 0x0cc4  [ 713B289020B0C72DBAE93EB1EC79B28B, D15713E72D22D183C4AF7B75E74AF3F82F946C7B2AA841DB2B49D88FEF7C5853 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:28:01.0424 0x0cc4  LMS - ok
15:28:01.0455 0x0cc4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:28:01.0455 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
15:28:01.0455 0x0cc4  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
15:28:03.0918 0x0cc4  Detect skipped due to KSN trusted
15:28:03.0918 0x0cc4  LSI_FC - ok
15:28:03.0934 0x0cc4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
15:28:03.0934 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
15:28:03.0934 0x0cc4  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
15:28:06.0276 0x0cc4  Detect skipped due to KSN trusted
15:28:06.0276 0x0cc4  LSI_SAS - ok
15:28:06.0303 0x0cc4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:28:06.0303 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
15:28:06.0303 0x0cc4  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
15:28:08.0726 0x0cc4  Detect skipped due to KSN trusted
15:28:08.0726 0x0cc4  LSI_SAS2 - ok
15:28:08.0752 0x0cc4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:28:08.0753 0x0cc4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
15:28:08.0753 0x0cc4  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
15:28:11.0180 0x0cc4  Detect skipped due to KSN trusted
15:28:11.0180 0x0cc4  LSI_SCSI - ok
15:28:11.0191 0x0cc4  Scan was interrupted by user!
15:28:11.0227 0x0cc4  Win FW state via NFP2: enabled
15:28:13.0574 0x0cc4  ============================================================
15:28:13.0574 0x0cc4  Scan finished
15:28:13.0574 0x0cc4  ============================================================
15:28:13.0581 0x0c9c  Detected object count: 1
15:28:13.0581 0x0c9c  Actual detected object count: 1
15:28:18.0597 0x0c9c  C:\Windows\System32\Drivers\1cbccdb6771da47b.sys - copied to quarantine
15:28:18.0597 0x0c9c  HKLM\SYSTEM\ControlSet001\services\1cbccdb6771da47b - will be deleted on reboot
15:28:18.0610 0x0c9c  HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b - will be deleted on reboot
15:28:18.0769 0x0c9c  C:\Windows\System32\Drivers\1cbccdb6771da47b.sys - will be deleted on reboot
15:28:18.0770 0x0c9c  1cbccdb6771da47b ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:28:19.0639 0x0c9c  KLMD registered as C:\Windows\system32\drivers\72731850.sys
15:28:27.0604 0x0b40  Deinitialize success

Samos 25.04.2014 15:28
Log 2 gekürzt
Code:
15:43:27.0002 0x083c  TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50
15:43:27.0377 0x083c  ============================================================
15:43:27.0377 0x083c  Current date / time: 2014/04/25 15:43:27.0377
15:43:27.0377 0x083c  SystemInfo:
15:43:27.0377 0x083c 
15:43:27.0377 0x083c  OS Version: 6.1.7601 ServicePack: 1.0
15:43:27.0377 0x083c  Product type: Workstation
15:43:27.0377 0x083c  ComputerName:
15:43:27.0392 0x083c  UserName:
15:43:27.0392 0x083c  Windows directory: C:\Windows
15:43:27.0392 0x083c  System windows directory: C:\Windows
15:43:27.0392 0x083c  Running under WOW64
15:43:27.0392 0x083c  Processor architecture: Intel x64
15:43:27.0392 0x083c  Number of processors: 8
15:43:27.0392 0x083c  Page size: 0x1000
15:43:27.0392 0x083c  Boot type: Normal boot
15:43:27.0392 0x083c  ============================================================
15:43:27.0392 0x083c  BG loaded
15:43:27.0455 0x083c  System UUID: {47825797-1968-70A5-E70A-EB250F488D52}
15:43:32.0431 0x083c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:32.0431 0x083c  ============================================================
15:43:32.0431 0x083c  \Device\Harddisk0\DR0:
15:43:32.0431 0x083c  MBR partitions:
15:43:32.0431 0x083c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1880000
15:43:32.0431 0x083c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0x23B9A000
15:43:32.0431 0x083c  ============================================================
15:43:32.0509 0x083c  C: <-> \Device\Harddisk0\DR0\Partition2
15:43:32.0509 0x083c  ============================================================
15:43:32.0509 0x083c  Initialize success
15:43:32.0509 0x083c  ============================================================
15:44:45.0567 0x1278  ============================================================
15:44:45.0567 0x1278  Scan started
15:44:45.0567 0x1278  Mode: Manual; SigCheck; TDLFS;
15:44:45.0567 0x1278  ============================================================
15:44:45.0567 0x1278  KSN ping started
15:44:48.0002 0x1278  KSN ping finished: true
15:44:49.0766 0x1278  ================ Scan system memory ========================
15:44:49.0766 0x1278  System memory - ok
15:44:49.0766 0x1278  ================ Scan services =============================
15:44:50.0015 0x1278  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:44:50.0109 0x1278  1394ohci - ok
15:44:50.0125 0x1278  Suspicious service (NoAccess): 9ad6de89f537b53e
15:44:50.0140 0x1278  [ 3ACF9155739626FE2D65BFE1ED37B391, 8F9CD1C200B084F96281B341DA13BE7FEE0E677C4E5F2D0054867F83BC6D46C9 ] 9ad6de89f537b53e C:\Windows\System32\Drivers\9ad6de89f537b53e.sys
15:44:50.0140 0x1278  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\9ad6de89f537b53e.sys. md5: 3ACF9155739626FE2D65BFE1ED37B391, sha256: 8F9CD1C200B084F96281B341DA13BE7FEE0E677C4E5F2D0054867F83BC6D46C9
15:44:50.0156 0x1278  9ad6de89f537b53e - detected Rootkit.Win32.Necurs.gen ( 0 )
15:44:52.0684 0x1278  9ad6de89f537b53e ( Rootkit.Win32.Necurs.gen ) - infected
15:44:52.0684 0x1278  Force sending object to P2P due to detect: C:\Windows\System32\Drivers\9ad6de89f537b53e.sys
15:45:02.0018 0x1278  Object send P2P result: true
15:45:04.0563 0x1278  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:45:04.0563 0x1278  ACPI - ok
15:45:04.0625 0x1278  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
15:45:04.0890 0x1278  AcpiPmi - ok
15:45:05.0203 0x1278  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:45:05.0203 0x1278  AdobeARMservice - ok
15:45:05.0796 0x1278  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:45:05.0842 0x1278  AdobeFlashPlayerUpdateSvc - ok
15:45:05.0999 0x1278  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
15:45:06.0030 0x1278  adp94xx - ok
15:45:06.0108 0x1278  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\drivers\adpahci.sys
15:45:06.0139 0x1278  adpahci - ok
15:45:06.0201 0x1278  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
15:45:06.0233 0x1278  adpu320 - ok
15:45:06.0280 0x1278  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:45:07.0794 0x1278  AeLookupSvc - ok
15:45:07.0887 0x1278  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD            C:\Windows\system32\drivers\afd.sys
15:45:07.0996 0x1278  AFD - ok
15:45:08.0043 0x1278  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:45:08.0043 0x1278  agp440 - ok
15:45:08.0106 0x1278  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
15:45:08.0246 0x1278  ALG - ok
15:45:09.0027 0x1278  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:45:09.0042 0x1278  aliide - ok
15:45:09.0136 0x1278  [ B9C8770F3061582DA3F9AB39071DEE37, 058C948F10B54EBDB95025A9EAC55F45CF3616BA834A1733B80A269E4ADF391B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:45:09.0745 0x1278  AMD External Events Utility - ok
15:45:09.0791 0x1278  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:45:09.0807 0x1278  amdide - ok
15:45:09.0823 0x1278  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
15:45:09.0838 0x1278  AmdK8 - ok
15:45:10.0150 0x1278  [ 31D7999C389C7F1EFFD4B861B64ECAA9, 50D9EE9F3D85D65ED50A87C70284FA130348464C314960EFED4232787016C7C8 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:45:10.0369 0x1278  amdkmdag - ok
15:45:10.0400 0x1278  [ 48E49CB63CB14E1A6EE80A14381213B0, 7A150F1D8B8C9FD5BFAB76C8999AD08F0771DE9D824D64F829B04E09CE29EB33 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:45:10.0416 0x1278  amdkmdap - ok
15:45:10.0431 0x1278  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:45:10.0463 0x1278  AmdPPM - ok
15:45:10.0494 0x1278  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:45:10.0509 0x1278  amdsata - ok
15:45:10.0525 0x1278  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:45:10.0525 0x1278  amdsbs - ok
15:45:10.0541 0x1278  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:45:10.0541 0x1278  amdxata - ok
15:45:10.0556 0x1278  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\Windows\system32\drivers\appid.sys
15:45:11.0134 0x1278  AppID - ok
15:45:11.0166 0x1278  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:45:11.0213 0x1278  AppIDSvc - ok
15:45:11.0291 0x1278  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
15:45:11.0322 0x1278  Appinfo - ok
15:45:11.0385 0x1278  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt        C:\Windows\System32\appmgmts.dll
15:45:11.0390 0x1278  AppMgmt - ok
15:45:11.0417 0x1278  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\drivers\arc.sys
15:45:11.0425 0x1278  arc - ok
15:45:11.0446 0x1278  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:45:11.0453 0x1278  arcsas - ok
15:45:11.0757 0x1278  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:45:11.0835 0x1278  aspnet_state - ok
15:45:11.0881 0x1278  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:12.0069 0x1278  AsyncMac - ok
15:45:12.0209 0x1278  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
15:45:12.0225 0x1278  atapi - ok
15:45:12.0381 0x1278  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:45:12.0428 0x1278  AudioEndpointBuilder - ok
15:45:12.0459 0x1278  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:45:12.0490 0x1278  AudioSrv - ok
15:45:12.0646 0x1278  AVKWCtl - ok
15:45:12.0724 0x1278  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:45:12.0912 0x1278  AxInstSV - ok
15:45:12.0958 0x1278  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
15:45:13.0021 0x1278  b06bdrv - ok
15:45:13.0099 0x1278  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:45:13.0146 0x1278  b57nd60a - ok
15:45:13.0193 0x1278  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:45:13.0224 0x1278  BDESVC - ok
15:45:13.0255 0x1278  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:45:13.0286 0x1278  Beep - ok
15:45:13.0364 0x1278  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
15:45:13.0411 0x1278  BFE - ok
15:45:13.0552 0x1278  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:45:13.0598 0x1278  BITS - ok
15:45:13.0630 0x1278  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:45:13.0645 0x1278  blbdrive - ok
15:45:13.0692 0x1278  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:45:13.0723 0x1278  bowser - ok
15:45:13.0739 0x1278  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:45:13.0754 0x1278  BrFiltLo - ok
15:45:13.0770 0x1278  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:45:13.0770 0x1278  BrFiltUp - ok
15:45:13.0817 0x1278  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
15:45:13.0832 0x1278  Browser - ok
15:45:13.0848 0x1278  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:45:13.0879 0x1278  Brserid - ok
15:45:13.0879 0x1278  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:45:13.0911 0x1278  BrSerWdm - ok
15:45:13.0911 0x1278  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:45:13.0942 0x1278  BrUsbMdm - ok
15:45:13.0942 0x1278  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:45:13.0957 0x1278  BrUsbSer - ok
15:45:13.0957 0x1278  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:45:13.0973 0x1278  BTHMODEM - ok
15:45:14.0020 0x1278  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
15:45:14.0035 0x1278  bthserv - ok
15:45:14.0051 0x1278  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:45:14.0082 0x1278  cdfs - ok
15:45:14.0113 0x1278  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:45:14.0129 0x1278  cdrom - ok
15:45:14.0160 0x1278  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
15:45:14.0176 0x1278  CertPropSvc - ok
15:45:14.0191 0x1278  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:45:14.0207 0x1278  circlass - ok
15:45:14.0223 0x1278  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:45:14.0238 0x1278  CLFS - ok
==============================
15:46:03.0649 0x1278  Scan finished
15:46:03.0649 0x1278  ============================================================
15:46:03.0649 0x1270  Detected object count: 2
15:46:03.0649 0x1270  Actual detected object count: 2
15:46:45.0077 0x1270  C:\Windows\System32\Drivers\9ad6de89f537b53e.sys - copied to quarantine
15:46:45.0092 0x1270  HKLM\SYSTEM\ControlSet001\services\9ad6de89f537b53e - will be deleted on reboot
15:46:45.0108 0x1270  HKLM\SYSTEM\ControlSet002\services\9ad6de89f537b53e - will be deleted on reboot
15:46:45.0280 0x1270  C:\Windows\System32\Drivers\9ad6de89f537b53e.sys - will be deleted on reboot
15:46:45.0280 0x1270  9ad6de89f537b53e ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:46:45.0311 0x1270  C:\Windows\Installer\{2A05AD0F-BA3A-B16D-A14C-1E0D810830C6}\syshost.exe - copied to quarantine
15:46:45.0311 0x1270  HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
15:46:45.0326 0x1270  HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
15:46:45.0326 0x1270  C:\Windows\Installer\{2A05AD0F-BA3A-B16D-A14C-1E0D810830C6}\syshost.exe - will be deleted on reboot
15:46:45.0326 0x1270  syshost32 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:46:45.0389 0x1270  KLMD registered as C:\Windows\system32\drivers\89153646.sys
15:47:04.0010 0x0ba8  Deinitialize success

mort 25.04.2014 18:36
Ich habe zwar nocht nicht gesagt, dass du es löschen sollst, aber ok. Versuche aber nun die Anleitungen zu befolgen.

ADWCleaner ist wie der Name auch sagt nur für Adware. Für Rootkits braucht man da schon was anders.

Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Samos 26.04.2014 16:37
Hallo mort, hier das log wie gewünscht
Warum wurde antispy gelöscht ?
Kann es sein, dass der Papierkorb ungefragt gelöscht wurde?

Code:
ComboFix 14-04-26.01 - ver***2 26.04.2014  17:22:09.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8149.6766 [GMT 2:00]
ausgeführt von:: c:\users\ver***2.HV-****\Desktop\ComboFix.exe
AV: G Data AntiVirus *Enabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
SP: G Data AntiVirus *Enabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-26 bis 2014-04-26  ))))))))))))))))))))))))))))))
.
.
2014-04-26 15:27 . 2014-04-26 15:27        --------        d-----w-        c:\users\ver***2\AppData\Local\temp
2014-04-26 15:27 . 2014-04-26 15:27        --------        d-----w-        c:\users\VERWAL~1~HV-\AppData\Local\temp
2014-04-26 14:52 . 2014-04-26 14:52        --------        d-sh--w-        c:\users\ver***2.HV-****\AppData\Local\EmieUserList
2014-04-26 14:52 . 2014-04-26 14:52        --------        d-sh--w-        c:\users\ver***2.HV-****\AppData\Local\EmieSiteList
2014-04-26 14:28 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-04-26 14:28 . 2014-01-03 22:44        6574592        ----a-w-        c:\windows\system32\mstscax.dll
2014-04-25 15:20 . 2014-04-25 15:20        --------        d-s---w-        c:\windows\system32\CompatTel
2014-04-25 14:54 . 2014-03-06 08:32        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-04-25 14:54 . 2014-03-06 06:00        359936        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2014-04-25 14:54 . 2014-03-06 05:50        257536        ----a-w-        c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-25 14:48 . 2013-09-25 02:23        1030144        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-04-25 14:48 . 2013-09-25 01:57        792576        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-04-25 14:48 . 2014-04-14 02:24        465408        ----a-w-        c:\windows\system32\aepdu.dll
2014-04-25 14:48 . 2014-04-14 02:19        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-04-25 14:45 . 2014-04-25 14:45        106272        ----a-w-        c:\windows\system32\drivers\GRD.sys
2014-04-25 14:45 . 2014-04-25 14:45        18160        ----a-w-        c:\windows\system32\drivers\GdPhyMem.sys
2014-04-25 14:44 . 2014-04-25 14:44        64000        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2014-04-25 14:44 . 2014-04-25 14:44        59392        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2014-04-25 14:44 . 2014-04-25 14:44        130560        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2014-04-25 14:03 . 2014-01-24 02:37        1684928        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2014-04-24 17:38 . 2014-04-25 14:30        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2014-04-24 17:38 . 2014-04-25 14:35        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-24 17:37 . 2014-04-24 17:37        --------        d-----w-        c:\users\ver***2.HV-****\AppData\Local\Programs
2014-04-24 17:02 . 2014-04-24 17:02        --------        d-----w-        C:\Logs
2014-04-24 16:59 . 2014-04-24 16:59        --------        d-----w-        c:\users\Administrator\AppData\Local\Deployment
2014-04-24 16:59 . 2014-04-24 16:59        --------        d-----w-        c:\users\Administrator\AppData\Local\Apps
2014-04-24 16:57 . 2014-04-24 16:57        --------        d-----w-        c:\users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 16:56 . 2014-04-24 16:56        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 16:56 . 2014-04-24 16:56        --------        d-----w-        c:\users\Administrator\AppData\Roaming\ATI
2014-04-24 16:56 . 2014-04-24 16:56        --------        d-----w-        c:\users\Administrator\AppData\Local\G DATA
2014-04-24 16:56 . 2014-04-24 16:56        --------        d-----w-        c:\users\Administrator\AppData\Local\ATI
2014-04-24 16:56 . 2014-04-24 16:56        --------        d-----w-        c:\users\Administrator\AppData\Local\Adobe
2014-04-15 07:05 . 2014-04-15 07:05        --------        d-----w-        c:\windows\SysWow64\140415-090542
2014-04-14 07:33 . 2014-04-14 07:33        --------        d-----w-        c:\windows\SysWow64\140414-093340
2014-04-11 07:07 . 2014-04-11 07:07        --------        d-----w-        c:\windows\SysWow64\140411-090722
2014-04-10 07:44 . 2014-04-10 07:44        --------        d-----w-        c:\windows\SysWow64\140410-094436
2014-04-09 15:19 . 2014-04-09 15:19        --------        d-----w-        c:\windows\SysWow64\140409-171911
2014-04-09 07:14 . 2014-04-09 07:14        --------        d-----w-        c:\windows\SysWow64\140409-091416
2014-04-08 06:42 . 2014-04-08 06:42        --------        d-----w-        c:\windows\SysWow64\140408-084247
2014-04-07 06:46 . 2014-04-07 06:46        --------        d-----w-        c:\windows\SysWow64\140407-084620
2014-04-04 09:17 . 2014-04-04 09:17        --------        d-----w-        c:\windows\SysWow64\140404-111746
2014-04-03 13:21 . 2014-04-03 13:21        --------        d-----w-        c:\windows\SysWow64\140403-152125
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-25 14:44 . 2011-12-05 17:28        65024        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2014-03-31 01:51 . 2011-12-05 17:04        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-18 10:56 . 2014-03-18 10:56        45056        ----a-r-        c:\users\ver***2.HV-****\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\NewShortcut2_7024F073510147169F4B28E8B73F2DCF.exe
2014-03-18 10:56 . 2014-03-18 10:56        45056        ----a-r-        c:\users\ver***2.HV-****\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\NewShortcut1_9B3D64ED28EC4E27B62740E65B802B3A.exe
2014-03-18 10:56 . 2014-03-18 10:56        45056        ----a-r-        c:\users\ver***2.HV-****\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\ARPPRODUCTICON.exe
2014-03-12 11:38 . 2012-07-16 14:35        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:38 . 2011-11-28 08:32        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-25 14:11        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-13 08:22        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 08:22        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 08:22        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 08:22        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 08:22        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 08:22        484864        ----a-w-        c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 08:22        381440        ----a-w-        c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-13 08:22        228864        ----a-w-        c:\windows\system32\wwansvc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSystemDetect"="c:\users\ver***2.HV-****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe" [2014-04-24 254976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-01-23 113656]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-18 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
"SharpTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\SharpTray.exe" [2011-04-20 131584]
"FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2011-04-19 820224]
"IndexTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2011-04-20 395264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVK Client"="c:\program files (x86)\G Data\AVKClient\AVKCl.exe" [2014-01-15 4191352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoAutoUpdate"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"TaskbarLockAll"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirusKit Client;G Data Security Client;c:\program files (x86)\G Data\AVKClient\AVKCl.exe;c:\program files (x86)\G Data\AVKClient\AVKCl.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [x]
R4 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AVKClient\AVKWCtlX64.exe;c:\program files (x86)\G Data\AVKClient\AVKWCtlX64.exe [x]
R4 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\AVKClient\AVKBackupService.exe;c:\program files (x86)\G Data\AVKClient\AVKBackupService.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 11:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 17:46        139128        ----a-w-        c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 17:46        139128        ----a-w-        c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: Interfaces\{B1E823EF-B08D-4E46-963C-D1994057A2A7}: NameServer = 192.168.1.6
FF - ProfilePath - c:\users\ver***2.HV-****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-09140934.sys
SafeBoot-14600248.sys
SafeBoot-38582133.sys
SafeBoot-67496163.sys
SafeBoot-68721988.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\Sharp\Sharpdesk\nsapp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-26  17:33:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-26 15:33
.
Vor Suchlauf: 14 Verzeichnis(se), 211.473.080.320 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 210.722.922.496 Bytes frei
.
- - End Of File - - D882E3618B821AEDBD19A91800176F17

mort 26.04.2014 18:25
xp-antispy kannst du am Schluss wieder installieren. Wir machen nur noch ein paar Kontrollscans.

Schritt 1

Bitte lade dir wuauserv.reg von Bleeping Computers runter und speichere sie auf dem Desktop. Starte diese Datei mit einem Doppelklick und bestätige folgendes Fenster mit Ja.

Drücke nun die Windowstaste + R Taste und schreibe cmd in das Ausführen Fenster. Schreibe nun folgende Zeile in das Fenster und drück Enter.
Zitat:
regsvr32 %SystemRoot%\system32\wuaueng.dll
Dann starte deinen Computer neu und schaue ob der "Windows-Update" Service wieder läuft.

Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Gibt es noch ein Problem?

Samos 26.04.2014 21:27
HI dorm, es scheint alles ok zu sein.
Windows update funktioniert auch wieder!
Vielen Dank nochmals!!!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 26.04.2014
Suchlauf-Zeit: 19:51:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.26.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer:

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335530
Verstrichene Zeit: 17 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=448773c85305044e8a0a637819aa19bb
# engine=18042
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-26 08:14:04
# local_time=2014-04-26 10:14:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 24562719 150173094 0 0
# scanned=167956
# found=0
# cleaned=0
# scan_time=3377

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 03
Ran by  (administrator) on on 26-04-2014 22:21:09
Running from C:\Users
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKBackupService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Dell) C:\Users\*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SharpTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [131584 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [820224 2011-04-19] (SHARP CORPORATION)
HKLM-x32\...\Run: [IndexTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [395264 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVK Client] => C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe [4191352 2014-01-15] (G Data Software AG)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Run: [DellSystemDetect] => C:\Users\*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [TaskbarLockAll] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0A199814-C811-40F1-B5C7-860B46557B13} URL =
SearchScopes: HKCU - {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} -  No File
Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
Tcpip\..\Interfaces\{B1E823EF-B08D-4E46-963C-D1994057A2A7}: [NameServer]192.168.1.6

FireFox:
========
FF ProfilePath: C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\searchplugins\preissuchmaschine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-26]
FF Extension: FRITZ!Box AddOn - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: WOT - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-03]
FF Extension: Adblock Plus - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-28]

==================== Services (Whitelisted) =================

R2 AntiVirusKit Client; C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe [4191352 2014-01-15] (G Data Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1990264 2014-01-15] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe [2572520 2014-01-15] (G Data Software AG)
R2 GDBackupSvc; C:\Program Files (x86)\G Data\AVKClient\AVKBackupService.exe [1947768 2014-01-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [709240 2014-01-15] (G Data Software AG)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [59392 2014-04-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130560 2014-04-25] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-04-25] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-25] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-04-25] (G Data Software AG)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 22:21 - 2014-04-26 22:21 - 00014154 _____ () C:\Users\*****2.HV-*****\Desktop\FRST.txt
2014-04-26 22:21 - 2014-04-26 22:21 - 00000000 ____D () C:\FRST
2014-04-26 22:20 - 2014-04-26 22:20 - 02061824 _____ (Farbar) C:\Users\*****2.HV-*****\Desktop\FRST64.exe
2014-04-26 21:15 - 2014-04-26 21:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-26 21:14 - 2014-04-26 21:15 - 02347384 _____ (ESET) C:\Users\*****2.HV-*****\Desktop\esetsmartinstaller_deu.exe
2014-04-26 21:12 - 2014-04-26 21:14 - 00001144 _____ () C:\Users\*****2.HV-*****\Desktop\mbam.txt
2014-04-26 19:33 - 2014-04-26 21:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 19:33 - 2014-04-26 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 19:32 - 2014-04-26 19:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*****2.HV-*****\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 19:29 - 2014-04-26 19:29 - 00006176 _____ () C:\Users\*****2.HV-*****\Desktop\wuauserv.reg
2014-04-26 17:33 - 2014-04-26 17:33 - 00022711 _____ () C:\ComboFix.txt
2014-04-26 17:20 - 2014-04-26 17:33 - 00000000 ____D () C:\Qoobox
2014-04-26 17:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-26 17:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-26 17:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-26 17:19 - 2014-04-26 17:32 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieUserList
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieSiteList
2014-04-26 16:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-26 16:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-25 17:20 - 2014-04-25 17:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 17:16 - 2014-04-25 17:16 - 00000977 _____ () C:\DelFix.txt
2014-04-25 16:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-25 16:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-25 16:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-25 16:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-25 16:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-25 16:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-25 16:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-25 16:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-25 16:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-25 16:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-25 16:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-25 16:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-25 16:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-25 16:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-25 16:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-25 16:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-25 16:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-25 16:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-25 16:53 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-25 16:53 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-25 16:53 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-25 16:53 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-25 16:53 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-25 16:53 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-25 16:53 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-25 16:53 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-25 16:53 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-25 16:53 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-25 16:53 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 16:53 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-25 16:53 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-25 16:53 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-25 16:53 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-25 16:53 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-25 16:53 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-25 16:53 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-25 16:53 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-25 16:53 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-25 16:53 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-25 16:53 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-25 16:53 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-25 16:53 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-25 16:53 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-25 16:53 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-25 16:53 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-25 16:53 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-25 16:53 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-25 16:53 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-25 16:53 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-25 16:53 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-25 16:53 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-25 16:53 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-25 16:53 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-25 16:53 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-25 16:53 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-25 16:53 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-25 16:53 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-25 16:53 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-25 16:53 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-25 16:53 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-25 16:53 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-25 16:53 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-25 16:53 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-25 16:53 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-25 16:48 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-25 16:48 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-25 16:48 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-25 16:48 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-25 16:45 - 2014-04-25 16:45 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-04-25 16:45 - 2014-04-25 16:45 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00130560 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00059392 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-04-25 16:30 - 2014-04-25 16:30 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 16:11 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-25 16:11 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-25 16:11 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-25 16:11 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-25 16:11 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-25 16:11 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-25 16:11 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-25 16:11 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-25 16:11 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-25 16:11 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-25 16:11 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-25 16:11 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-25 16:03 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\*****2.HV-*****\defogger_reenable
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-25 16:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2014-04-25 16:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:11 - 2014-04-25 16:41 - 00002182 ____H () C:\Users\*****2.HV-*****\Documents\Default.rdp
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:55 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-26 22:21 - 2014-04-26 22:21 - 00014154 _____ () C:\Users\*****2.HV-*****\Desktop\FRST.txt
2014-04-26 22:21 - 2014-04-26 22:21 - 00000000 ____D () C:\FRST
2014-04-26 22:20 - 2014-04-26 22:20 - 02061824 _____ (Farbar) C:\Users\*****2.HV-*****\Desktop\FRST64.exe
2014-04-26 21:38 - 2012-07-16 16:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 21:16 - 2011-12-05 19:36 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-26 21:15 - 2014-04-26 21:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-26 21:15 - 2014-04-26 21:14 - 02347384 _____ (ESET) C:\Users\*****2.HV-*****\Desktop\esetsmartinstaller_deu.exe
2014-04-26 21:14 - 2014-04-26 21:12 - 00001144 _____ () C:\Users\*****2.HV-*****\Desktop\mbam.txt
2014-04-26 21:13 - 2014-04-26 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 19:38 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 19:38 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 19:37 - 2010-11-21 08:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-04-26 19:37 - 2010-11-21 08:50 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-04-26 19:37 - 2009-07-14 07:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 19:33 - 2014-04-26 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 19:32 - 2014-04-26 19:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*****2.HV-*****\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 19:32 - 2011-11-28 10:30 - 01597375 _____ () C:\Windows\WindowsUpdate.log
2014-04-26 19:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 19:30 - 2009-07-14 06:51 - 00073248 _____ () C:\Windows\setupact.log
2014-04-26 19:29 - 2014-04-26 19:29 - 00006176 _____ () C:\Users\*****2.HV-*****\Desktop\wuauserv.reg
2014-04-26 18:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-26 17:38 - 2014-02-22 21:57 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\Apps\2.0
2014-04-26 17:33 - 2014-04-26 17:33 - 00022711 _____ () C:\ComboFix.txt
2014-04-26 17:33 - 2014-04-26 17:20 - 00000000 ____D () C:\Qoobox
2014-04-26 17:33 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-26 17:32 - 2014-04-26 17:19 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 17:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-26 17:28 - 2010-11-21 05:47 - 00299818 _____ () C:\Windows\PFRO.log
2014-04-26 17:27 - 2009-07-14 04:34 - 80740352 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 14680064 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieUserList
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieSiteList
2014-04-26 16:38 - 2011-12-05 19:38 - 00000000 ____D () C:\Users\*****2.HV-*****
2014-04-26 16:38 - 2011-12-05 18:38 - 00004666 __RSH () C:\Users\*****2.HV-*****\ntuser.pol
2014-04-25 17:20 - 2014-04-25 17:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 17:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-25 17:16 - 2014-04-25 17:16 - 00000977 _____ () C:\DelFix.txt
2014-04-25 17:04 - 2011-12-05 18:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-25 16:51 - 2011-02-11 19:45 - 01602780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-25 16:47 - 2011-12-05 19:28 - 00000000 ____D () C:\ProgramData\G Data
2014-04-25 16:45 - 2014-04-25 16:45 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-04-25 16:45 - 2014-04-25 16:45 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00130560 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00059392 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-04-25 16:44 - 2011-12-05 19:33 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\G DATA
2014-04-25 16:44 - 2011-12-05 19:28 - 00065024 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-04-25 16:43 - 2011-12-05 19:28 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-04-25 16:42 - 2014-03-18 12:56 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\Downloaded Installations
2014-04-25 16:41 - 2014-04-24 19:11 - 00002182 ____H () C:\Users\*****2.HV-*****\Documents\Default.rdp
2014-04-25 16:35 - 2014-04-24 19:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 16:30 - 2014-04-25 16:30 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 16:30 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 15:44 - 2011-12-05 18:38 - 00000000 ___RD () C:\Users\*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\*****2.HV-*****\defogger_reenable
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:19 - 2012-04-22 18:46 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:56 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:56 - 2011-12-05 18:39 - 00000000 ____D () C:\Users\Administrator
2014-04-24 18:56 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-24 18:53 - 2014-02-22 21:57 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\Deployment
2014-04-24 18:51 - 2011-11-28 10:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-04-24 18:50 - 2014-02-22 21:59 - 00000000 ____D () C:\ProgramData\dell
2014-04-23 15:29 - 2012-01-02 11:25 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Roaming\.oit
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-14 04:24 - 2014-04-25 16:48 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-25 16:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-02 09:33 - 2012-07-09 10:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 13:04 - 2014-02-22 21:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-31 03:51 - 2011-12-05 19:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-04-26 18:15

==================== End Of Log ============================
--- --- ---

mort 27.04.2014 19:00
Das sind nur noch die letzten Reste.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [TaskbarLockAll] 0
FF SearchPlugin: C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\searchplugins\preissuchmaschine.xml
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Updates

Klicke nun auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java-Versionen.

Falls du Java brauchst kannst du es wieder herunter laden:
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 51) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.

Wenn du zufrieden bist, kannst du mir hier gerne danken.

Ich sehe in deinen Logs nichts gefährliches mehr. :)

Cleanup

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Tipps

Welches Antiviren-Programm soll ich nehmen?

Es gibt kein Antiviren-Programm, dass alle Schädlinge findet und du kannst dich nicht 100%-ig auf das Programm verlassen. Es hängt immer noch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
  • Klicke nicht auf alles blinkende oder das dich auffordert etwas herunterzuladen.
  • Lasse die Finger weg von illegalen Programmen. Sie sind der Hauptgrund für infizierte Computer.
  • Öffne Email-Anhänge nur von bekannten Absendern.
  • Halte Java, Adobe Flash Player und andere Programme immer aktuell.

Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte außerdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das Programm die neuen Infektionen nicht finden.
Zusätzlich zu deinem Antiviren-Programm kannst du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im Gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Was sollte ich vor dem Runterladen beachten?
  • Lade dir Programme direkt vom Hersteller runter. Bei Programmen aus einer anderen Quelle wie Softonic und anderen Seiten die dir einen Downloader anbieten, werden unerwünschte Toolbars und anderer Müll mit installiert. Führe außerdem immer eine benutzerdefinierte Installation durch und entferne die Haken optionalen Programmen.
  • Lass die Finger von Registry-Cleanern. Sie versprechen dir eine große Beschleunigung deines Systems obwohl das entfernen von verwaisten Registry-Schlüsseln nur wenig Perfomancegewinng bringt, wenn überhaupt etwas. Falls das Programm aber mal etwas wichtiges löscht, kannst du damit die Registry zerstören. Zerstörst du die Registry, zerstörst du Windows!
Sonstige Tipps
  • Halte dein System und die Programme darauf immer aktuell. Alte Software enthält Sicherheitslücken, die dein System angreifbar machen.
  • Nutze mehrere Passwörter. Falls jemand das Passwort eines Accounts von dir herausfindet hätte er Zugriff auf alle anderen Accounts.
  • Öffne keine Emails von dir unbekannten Absendern. Diese Emails sind meistens Spammails die dich unter anderem auch dazu bringen wollen bestimmt Seiten zu besuchen oder Dateien bzw. Anhänge herunterzuladen.
  • Achte auf die Dateiendung. In den Anhängen von Spammails wird gerne der Trick genutzt, ausführbare Dateien als harmlose Datei darzustellen, in dem sie eine Datei z.B. Rechnung.pdf.exe nennen. (Dateiendungen anzeigen lassen)
  • Deaktiviere die Autorun Funktion. Damit kann Malware sich automatisch von einem USB-Stick starten, wenn man einen infizierten USB-Stick einsteckt hat. (Autorun deaktivieren)


Wenn du das Trojaner-Board unterstützten willst, kannst du gerne Spenden.
Ich wünsche dir noch eine schöne Zeit. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131