Trojaner-Board - win32.Trojan-spy.VIS.A, Script. Trojan-Spy.VIS.B (engineB)

Recht herzliochen Dank! Deine Antwort ist mir eine Erleichterung!

Das habe ich herausgefunden:
vis-pro.exe
set up.exe
data/ff/chrome/content background.js
win32.Trojan-spy.VIS.A,Script.Trojan-Spy.VIS.B(Engine B)
C:/Users/gentiana/AppData/Local/DownloadGuide/Offers

Das Biest sitzt doch noch in der Quarantäne von GData, deswegen konnte ich noch mal reinschauen.

Habe den ganzen Tag gearbeitet und bin (leider) müd. Der Scan kommt so bald wie möglich, aber vielleicht nicht mehr heute...

War nicht so knifflig,wie ich dachte. Hier ist das,was ich zustande gebracht habe bzw der editor:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool [/B](FRST) (x86) Version: 13-03-2014  01

Ran by gentiana (administrator) on SALUS on 16-03-2014 21:00:19

Running from C:\Users\gentiana\Desktop

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
 

==================== Processes (Whitelisted) =================
 

(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe

(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

(JME) C:\Program Files\jmesoft\hotkey.exe

(CyberLink) C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe

(Dropbox, Inc.) C:\Users\gentiana\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [jmekey] - C:\Program Files\jmesoft\hotkey.exe [114688 2009-07-16] (JME)

HKLM\...\Run: [CLMLServer] - C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)

HKLM\...\Run: [MobileConnect] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2072576 2008-07-04] (Vodafone)

HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)

HKLM\...\Run: [Registry Helper] - "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot

HKU\.DEFAULT\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [280576 2013-09-13] (Microsoft Corporation)

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {199e8b96-9176-11e3-a53e-4487fcac1a6f} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {199e8c1b-9176-11e3-a53e-4487fcac1a6f} - F:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {40306a43-94bc-11e3-80e0-4487fcac1a6f} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {40306a46-94bc-11e3-80e0-4487fcac1a6f} - E:\setup_vmc_lite.exe /checkApplicationPresence

Startup: C:\Users\gentiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\gentiana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File

BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO: No Name - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -  No File

Toolbar: HKLM - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{68A47F15-156F-477B-A0F9-28265C15111A}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Tcpip\..\Interfaces\{CF6CBEC5-B871-4882-A536-FE6082C7AD5C}: [NameServer]217.0.43.129 217.0.43.145
 

FireFox:

========

FF ProfilePath: C:\Users\gentiana\AppData\Roaming\Mozilla\Firefox\Profiles\fsefn82w.default

FF NewTab: about:blank

FF SearchEngineOrder.1: Google

FF Homepage: hxxp://www.ecosia.org/

FF NetworkProxy: "http", "www-proxy.t-online.de"

FF NetworkProxy: "http_port", 80

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll No File

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File

FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File

FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: DownloadHelper - C:\Users\gentiana\AppData\Roaming\Mozilla\Firefox\Profiles\fsefn82w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-19]

FF Extension: Adblock Plus - C:\Users\gentiana\AppData\Roaming\Mozilla\Firefox\Profiles\fsefn82w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14]

FF Extension: DownThemAll! - C:\Users\gentiana\AppData\Roaming\Mozilla\Firefox\Profiles\fsefn82w.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-19]
 

Chrome: 

=======

CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-13&ent=hp&u=5ED0862EF32FB2746E530F52D459D335

CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-13&ent=hp&u=5ED0862EF32FB2746E530F52D459D335", "hxxp://www.google.com/"

CHR Extension: (YouTube) - C:\Users\gentiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]

CHR Extension: (Google-Suche) - C:\Users\gentiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]

CHR Extension: (Google Mail) - C:\Users\gentiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]

CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-09-12]
 

========================== Services (Whitelisted) =================
 

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)

R2 AVKService; C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)

R2 AVKWCtl; C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [2101280 2013-10-15] (G Data Software AG)

R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-16] (IObit)

S4 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)

R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone)
 

==================== Drivers (Whitelisted) ====================
 

R0 GDBehave; C:\windows\System32\drivers\GDBehave.sys [45912 2014-02-22] (G Data Software AG)

R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [96600 2014-02-22] (G Data Software AG)

R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [52056 2014-02-22] (G Data Software AG)

R1 gdwfpcd; C:\windows\System32\drivers\gdwfpcd32.sys [54104 2014-02-22] (G Data Software AG)

R0 gfibto; C:\windows\System32\drivers\gfibto.sys [13560 2014-01-13] (GFI Software)

R1 GRD; C:\windows\system32\drivers\GRD.sys [30040 2014-02-22] (G Data Software)

R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [51032 2014-02-22] (G Data Software AG)

R1 MPFP; C:\windows\System32\Drivers\Mpfp.sys [130424 2009-07-16] (McAfee, Inc.)

S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-16 21:00 - 2014-03-16 21:00 - 00011244 _____ () C:\Users\gentiana\Desktop\FRST.txt

2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\FRST

2014-03-16 20:56 - 2014-03-16 20:56 - 02157056 _____ (Farbar) C:\Users\gentiana\Downloads\FRST64.exe

2014-03-16 20:55 - 2014-03-16 20:55 - 01145856 _____ (Farbar) C:\Users\gentiana\Desktop\FRST.exe

2014-03-16 20:31 - 2014-03-16 20:24 - 00019833 _____ () C:\Users\gentiana\Desktop\1 - fonds2.odt

2014-03-16 20:31 - 2014-03-16 20:16 - 00011692 _____ () C:\Users\gentiana\Desktop\1- fonds.odt

2014-03-16 20:31 - 2014-03-16 19:45 - 00012185 _____ () C:\Users\gentiana\Desktop\1-burda- fond3.odt

2014-03-16 16:20 - 2014-03-16 16:57 - 00000000 ____D () C:\Program Files\Win 32. Trojan . Spy Removal Tool

2014-03-16 16:20 - 2014-03-16 16:33 - 00000000 ____D () C:\ProgramData\Registry Helper

2014-03-16 16:20 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\windows\system32\libeay32.dll

2014-03-16 16:20 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\windows\system32\ssleay32.dll

2014-03-16 16:20 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\windows\eSellerateEngine.dll

2014-03-16 16:20 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\windows\eSellerateControl350.dll

2014-03-16 16:14 - 2014-03-16 16:14 - 00003280 ____N () C:\bootsqm.dat

2014-03-16 16:03 - 2014-03-16 16:03 - 00001814 _____ () C:\sc-cleaner.txt

2014-03-16 15:49 - 2014-03-16 20:57 - 00000000 ____D () C:\Users\gentiana\Desktop\troja

2014-03-16 12:38 - 2014-03-16 12:39 - 00000000 ____D () C:\ProgramData\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\ProgramData\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Program Files\IObit

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Local\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Program Files\MuseScore

2014-03-16 12:07 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-03-16 12:07 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-03-16 12:07 - 2014-02-23 07:54 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-03-16 12:07 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-03-16 12:07 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-03-16 12:07 - 2014-02-23 06:35 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2014-03-16 12:05 - 2014-03-16 12:06 - 00000000 ____D () C:\windows\system32\MRT

2014-03-16 12:04 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-03-16 12:04 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2014-03-16 12:04 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll

2014-03-16 12:04 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll

2014-03-16 12:04 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll

2014-03-16 10:14 - 2014-03-16 12:41 - 00000000 ____D () C:\Users\gentiana\Desktop\musik

2014-03-15 20:46 - 2014-03-16 19:03 - 00027121 _____ () C:\Users\gentiana\Desktop\13Th-Feb14 - Kopie.odt

2014-03-02 11:04 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2014-02-23 18:01 - 2014-03-16 19:10 - 00042732 _____ () C:\Users\gentiana\Desktop\5meins-Jan14.odt

2014-02-23 17:14 - 2014-02-23 22:00 - 00000000 ____D () C:\Users\gentiana\Desktop\gudrun

2014-02-22 22:25 - 2014-02-22 22:25 - 00030040 _____ (G Data Software) C:\windows\system32\Drivers\GRD.sys

2014-02-22 20:23 - 2014-02-22 20:23 - 00052056 _____ (G Data Software AG) C:\windows\system32\Drivers\PktIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00096600 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00054104 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd32.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00051032 _____ (G Data Software AG) C:\windows\system32\Drivers\HookCentre.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00045912 _____ (G Data Software AG) C:\windows\system32\Drivers\GDBehave.sys

2014-02-22 17:38 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-02-22 17:38 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2014-02-22 17:38 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-02-22 17:38 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-02-22 17:38 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2014-02-22 17:38 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2014-02-22 17:38 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2014-02-22 17:38 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2014-02-22 17:38 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2014-02-22 17:38 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2014-02-22 17:38 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2014-02-22 17:38 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2014-02-21 22:09 - 2014-03-16 19:06 - 00022032 _____ () C:\Users\gentiana\Desktop\eines Tages.odt

2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-20 16:14 - 2014-03-16 20:25 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-20 16:14 - 2014-03-16 18:25 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-20 10:40 - 2014-02-20 10:40 - 00002052 _____ () C:\windows\epplauncher.mif

2014-02-20 10:37 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\system32\locale.nls

2014-02-20 10:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-02-20 10:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-02-20 10:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll

2014-02-20 10:37 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll

2014-02-20 10:37 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe

2014-02-20 10:37 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe

2014-02-20 10:37 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe

2014-02-20 10:37 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe

2014-02-20 10:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll

2014-02-20 10:37 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
 

==================== One Month Modified Files and Folders =======
 

2014-03-16 21:00 - 2014-03-16 21:00 - 00011244 _____ () C:\Users\gentiana\Desktop\FRST.txt

2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\FRST

2014-03-16 20:57 - 2014-03-16 15:49 - 00000000 ____D () C:\Users\gentiana\Desktop\troja

2014-03-16 20:57 - 2010-06-24 13:58 - 02022848 _____ () C:\windows\WindowsUpdate.log

2014-03-16 20:56 - 2014-03-16 20:56 - 02157056 _____ (Farbar) C:\Users\gentiana\Downloads\FRST64.exe

2014-03-16 20:55 - 2014-03-16 20:55 - 01145856 _____ (Farbar) C:\Users\gentiana\Desktop\FRST.exe

2014-03-16 20:41 - 2013-09-12 15:03 - 00000000 ___RD () C:\Users\gentiana\Dropbox

2014-03-16 20:41 - 2013-09-12 12:31 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\Dropbox

2014-03-16 20:34 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing

2014-03-16 20:33 - 2014-01-14 12:52 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-03-16 20:32 - 2009-07-14 05:34 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-16 20:32 - 2009-07-14 05:34 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-16 20:30 - 2010-06-24 14:01 - 01618320 _____ () C:\windows\system32\PerfStringBackup.INI

2014-03-16 20:25 - 2014-02-20 16:14 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-16 20:25 - 2014-01-13 21:07 - 00014698 _____ () C:\windows\setupact.log

2014-03-16 20:25 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-03-16 20:24 - 2014-03-16 20:31 - 00019833 _____ () C:\Users\gentiana\Desktop\1 - fonds2.odt

2014-03-16 20:16 - 2014-03-16 20:31 - 00011692 _____ () C:\Users\gentiana\Desktop\1- fonds.odt

2014-03-16 19:45 - 2014-03-16 20:31 - 00012185 _____ () C:\Users\gentiana\Desktop\1-burda- fond3.odt

2014-03-16 19:10 - 2014-02-23 18:01 - 00042732 _____ () C:\Users\gentiana\Desktop\5meins-Jan14.odt

2014-03-16 19:06 - 2014-02-21 22:09 - 00022032 _____ () C:\Users\gentiana\Desktop\eines Tages.odt

2014-03-16 19:03 - 2014-03-15 20:46 - 00027121 _____ () C:\Users\gentiana\Desktop\13Th-Feb14 - Kopie.odt

2014-03-16 18:35 - 2014-02-09 12:35 - 00039961 _____ () C:\Users\gentiana\Desktop\karma-zeit.odt

2014-03-16 18:25 - 2014-02-20 16:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-16 17:33 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\LogFiles

2014-03-16 16:57 - 2014-03-16 16:20 - 00000000 ____D () C:\Program Files\Win 32. Trojan . Spy Removal Tool

2014-03-16 16:33 - 2014-03-16 16:20 - 00000000 ____D () C:\ProgramData\Registry Helper

2014-03-16 16:14 - 2014-03-16 16:14 - 00003280 ____N () C:\bootsqm.dat

2014-03-16 16:03 - 2014-03-16 16:03 - 00001814 _____ () C:\sc-cleaner.txt

2014-03-16 15:46 - 2014-01-13 21:30 - 00000000 ____D () C:\AdwCleaner

2014-03-16 12:41 - 2014-03-16 10:14 - 00000000 ____D () C:\Users\gentiana\Desktop\musik

2014-03-16 12:40 - 2014-01-10 13:44 - 00000000 ____D () C:\Users\gentiana\Desktop\alles

2014-03-16 12:39 - 2014-03-16 12:38 - 00000000 ____D () C:\ProgramData\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\ProgramData\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Program Files\IObit

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Local\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Program Files\MuseScore

2014-03-16 12:19 - 2009-07-14 05:33 - 00447784 _____ () C:\windows\system32\FNTCACHE.DAT

2014-03-16 12:18 - 2010-06-24 14:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-16 12:06 - 2014-03-16 12:05 - 00000000 ____D () C:\windows\system32\MRT

2014-03-16 12:05 - 2013-09-12 20:26 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-03-16 11:02 - 2013-09-14 17:39 - 00020344 _____ () C:\Users\gentiana\Desktop\10-4-links.odt

2014-03-15 20:47 - 2014-02-07 22:19 - 00000000 ____D () C:\Users\gentiana\Desktop\lern neu

2014-03-15 20:47 - 2014-01-19 16:33 - 00000000 ____D () C:\Users\gentiana\Desktop\Therapie

2014-03-14 20:08 - 2014-01-13 21:07 - 00509870 _____ () C:\windows\PFRO.log

2014-03-14 20:08 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\LiveKernelReports

2014-03-14 18:33 - 2013-09-12 13:43 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

2014-03-14 18:33 - 2013-09-12 13:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

2014-03-02 18:10 - 2013-09-12 11:30 - 00000000 ____D () C:\Users\gentiana\Desktop\10- gesund-A-2

2014-03-02 13:54 - 2013-11-14 19:43 - 00000000 ____D () C:\Users\gentiana\Desktop\10-alle programme

2014-03-02 11:35 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache

2014-03-02 11:04 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE

2014-02-24 18:03 - 2013-08-22 20:22 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\vlc

2014-02-23 23:31 - 2013-10-03 12:43 - 00000000 ____D () C:\Users\gentiana\Desktop\10-A-4-märchenarbeit

2014-02-23 22:00 - 2014-02-23 17:14 - 00000000 ____D () C:\Users\gentiana\Desktop\gudrun

2014-02-23 21:40 - 2013-10-20 10:25 - 00000000 ____D () C:\Users\gentiana\dwhelper

2014-02-23 15:22 - 2013-10-03 09:13 - 00000000 ____D () C:\Users\gentiana\Desktop\10-D1-Bühnenarbeit-A-3

2014-02-23 07:54 - 2014-03-16 12:07 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-02-23 07:54 - 2014-03-16 12:07 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-02-23 07:54 - 2014-03-16 12:07 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-02-23 07:53 - 2014-03-16 12:07 - 14358016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-02-23 07:31 - 2014-03-16 12:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-02-23 06:35 - 2014-03-16 12:07 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2014-02-22 22:25 - 2014-02-22 22:25 - 00030040 _____ (G Data Software) C:\windows\system32\Drivers\GRD.sys

2014-02-22 22:09 - 2013-10-14 19:46 - 00000000 ____D () C:\Users\gentiana\Desktop\10-yt-russ

2014-02-22 21:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET

2014-02-22 20:23 - 2014-02-22 20:23 - 00052056 _____ (G Data Software AG) C:\windows\system32\Drivers\PktIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00096600 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00054104 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd32.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00051032 _____ (G Data Software AG) C:\windows\system32\Drivers\HookCentre.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00045912 _____ (G Data Software AG) C:\windows\system32\Drivers\GDBehave.sys

2014-02-22 20:15 - 2013-10-27 10:29 - 00000000 ____D () C:\ProgramData\G Data

2014-02-22 20:14 - 2013-10-27 10:29 - 00000000 ____D () C:\Program Files\G Data

2014-02-22 20:14 - 2013-10-27 10:29 - 00000000 ____D () C:\Program Files\Common Files\G Data

2014-02-22 19:56 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\spool

2014-02-22 19:21 - 2013-09-12 12:08 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-02-22 17:48 - 2009-09-14 07:33 - 00000000 ____D () C:\windows\system32\Drivers\de-DE

2014-02-21 21:50 - 2014-01-27 20:09 - 00000000 ____D () C:\Users\gentiana\Desktop\yt neu

2014-02-21 18:20 - 2013-09-13 13:36 - 00000000 ____D () C:\Users\gentiana\Desktop\10-yt

2014-02-21 17:59 - 2013-09-12 19:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-20 16:14 - 2013-09-12 12:09 - 00000000 ____D () C:\Program Files\Google

2014-02-20 10:40 - 2014-02-20 10:40 - 00002052 _____ () C:\windows\epplauncher.mif
 

Files to move or delete:

====================

C:\ProgramData\flashax10.exe
 
 

Some content of TEMP:

====================

C:\Users\gentiana\AppData\Local\Temp\59f5ffe6-e046-4728-b31c-a0db24c615d0.exe

C:\Users\gentiana\AppData\Local\Temp\a6b49b35-91cb-426f-af85-55b186d5720b.exe

C:\Users\gentiana\AppData\Local\Temp\e93f54ca-9796-4cb4-889a-3d4309dd097d.exe

C:\Users\gentiana\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\gentiana\AppData\Local\Temp\promote-upx.exe

C:\Users\gentiana\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\windows\explorer.exe => MD5 is legit

C:\windows\system32\winlogon.exe => MD5 is legit

C:\windows\system32\wininit.exe => MD5 is legit

C:\windows\system32\svchost.exe => MD5 is legit

C:\windows\system32\services.exe => MD5 is legit

C:\windows\system32\User32.dll => MD5 is legit

C:\windows\system32\userinit.exe => MD5 is legit

C:\windows\system32\rpcss.dll => MD5 is legit

C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-14 18:35
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---
FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by gentiana at 2014-03-16 21:01:24

Running from C:\Users\gentiana\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: G Data AntiVirus 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AS: G Data AntiVirus 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Audacity 2.0.4 (HKLM\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)

G Data AntiVirus 2014 (HKLM\...\{5F17164A-FE5F-48B4-916F-56C6C4470D32}) (Version: 24.0.3.4 - G Data Software AG)

Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)

Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Lenovo Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3321a3 - CyberLink Corp.)

Lenovo Power2Go (Version: 6.0.3321a3 - CyberLink Corp.) Hidden

Lenovo Rescue System (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1029 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.1029 - CyberLink Corp.) Hidden

Lenovo Software Instruction (HKLM\...\{A79C1D34-2831-4A5D-91C7-279EF892B5CF}) (Version: 1.0.0.090907 - Lenovo)

Lenovo Treiber- und Anwendungsinstallation (HKLM\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1126 - Lenovo)

LVT (HKLM\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.1.0930 - Lenovo)

LXH-JME2207FN Hotkey Driver (HKLM\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{849A32C3-E75A-4791-9B11-E568BA3525A4}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

Mozilla Thunderbird 24.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)

OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)

Opera Stable 16.0.1196.73 (HKLM\...\Opera 16.0.1196.73) (Version: 16.0.1196.73 - Opera Software ASA)

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)

Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0006 - Realtek)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)

VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)

Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)

Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

16-02-2014 20:43:51 Geplanter Prüfpunkt

20-02-2014 09:38:03 Windows Update

20-02-2014 15:13:32 avast! antivirus system restore point

22-02-2014 16:33:33 Windows Update

22-02-2014 18:19:25 avast! antivirus system restore point

23-02-2014 16:06:55 Windows Update

01-03-2014 22:42:44 Windows Update

02-03-2014 10:04:07 Windows Update

02-03-2014 15:15:21 Avira EU-Cleaner - 02.03.2014 16:15

14-03-2014 19:36:37 Geplanter Prüfpunkt

16-03-2014 11:04:43 Windows Update

16-03-2014 14:42:05 RegClean Pro So, Mrz 16, 14  15:42
 

==================== Hosts content: ==========================
 

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0B37BA9B-2BD4-42E2-8A57-F7264D29D47F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)

Task: {2C1B586B-5D54-41E6-A35B-4D9B3DA4DAB8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)

Task: {51C4D15D-DEAA-4C1C-82D6-18C82CA1A3E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-14 09:30 - 2013-08-14 09:30 - 00279504 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll

2010-06-24 13:59 - 2009-07-16 08:20 - 00032768 _____ () C:\Program Files\jmesoft\Keyhook.dll

2010-06-24 13:59 - 2007-12-31 09:27 - 00007168 _____ () C:\Program Files\jmesoft\VistaVolume.dll

2009-06-03 19:59 - 2009-06-03 19:59 - 00619816 _____ () C:\Program Files\Lenovo\Power2Go\CLMediaLibrary.dll

2009-06-03 19:59 - 2009-06-03 19:59 - 00013096 _____ () C:\Program Files\Lenovo\Power2Go\CLMLSvcPS.dll

2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll

2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\gentiana\AppData\Roaming\Dropbox\bin\libcef.dll

2014-02-20 22:45 - 2014-02-20 22:45 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/16/2014 08:34:33 PM) (Source: RasClient) (User: )

Description: CoID={CBD6EEAE-DA47-416B-8847-ABD740499A7A}: Der Benutzer "salus\gentiana" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
 

Error: (03/16/2014 08:25:10 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:35:55 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:05:07 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:02:42 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:00:32 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 04:57:59 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: Report.exe, Version: 1.0.0.0, Zeitstempel: 0x52de1640

Name des fehlerhaften Moduls: Report.exe, Version: 1.0.0.0, Zeitstempel: 0x52de1640

Ausnahmecode: 0xc0000090

Fehleroffset: 0x00022e7c

ID des fehlerhaften Prozesses: 0x10d4

Startzeit der fehlerhaften Anwendung: 0xReport.exe0

Pfad der fehlerhaften Anwendung: Report.exe1

Pfad des fehlerhaften Moduls: Report.exe2

Berichtskennung: Report.exe3
 

Error: (03/16/2014 04:20:11 PM) (Source: Registry Helper Service) (User: )

Description: Error: Service started
 

Error: (03/16/2014 04:15:27 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 
 

System errors:

=============

Error: (03/16/2014 05:35:43 PM) (Source: volmgr) (User: )

Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 

Error: (03/16/2014 05:32:39 PM) (Source: volmgr) (User: )

Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 

Error: (03/16/2014 04:07:45 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 

Microsoft Office Sessions:

=========================

Error: (03/16/2014 08:34:33 PM) (Source: RasClient)(User: )

Description: {CBD6EEAE-DA47-416B-8847-ABD740499A7A}salus\gentianaBreitbandverbindung651
 

Error: (03/16/2014 08:25:10 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:35:55 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:05:07 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:02:42 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:00:32 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 04:57:59 PM) (Source: Application Error)(User: )

Description: Report.exe1.0.0.052de1640Report.exe1.0.0.052de1640c000009000022e7c10d401cf4130807ed1feC:\Program Files\Win 32. Trojan . Spy Removal Tool\Report.exeC:\Program Files\Win 32. Trojan . Spy Removal Tool\Report.exebec89ec1-ad23-11e3-9a25-4487fcac1a6f
 

Error: (03/16/2014 04:20:11 PM) (Source: Registry Helper Service)(User: )

Description: Service started
 

Error: (03/16/2014 04:15:27 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 67%

Total physical RAM: 1917.24 MB

Available physical RAM: 616.68 MB

Total Pagefile: 3834.48 MB

Available Pagefile: 1993.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1886.72 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:906.34 GB) (Free:818.08 GB) NTFS

Drive e: (INTENSO) (Removable) (Total:29.65 GB) (Free:28.36 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7ABF1C7B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25 GB) - (Type=12)
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

--- --- ---
FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by gentiana at 2014-03-16 21:01:24

Running from C:\Users\gentiana\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: G Data AntiVirus 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AS: G Data AntiVirus 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Audacity 2.0.4 (HKLM\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)

G Data AntiVirus 2014 (HKLM\...\{5F17164A-FE5F-48B4-916F-56C6C4470D32}) (Version: 24.0.3.4 - G Data Software AG)

Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)

Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Lenovo Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3321a3 - CyberLink Corp.)

Lenovo Power2Go (Version: 6.0.3321a3 - CyberLink Corp.) Hidden

Lenovo Rescue System (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1029 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.1029 - CyberLink Corp.) Hidden

Lenovo Software Instruction (HKLM\...\{A79C1D34-2831-4A5D-91C7-279EF892B5CF}) (Version: 1.0.0.090907 - Lenovo)

Lenovo Treiber- und Anwendungsinstallation (HKLM\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1126 - Lenovo)

LVT (HKLM\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.1.0930 - Lenovo)

LXH-JME2207FN Hotkey Driver (HKLM\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{849A32C3-E75A-4791-9B11-E568BA3525A4}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

Mozilla Thunderbird 24.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)

OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)

Opera Stable 16.0.1196.73 (HKLM\...\Opera 16.0.1196.73) (Version: 16.0.1196.73 - Opera Software ASA)

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)

Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0006 - Realtek)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)

VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)

Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)

Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

16-02-2014 20:43:51 Geplanter Prüfpunkt

20-02-2014 09:38:03 Windows Update

20-02-2014 15:13:32 avast! antivirus system restore point

22-02-2014 16:33:33 Windows Update

22-02-2014 18:19:25 avast! antivirus system restore point

23-02-2014 16:06:55 Windows Update

01-03-2014 22:42:44 Windows Update

02-03-2014 10:04:07 Windows Update

02-03-2014 15:15:21 Avira EU-Cleaner - 02.03.2014 16:15

14-03-2014 19:36:37 Geplanter Prüfpunkt

16-03-2014 11:04:43 Windows Update

16-03-2014 14:42:05 RegClean Pro So, Mrz 16, 14  15:42
 

==================== Hosts content: ==========================
 

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0B37BA9B-2BD4-42E2-8A57-F7264D29D47F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)

Task: {2C1B586B-5D54-41E6-A35B-4D9B3DA4DAB8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)

Task: {51C4D15D-DEAA-4C1C-82D6-18C82CA1A3E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-14 09:30 - 2013-08-14 09:30 - 00279504 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll

2010-06-24 13:59 - 2009-07-16 08:20 - 00032768 _____ () C:\Program Files\jmesoft\Keyhook.dll

2010-06-24 13:59 - 2007-12-31 09:27 - 00007168 _____ () C:\Program Files\jmesoft\VistaVolume.dll

2009-06-03 19:59 - 2009-06-03 19:59 - 00619816 _____ () C:\Program Files\Lenovo\Power2Go\CLMediaLibrary.dll

2009-06-03 19:59 - 2009-06-03 19:59 - 00013096 _____ () C:\Program Files\Lenovo\Power2Go\CLMLSvcPS.dll

2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll

2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\gentiana\AppData\Roaming\Dropbox\bin\libcef.dll

2014-02-20 22:45 - 2014-02-20 22:45 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/16/2014 08:34:33 PM) (Source: RasClient) (User: )

Description: CoID={CBD6EEAE-DA47-416B-8847-ABD740499A7A}: Der Benutzer "salus\gentiana" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
 

Error: (03/16/2014 08:25:10 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:35:55 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:05:07 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:02:42 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:00:32 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 04:57:59 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: Report.exe, Version: 1.0.0.0, Zeitstempel: 0x52de1640

Name des fehlerhaften Moduls: Report.exe, Version: 1.0.0.0, Zeitstempel: 0x52de1640

Ausnahmecode: 0xc0000090

Fehleroffset: 0x00022e7c

ID des fehlerhaften Prozesses: 0x10d4

Startzeit der fehlerhaften Anwendung: 0xReport.exe0

Pfad der fehlerhaften Anwendung: Report.exe1

Pfad des fehlerhaften Moduls: Report.exe2

Berichtskennung: Report.exe3
 

Error: (03/16/2014 04:20:11 PM) (Source: Registry Helper Service) (User: )

Description: Error: Service started
 

Error: (03/16/2014 04:15:27 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 
 

System errors:

=============

Error: (03/16/2014 05:35:43 PM) (Source: volmgr) (User: )

Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 

Error: (03/16/2014 05:32:39 PM) (Source: volmgr) (User: )

Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 

Error: (03/16/2014 04:07:45 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 

Microsoft Office Sessions:

=========================

Error: (03/16/2014 08:34:33 PM) (Source: RasClient)(User: )

Description: {CBD6EEAE-DA47-416B-8847-ABD740499A7A}salus\gentianaBreitbandverbindung651
 

Error: (03/16/2014 08:25:10 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:35:55 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:05:07 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:02:42 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:00:32 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 04:57:59 PM) (Source: Application Error)(User: )

Description: Report.exe1.0.0.052de1640Report.exe1.0.0.052de1640c000009000022e7c10d401cf4130807ed1feC:\Program Files\Win 32. Trojan . Spy Removal Tool\Report.exeC:\Program Files\Win 32. Trojan . Spy Removal Tool\Report.exebec89ec1-ad23-11e3-9a25-4487fcac1a6f
 

Error: (03/16/2014 04:20:11 PM) (Source: Registry Helper Service)(User: )

Description: Service started
 

Error: (03/16/2014 04:15:27 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 67%

Total physical RAM: 1917.24 MB

Available physical RAM: 616.68 MB

Total Pagefile: 3834.48 MB

Available Pagefile: 1993.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1886.72 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:906.34 GB) (Free:818.08 GB) NTFS

Drive e: (INTENSO) (Removable) (Total:29.65 GB) (Free:28.36 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7ABF1C7B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25 GB) - (Type=12)
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

--- --- ---
FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by gentiana at 2014-03-16 21:01:24

Running from C:\Users\gentiana\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: G Data AntiVirus 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AS: G Data AntiVirus 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Audacity 2.0.4 (HKLM\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)

G Data AntiVirus 2014 (HKLM\...\{5F17164A-FE5F-48B4-916F-56C6C4470D32}) (Version: 24.0.3.4 - G Data Software AG)

Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)

Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Lenovo Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3321a3 - CyberLink Corp.)

Lenovo Power2Go (Version: 6.0.3321a3 - CyberLink Corp.) Hidden

Lenovo Rescue System (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1029 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.1029 - CyberLink Corp.) Hidden

Lenovo Software Instruction (HKLM\...\{A79C1D34-2831-4A5D-91C7-279EF892B5CF}) (Version: 1.0.0.090907 - Lenovo)

Lenovo Treiber- und Anwendungsinstallation (HKLM\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1126 - Lenovo)

LVT (HKLM\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.1.0930 - Lenovo)

LXH-JME2207FN Hotkey Driver (HKLM\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{849A32C3-E75A-4791-9B11-E568BA3525A4}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

Mozilla Thunderbird 24.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)

OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)

Opera Stable 16.0.1196.73 (HKLM\...\Opera 16.0.1196.73) (Version: 16.0.1196.73 - Opera Software ASA)

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)

Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0006 - Realtek)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)

VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)

Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)

Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

16-02-2014 20:43:51 Geplanter Prüfpunkt

20-02-2014 09:38:03 Windows Update

20-02-2014 15:13:32 avast! antivirus system restore point

22-02-2014 16:33:33 Windows Update

22-02-2014 18:19:25 avast! antivirus system restore point

23-02-2014 16:06:55 Windows Update

01-03-2014 22:42:44 Windows Update

02-03-2014 10:04:07 Windows Update

02-03-2014 15:15:21 Avira EU-Cleaner - 02.03.2014 16:15

14-03-2014 19:36:37 Geplanter Prüfpunkt

16-03-2014 11:04:43 Windows Update

16-03-2014 14:42:05 RegClean Pro So, Mrz 16, 14  15:42
 

==================== Hosts content: ==========================
 

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0B37BA9B-2BD4-42E2-8A57-F7264D29D47F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)

Task: {2C1B586B-5D54-41E6-A35B-4D9B3DA4DAB8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)

Task: {51C4D15D-DEAA-4C1C-82D6-18C82CA1A3E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-14 09:30 - 2013-08-14 09:30 - 00279504 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll

2010-06-24 13:59 - 2009-07-16 08:20 - 00032768 _____ () C:\Program Files\jmesoft\Keyhook.dll

2010-06-24 13:59 - 2007-12-31 09:27 - 00007168 _____ () C:\Program Files\jmesoft\VistaVolume.dll

2009-06-03 19:59 - 2009-06-03 19:59 - 00619816 _____ () C:\Program Files\Lenovo\Power2Go\CLMediaLibrary.dll

2009-06-03 19:59 - 2009-06-03 19:59 - 00013096 _____ () C:\Program Files\Lenovo\Power2Go\CLMLSvcPS.dll

2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll

2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\gentiana\AppData\Roaming\Dropbox\bin\libcef.dll

2014-02-20 22:45 - 2014-02-20 22:45 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/16/2014 08:34:33 PM) (Source: RasClient) (User: )

Description: CoID={CBD6EEAE-DA47-416B-8847-ABD740499A7A}: Der Benutzer "salus\gentiana" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
 

Error: (03/16/2014 08:25:10 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:35:55 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:05:07 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:02:42 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:00:32 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 04:57:59 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: Report.exe, Version: 1.0.0.0, Zeitstempel: 0x52de1640

Name des fehlerhaften Moduls: Report.exe, Version: 1.0.0.0, Zeitstempel: 0x52de1640

Ausnahmecode: 0xc0000090

Fehleroffset: 0x00022e7c

ID des fehlerhaften Prozesses: 0x10d4

Startzeit der fehlerhaften Anwendung: 0xReport.exe0

Pfad der fehlerhaften Anwendung: Report.exe1

Pfad des fehlerhaften Moduls: Report.exe2

Berichtskennung: Report.exe3
 

Error: (03/16/2014 04:20:11 PM) (Source: Registry Helper Service) (User: )

Description: Error: Service started
 

Error: (03/16/2014 04:15:27 PM) (Source: VMCService) (User: )

Description: conflictManagerTypeValue
 
 

System errors:

=============

Error: (03/16/2014 05:35:43 PM) (Source: volmgr) (User: )

Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 

Error: (03/16/2014 05:32:39 PM) (Source: volmgr) (User: )

Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 

Error: (03/16/2014 04:07:45 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 

Microsoft Office Sessions:

=========================

Error: (03/16/2014 08:34:33 PM) (Source: RasClient)(User: )

Description: {CBD6EEAE-DA47-416B-8847-ABD740499A7A}salus\gentianaBreitbandverbindung651
 

Error: (03/16/2014 08:25:10 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:35:55 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:05:07 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:02:42 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 05:00:32 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 

Error: (03/16/2014 04:57:59 PM) (Source: Application Error)(User: )

Description: Report.exe1.0.0.052de1640Report.exe1.0.0.052de1640c000009000022e7c10d401cf4130807ed1feC:\Program Files\Win 32. Trojan . Spy Removal Tool\Report.exeC:\Program Files\Win 32. Trojan . Spy Removal Tool\Report.exebec89ec1-ad23-11e3-9a25-4487fcac1a6f
 

Error: (03/16/2014 04:20:11 PM) (Source: Registry Helper Service)(User: )

Description: Service started
 

Error: (03/16/2014 04:15:27 PM) (Source: VMCService)(User: )

Description: conflictManagerTypeValue
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 67%

Total physical RAM: 1917.24 MB

Available physical RAM: 616.68 MB

Total Pagefile: 3834.48 MB

Available Pagefile: 1993.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1886.72 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:906.34 GB) (Free:818.08 GB) NTFS

Drive e: (INTENSO) (Removable) (Total:29.65 GB) (Free:28.36 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7ABF1C7B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25 GB) - (Type=12)
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

--- --- ---

Das ist so eine Datenmenge, vielleicht hab ich da was doppelt gemacht. - Avast ist gar nicht mehr drauf, aber wohl in den Untergründen noch vorhanden.
Nochmals : herzlichen Dank!

Hallo Jonas,
ein wenig kürzer jetzt, weil mich dieses board mehrere Male rausgeschmissen hat...(runterfahren rauffahren, 3x anmelden usw)
An die log-daten von eset konnte ich nicht herankommen; internet explorer funktioniert nicht; ich benutzte ja firefox
Hier die frst datei:
FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01

Ran by gentiana (administrator) on SALUS on 19-03-2014 20:49:51

Running from C:\Users\gentiana\Desktop\troja

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
 

==================== Processes (Whitelisted) =================
 

(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe

(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

(JME) C:\Program Files\jmesoft\hotkey.exe

(CyberLink) C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe

(Dropbox, Inc.) C:\Users\gentiana\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\windows\system32\wuauclt.exe

(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\swriter.exe

(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.exe

(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.bin
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [jmekey] - C:\Program Files\jmesoft\hotkey.exe [114688 2009-07-16] (JME)

HKLM\...\Run: [CLMLServer] - C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)

HKLM\...\Run: [MobileConnect] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2072576 2008-07-04] (Vodafone)

HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)

HKU\.DEFAULT\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [280576 2013-09-13] (Microsoft Corporation)

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {199e8b96-9176-11e3-a53e-4487fcac1a6f} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {199e8c1b-9176-11e3-a53e-4487fcac1a6f} - F:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {40306a43-94bc-11e3-80e0-4487fcac1a6f} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-1828799435-1993723982-232390221-1004\...\MountPoints2: {40306a46-94bc-11e3-80e0-4487fcac1a6f} - E:\setup_vmc_lite.exe /checkApplicationPresence

Startup: C:\Users\gentiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\gentiana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{68A47F15-156F-477B-A0F9-28265C15111A}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Tcpip\..\Interfaces\{CF6CBEC5-B871-4882-A536-FE6082C7AD5C}: [NameServer]217.0.43.129 217.0.43.145
 

FireFox:

========

FF ProfilePath: C:\Users\gentiana\AppData\Roaming\Mozilla\Firefox\Profiles\fcw0p9ho.default-1395171310512

FF Homepage: ww.ecosia.de

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll No File

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File

FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File

FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

Chrome: 

=======

CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-13&ent=hp&u=5ED0862EF32FB2746E530F52D459D335

CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-13&ent=hp&u=5ED0862EF32FB2746E530F52D459D335", "hxxp://www.google.com/"

CHR Extension: (YouTube) - C:\Users\gentiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]

CHR Extension: (Google-Suche) - C:\Users\gentiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]

CHR Extension: (Google Mail) - C:\Users\gentiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
 

========================== Services (Whitelisted) =================
 

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)

R2 AVKService; C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)

R2 AVKWCtl; C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [2101280 2013-10-15] (G Data Software AG)

R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-16] (IObit)

S4 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)

R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone)
 

==================== Drivers (Whitelisted) ====================
 

R0 GDBehave; C:\windows\System32\drivers\GDBehave.sys [45912 2014-02-22] (G Data Software AG)

R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [96600 2014-02-22] (G Data Software AG)

R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [52056 2014-02-22] (G Data Software AG)

R1 gdwfpcd; C:\windows\System32\drivers\gdwfpcd32.sys [54104 2014-02-22] (G Data Software AG)

R0 gfibto; C:\windows\System32\drivers\gfibto.sys [13560 2014-01-13] (GFI Software)

R1 GRD; C:\windows\system32\drivers\GRD.sys [30040 2014-02-22] (G Data Software)

R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [51032 2014-02-22] (G Data Software AG)

R1 MPFP; C:\windows\System32\Drivers\Mpfp.sys [130424 2009-07-16] (McAfee, Inc.)

S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-19 20:50 - 2014-03-19 20:50 - 00007334 _____ () C:\Users\gentiana\Desktop\OpenDocument Text (neu) (2).odt

2014-03-19 19:28 - 2014-03-19 19:28 - 00000000 ____D () C:\Program Files\ESET

2014-03-19 19:21 - 2014-03-19 19:21 - 00000094 ____H () C:\Users\gentiana\Desktop\.~lock.eset.odt#

2014-03-19 14:35 - 2014-03-19 14:35 - 00021509 _____ () C:\Users\gentiana\Desktop\OpenDocument Text (neu).odt

2014-03-19 12:50 - 2014-03-19 12:51 - 00000000 ____D () C:\Users\gentiana\Desktop\kasse

2014-03-19 11:43 - 2014-03-19 11:44 - 00020887 _____ () C:\Users\gentiana\Desktop\eset.odt

2014-03-19 11:17 - 2014-03-19 11:19 - 00014622 _____ () C:\Users\gentiana\Desktop\editor 3.odt

2014-03-18 20:12 - 2014-03-18 20:13 - 02347384 _____ (ESET) C:\Users\gentiana\Desktop\esetsmartinstaller_enu.exe

2014-03-18 14:22 - 2014-03-18 14:27 - 00025789 _____ () C:\Users\gentiana\Desktop\windeln.de.odt

2014-03-18 09:51 - 2014-03-19 09:33 - 00024815 _____ () C:\Users\gentiana\Desktop\14Th-mrz14.odt

2014-03-16 21:00 - 2014-03-19 20:49 - 00000000 ____D () C:\FRST

2014-03-16 21:00 - 2014-03-16 21:01 - 00031533 _____ () C:\Users\gentiana\Desktop\FRST.txt

2014-03-16 20:31 - 2014-03-16 20:24 - 00019833 _____ () C:\Users\gentiana\Desktop\1 - fonds2.odt

2014-03-16 20:31 - 2014-03-16 20:16 - 00011692 _____ () C:\Users\gentiana\Desktop\1- fonds.odt

2014-03-16 20:31 - 2014-03-16 19:45 - 00012185 _____ () C:\Users\gentiana\Desktop\1-burda- fond3.odt

2014-03-16 16:20 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\windows\system32\libeay32.dll

2014-03-16 16:20 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\windows\system32\ssleay32.dll

2014-03-16 16:20 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\windows\eSellerateEngine.dll

2014-03-16 16:20 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\windows\eSellerateControl350.dll

2014-03-16 16:03 - 2014-03-16 16:03 - 00001814 _____ () C:\sc-cleaner.txt

2014-03-16 15:49 - 2014-03-19 20:49 - 00000000 ____D () C:\Users\gentiana\Desktop\troja

2014-03-16 12:38 - 2014-03-16 12:39 - 00000000 ____D () C:\ProgramData\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\ProgramData\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Program Files\IObit

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Local\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Program Files\MuseScore

2014-03-16 12:07 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-03-16 12:07 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-03-16 12:07 - 2014-02-23 07:54 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-03-16 12:07 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-03-16 12:07 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-03-16 12:07 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-03-16 12:07 - 2014-02-23 06:35 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2014-03-16 12:05 - 2014-03-16 12:06 - 00000000 ____D () C:\windows\system32\MRT

2014-03-16 12:04 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-03-16 12:04 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2014-03-16 12:04 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll

2014-03-16 12:04 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll

2014-03-16 12:04 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll

2014-03-16 10:14 - 2014-03-16 12:41 - 00000000 ____D () C:\Users\gentiana\Desktop\musik

2014-03-02 11:04 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2014-02-23 18:01 - 2014-03-18 13:09 - 00043439 _____ () C:\Users\gentiana\Desktop\5meins-Jan14.odt

2014-02-23 17:14 - 2014-02-23 22:00 - 00000000 ____D () C:\Users\gentiana\Desktop\gudrun

2014-02-22 22:25 - 2014-02-22 22:25 - 00030040 _____ (G Data Software) C:\windows\system32\Drivers\GRD.sys

2014-02-22 20:23 - 2014-02-22 20:23 - 00052056 _____ (G Data Software AG) C:\windows\system32\Drivers\PktIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00096600 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00054104 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd32.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00051032 _____ (G Data Software AG) C:\windows\system32\Drivers\HookCentre.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00045912 _____ (G Data Software AG) C:\windows\system32\Drivers\GDBehave.sys

2014-02-22 17:38 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-02-22 17:38 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2014-02-22 17:38 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-02-22 17:38 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-02-22 17:38 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2014-02-22 17:38 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2014-02-22 17:38 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2014-02-22 17:38 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2014-02-22 17:38 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2014-02-22 17:38 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2014-02-22 17:38 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2014-02-22 17:38 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2014-02-21 22:09 - 2014-03-16 19:06 - 00022032 _____ () C:\Users\gentiana\Desktop\eines Tages.odt

2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-20 16:14 - 2014-03-19 20:25 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-20 16:14 - 2014-03-19 19:08 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-20 10:40 - 2014-02-20 10:40 - 00002052 _____ () C:\windows\epplauncher.mif

2014-02-20 10:37 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\system32\locale.nls

2014-02-20 10:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-02-20 10:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-02-20 10:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll

2014-02-20 10:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll

2014-02-20 10:37 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll

2014-02-20 10:37 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe

2014-02-20 10:37 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe

2014-02-20 10:37 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe

2014-02-20 10:37 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe

2014-02-20 10:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll

2014-02-20 10:37 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
 

==================== One Month Modified Files and Folders =======
 

2014-03-19 20:50 - 2014-03-19 20:50 - 00007334 _____ () C:\Users\gentiana\Desktop\OpenDocument Text (neu) (2).odt

2014-03-19 20:49 - 2014-03-16 21:00 - 00000000 ____D () C:\FRST

2014-03-19 20:49 - 2014-03-16 15:49 - 00000000 ____D () C:\Users\gentiana\Desktop\troja

2014-03-19 20:33 - 2014-01-14 12:52 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-03-19 20:25 - 2014-02-20 16:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-19 20:14 - 2010-06-24 13:58 - 01090077 _____ () C:\windows\WindowsUpdate.log

2014-03-19 19:29 - 2010-06-24 14:01 - 01618320 _____ () C:\windows\system32\PerfStringBackup.INI

2014-03-19 19:28 - 2014-03-19 19:28 - 00000000 ____D () C:\Program Files\ESET

2014-03-19 19:21 - 2014-03-19 19:21 - 00000094 ____H () C:\Users\gentiana\Desktop\.~lock.eset.odt#

2014-03-19 19:15 - 2009-07-14 05:34 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-19 19:15 - 2009-07-14 05:34 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-19 19:14 - 2013-09-14 17:39 - 00020816 _____ () C:\Users\gentiana\Desktop\10-4-links.odt

2014-03-19 19:13 - 2014-01-13 21:07 - 00016098 _____ () C:\windows\setupact.log

2014-03-19 19:09 - 2013-09-12 12:31 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\Dropbox

2014-03-19 19:08 - 2014-02-20 16:14 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-19 19:08 - 2013-09-12 15:03 - 00000000 ___RD () C:\Users\gentiana\Dropbox

2014-03-19 19:08 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-03-19 14:35 - 2014-03-19 14:35 - 00021509 _____ () C:\Users\gentiana\Desktop\OpenDocument Text (neu).odt

2014-03-19 14:21 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing

2014-03-19 12:51 - 2014-03-19 12:50 - 00000000 ____D () C:\Users\gentiana\Desktop\kasse

2014-03-19 11:44 - 2014-03-19 11:43 - 00020887 _____ () C:\Users\gentiana\Desktop\eset.odt

2014-03-19 11:19 - 2014-03-19 11:17 - 00014622 _____ () C:\Users\gentiana\Desktop\editor 3.odt

2014-03-19 09:33 - 2014-03-18 09:51 - 00024815 _____ () C:\Users\gentiana\Desktop\14Th-mrz14.odt

2014-03-18 21:26 - 2013-08-21 21:31 - 00000000 ____D () C:\Users\gentiana

2014-03-18 20:41 - 2009-07-14 05:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT

2014-03-18 20:13 - 2014-03-18 20:12 - 02347384 _____ (ESET) C:\Users\gentiana\Desktop\esetsmartinstaller_enu.exe

2014-03-18 14:27 - 2014-03-18 14:22 - 00025789 _____ () C:\Users\gentiana\Desktop\windeln.de.odt

2014-03-18 13:09 - 2014-02-23 18:01 - 00043439 _____ () C:\Users\gentiana\Desktop\5meins-Jan14.odt

2014-03-18 09:56 - 2014-01-19 16:33 - 00000000 ____D () C:\Users\gentiana\Desktop\Therapie

2014-03-16 21:01 - 2014-03-16 21:00 - 00031533 _____ () C:\Users\gentiana\Desktop\FRST.txt

2014-03-16 20:24 - 2014-03-16 20:31 - 00019833 _____ () C:\Users\gentiana\Desktop\1 - fonds2.odt

2014-03-16 20:16 - 2014-03-16 20:31 - 00011692 _____ () C:\Users\gentiana\Desktop\1- fonds.odt

2014-03-16 19:45 - 2014-03-16 20:31 - 00012185 _____ () C:\Users\gentiana\Desktop\1-burda- fond3.odt

2014-03-16 19:06 - 2014-02-21 22:09 - 00022032 _____ () C:\Users\gentiana\Desktop\eines Tages.odt

2014-03-16 18:35 - 2014-02-09 12:35 - 00039961 _____ () C:\Users\gentiana\Desktop\karma-zeit.odt

2014-03-16 17:33 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\LogFiles

2014-03-16 16:03 - 2014-03-16 16:03 - 00001814 _____ () C:\sc-cleaner.txt

2014-03-16 15:46 - 2014-01-13 21:30 - 00000000 ____D () C:\AdwCleaner

2014-03-16 12:41 - 2014-03-16 10:14 - 00000000 ____D () C:\Users\gentiana\Desktop\musik

2014-03-16 12:40 - 2014-01-10 13:44 - 00000000 ____D () C:\Users\gentiana\Desktop\alles

2014-03-16 12:39 - 2014-03-16 12:38 - 00000000 ____D () C:\ProgramData\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\IObit

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\ProgramData\ProductData

2014-03-16 12:38 - 2014-03-16 12:38 - 00000000 ____D () C:\Program Files\IObit

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Users\gentiana\AppData\Local\MusE

2014-03-16 12:36 - 2014-03-16 12:36 - 00000000 ____D () C:\Program Files\MuseScore

2014-03-16 12:19 - 2009-07-14 05:33 - 00447784 _____ () C:\windows\system32\FNTCACHE.DAT

2014-03-16 12:18 - 2010-06-24 14:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-16 12:06 - 2014-03-16 12:05 - 00000000 ____D () C:\windows\system32\MRT

2014-03-16 12:05 - 2013-09-12 20:26 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-03-15 20:47 - 2014-02-07 22:19 - 00000000 ____D () C:\Users\gentiana\Desktop\lern neu

2014-03-14 20:08 - 2014-01-13 21:07 - 00509870 _____ () C:\windows\PFRO.log

2014-03-14 20:08 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\LiveKernelReports

2014-03-14 18:33 - 2013-09-12 13:43 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

2014-03-14 18:33 - 2013-09-12 13:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

2014-03-02 18:10 - 2013-09-12 11:30 - 00000000 ____D () C:\Users\gentiana\Desktop\10- gesund-A-2

2014-03-02 13:54 - 2013-11-14 19:43 - 00000000 ____D () C:\Users\gentiana\Desktop\10-alle programme

2014-03-02 11:35 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache

2014-03-02 11:04 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE

2014-02-24 18:03 - 2013-08-22 20:22 - 00000000 ____D () C:\Users\gentiana\AppData\Roaming\vlc

2014-02-23 23:31 - 2013-10-03 12:43 - 00000000 ____D () C:\Users\gentiana\Desktop\10-A-4-märchenarbeit

2014-02-23 22:00 - 2014-02-23 17:14 - 00000000 ____D () C:\Users\gentiana\Desktop\gudrun

2014-02-23 21:40 - 2013-10-20 10:25 - 00000000 ____D () C:\Users\gentiana\dwhelper

2014-02-23 15:22 - 2013-10-03 09:13 - 00000000 ____D () C:\Users\gentiana\Desktop\10-D1-Bühnenarbeit-A-3

2014-02-23 07:54 - 2014-03-16 12:07 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-02-23 07:54 - 2014-03-16 12:07 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-02-23 07:54 - 2014-03-16 12:07 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-02-23 07:53 - 2014-03-16 12:07 - 14358016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-02-23 07:53 - 2014-03-16 12:07 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-02-23 07:31 - 2014-03-16 12:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-02-23 06:35 - 2014-03-16 12:07 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2014-02-22 22:25 - 2014-02-22 22:25 - 00030040 _____ (G Data Software) C:\windows\system32\Drivers\GRD.sys

2014-02-22 22:09 - 2013-10-14 19:46 - 00000000 ____D () C:\Users\gentiana\Desktop\10-yt-russ

2014-02-22 21:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET

2014-02-22 20:23 - 2014-02-22 20:23 - 00052056 _____ (G Data Software AG) C:\windows\system32\Drivers\PktIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00096600 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00054104 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd32.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00051032 _____ (G Data Software AG) C:\windows\system32\Drivers\HookCentre.sys

2014-02-22 20:15 - 2014-02-22 20:15 - 00045912 _____ (G Data Software AG) C:\windows\system32\Drivers\GDBehave.sys

2014-02-22 20:15 - 2013-10-27 10:29 - 00000000 ____D () C:\ProgramData\G Data

2014-02-22 20:14 - 2013-10-27 10:29 - 00000000 ____D () C:\Program Files\G Data

2014-02-22 20:14 - 2013-10-27 10:29 - 00000000 ____D () C:\Program Files\Common Files\G Data

2014-02-22 19:56 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\spool

2014-02-22 19:21 - 2013-09-12 12:08 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-02-22 17:48 - 2009-09-14 07:33 - 00000000 ____D () C:\windows\system32\Drivers\de-DE

2014-02-21 21:50 - 2014-01-27 20:09 - 00000000 ____D () C:\Users\gentiana\Desktop\yt neu

2014-02-21 18:20 - 2013-09-13 13:36 - 00000000 ____D () C:\Users\gentiana\Desktop\10-yt

2014-02-21 17:59 - 2013-09-12 19:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-20 16:14 - 2013-09-12 12:09 - 00000000 ____D () C:\Program Files\Google

2014-02-20 10:40 - 2014-02-20 10:40 - 00002052 _____ () C:\windows\epplauncher.mif
 

Some content of TEMP:

====================

C:\Users\gentiana\AppData\Local\Temp\59f5ffe6-e046-4728-b31c-a0db24c615d0.exe

C:\Users\gentiana\AppData\Local\Temp\a6b49b35-91cb-426f-af85-55b186d5720b.exe

C:\Users\gentiana\AppData\Local\Temp\e93f54ca-9796-4cb4-889a-3d4309dd097d.exe

C:\Users\gentiana\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\gentiana\AppData\Local\Temp\promote-upx.exe

C:\Users\gentiana\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\windows\explorer.exe => MD5 is legit

C:\windows\system32\winlogon.exe => MD5 is legit

C:\windows\system32\wininit.exe => MD5 is legit

C:\windows\system32\svchost.exe => MD5 is legit

C:\windows\system32\services.exe => MD5 is legit

C:\windows\system32\User32.dll => MD5 is legit

C:\windows\system32\userinit.exe => MD5 is legit

C:\windows\system32\rpcss.dll => MD5 is legit

C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-14 18:35
 

==================== End Of Log ============================

--- --- ---

--- --- ---

hier noch mal die malwarebytes mit admin

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Datenbank Version: v2014.03.19.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16844
gentiana :: SALUS [Administrator]

19.03.2014 10:28:03
mbam-log-2014-03-19 (10-28-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 297745
Laufzeit: 48 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hallo Jonas.
kurze Frage: was ist IOBit?
Ich hatte im Januar schon mal Probleme und habe die dann mit entsprechenden scannern bereinigt.
Es ist natürlich richtig, das windows updates schützen sollen.... aber vor einem Jahr ist das eben passiert, das bei dem üblichen runterfahren plötzlich eine Riesendatenmenge mitgekommen ist (updates werden installiert, schalten Sie den computer nicht aus usw. -das was man so kennt...) 50 updates! Man konnte nichts unterbrechen und danach musste ich den Computer neu aufsetzen.
Immerhin, eset hat jetzt nicht besorgniserregendes gefunden, ich würds aber doch gerne schicken.