Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win 8 - Optimizer Pro

Win 8 - Optimizer Pro


Plagegeister aller Art und deren Bekämpfung: Win 8 - Optimizer Pro

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.03.2014, 21:30   #1
xenofex
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Hallo und guten Abend!

Nachdem sich am Wochenende mein PC (Win 7) endgültig verabschiedet hat, wurde mir ein Rechner mit Win 8 zur Verfügung gestellt, der jedoch einige Probleme aufzeigt. Driver Restore und Quick Launch funktionieren nicht. Da ich als Ursache irgendwelche Malware vermutete, scannte ich den PC mit Avast, Search & Destroy sowie mit AVG. Es wurde nichts gefunden.

Malwarebite fand jedoch 9 infizierte Dateien, die ich entfernte (Logfile ist vorhanden). Ein späterer Scan zeigte nichts mehr an. Weiter habe ich mich nicht vorgewagt, weil ich mich nicht auskenne.

Auf dem PC ist HTC Home Apis (Clock) von Stealth installiert und ich vermute, dass damit unwissentlich auch Optimizer Pro sowie Bundled Software Installer auf den Computer gelangten, da alle das gleiche Installationsdatum aufweisen. Optimizer Pro habe ich mittlerweile aus dem Autostart entfernt.

Für Ratschläge und Hilfe, wie ich diese Malware eliminieren kann, bedanke ich mich im Voraus.

VG, xenofex

Alt 14.03.2014, 07:28   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 14.03.2014, 09:54   #3
xenofex
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Hallo Schrauber,

danke für deine schnelle Antwort. Ich hoffe, dass ich alles richtig mache, wenn ich jetzt die FRST.txt einfüge.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by irmhov1 (administrator) on IRMHOV on 14-03-2014 09:07:53
Running from C:\Users\irmhov1\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-08] (AVAST Software)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Driver Restore] - C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2533376 2013-09-13] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2740696 2013-09-02] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FA03801F028A9125&affID=124687&tsp=5004
SearchScopes: HKCU - {FE288B81-F739-409D-8A64-81FB9F33CE22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF SelectedSearchEngine: Ixquick HTTPS - Deutsch
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-11]
FF Extension: DownloadHelper - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-11]
FF Extension: NoScript - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-11]
FF Extension: Adblock Plus - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-14 09:07 - 2014-03-14 09:08 - 00013107 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-14 09:07 - 2014-03-14 09:07 - 00000000 ____D () C:\FRST
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-13 20:16 - 2014-03-13 20:16 - 00000036 _____ () C:\Users\irmhov1\AppData\Roaming\mbam.context.scan
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:43 - 2014-03-12 11:44 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:42 - 2014-03-14 08:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-12 11:42 - 2014-03-12 11:46 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:04 - 2014-03-11 19:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 15:02 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 00:46 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 00:46 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 00:46 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 00:46 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-11 00:46 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 00:46 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 00:46 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 00:46 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 00:46 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 00:46 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 00:46 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 00:46 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 00:46 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-11 00:44 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-11 00:44 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:19 - 2014-03-09 21:27 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:03 - 2014-03-12 11:41 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-09 11:01 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-09 11:01 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-09 11:01 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-09 11:01 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-09 11:01 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-09 11:01 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-09 11:01 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-09 11:00 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-09 11:00 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-03-09 11:00 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-03-09 11:00 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-03-09 11:00 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-03-09 11:00 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-09 11:00 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-09 11:00 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-09 11:00 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

==================== One Month Modified Files and Folders =======

2014-03-14 09:08 - 2014-03-14 09:07 - 00013107 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-14 09:07 - 2014-03-14 09:07 - 00000000 ____D () C:\FRST
2014-03-14 09:06 - 2013-02-19 11:42 - 01738538 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 09:05 - 2013-03-27 17:18 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Skype
2014-03-14 09:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-14 08:52 - 2013-02-22 17:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 08:50 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:50 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 08:48 - 2013-02-19 11:49 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-5302519-908166271-969323471-1002
2014-03-14 08:42 - 2012-11-08 14:34 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 08:42 - 2012-11-08 14:34 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 08:42 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-14 08:40 - 2014-03-12 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-14 08:35 - 2014-01-26 16:01 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-14 08:34 - 2013-02-22 18:23 - 00000288 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-14 08:34 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 20:16 - 2014-03-13 20:16 - 00000036 _____ () C:\Users\irmhov1\AppData\Roaming\mbam.context.scan
2014-03-13 19:19 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-03-12 23:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-12 16:10 - 2012-11-08 13:51 - 00577186 _____ () C:\Windows\PFRO.log
2014-03-12 16:09 - 2013-09-13 20:54 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:56 - 2014-03-11 15:02 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 12:08 - 2013-02-22 18:23 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-12 11:46 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:44 - 2014-03-12 11:43 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-12 11:41 - 2014-03-09 20:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-12 10:46 - 2013-02-22 18:23 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-12 00:05 - 2013-03-27 21:12 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\vlc
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 20:01 - 2013-09-13 20:55 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:17 - 2014-03-11 19:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 14:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 14:05 - 2013-02-23 10:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Outlook-Dateien
2014-03-11 13:41 - 2013-02-19 18:04 - 00000000 ____D () C:\ProgramData\UAB
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:41 - 2013-09-13 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 10:26 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2014-03-11 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-11 10:17 - 2013-11-22 17:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2013-02-19 11:42 - 00000000 ____D () C:\Users\irmhov1
2014-03-11 00:42 - 2013-06-27 20:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-11 00:41 - 2012-07-26 08:21 - 00032081 _____ () C:\Windows\setupact.log
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\MSDRM
2014-03-11 00:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-10 23:34 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-10 23:28 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-03-10 23:25 - 2013-06-27 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-10 23:13 - 2013-06-27 20:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-10 18:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:27 - 2014-03-09 21:19 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:20 - 2013-06-27 19:16 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Google
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google

Some content of TEMP:
====================
C:\Users\irmhov1\AppData\Local\Temp\ose00000.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00001.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-09 11:05

==================== End Of Log ============================
--- --- ---

--- --- ---


Sorry, hatte versehentlich die Addition nicht gepostet:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by irmhov1 at 2014-03-14 09:08:23
Running from C:\Users\irmhov1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1AB4D394-B72C-86E8-4D58-27147BC4071E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2008 - Avast Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.3124 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.1920 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Driver Restore (HKLM-x32\...\{273130E8-117C-4237-A0FA-83EBBF11E051}) (Version: 8.1 - Driver Restore)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}) (Version: 7.1.1.1580 - Google)
HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2 - PC Utilities Software Limited) <==== ATTENTION
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

20-02-2014 15:48:33 Geplanter Prüfpunkt
09-03-2014 10:04:34 Windows Update
09-03-2014 17:10:45 Wiederherstellungsvorgang
10-03-2014 23:31:53 avast! antivirus system restore point
11-03-2014 13:37:14 Computer funktioniert einigermaßen

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0161B12A-62C8-4BB9-AD73-F01819F3A096} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2EF21996-DDA0-4389-ACB5-87ACC9F5E2F1} - System32\Tasks\Driver Restore-RTMRules => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters)
Task: {34512CA5-478D-4A44-86CA-73AB0D72C44F} - System32\Tasks\Driver Restore-RTMUpdater => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters)
Task: {5FE25911-673F-4BE7-A378-307F8CEE59DE} - System32\Tasks\Driver Restore-RTMScan => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters)
Task: {86AC3A12-D548-429B-B2EB-A1BE11B4C690} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AAC87D38-E542-477F-BF1F-062172937266} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-08] (AVAST Software)
Task: {AADFCB49-0F35-46BC-B302-3A597F6510CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {AE8D75F3-525B-4D43-9856-9BDD49013223} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CBABF4B4-16C2-4828-BB38-81FBC5692A2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {D70F38E2-319A-4FD6-9106-9C01599A8331} - System32\Tasks\Driver Restore-RTMScanRunOnce => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-11-09 15:36 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-13 18:53 - 2014-03-13 18:53 - 00208384 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\XPBurnComponent\1f2a69606066f6659f281e39acb384a3\XPBurnComponent.ni.dll
2013-09-19 10:10 - 2013-09-19 10:10 - 00653704 _____ () C:\Program Files (x86)\Driver Restore\Driver Restore\ThemePack.DriverRestore.dll
2013-09-19 09:31 - 2013-09-19 09:31 - 00412064 _____ () C:\Program Files (x86)\Driver Restore\Driver Restore\Agent.Communication.XmlSerializers.dll
2012-08-06 13:08 - 2012-08-06 13:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 12:54 - 2012-08-06 12:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-13 20:07 - 2014-03-13 18:32 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031301\algo.dll
2014-03-11 19:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-11 19:04 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-11 19:04 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-11 19:04 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-11 19:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-11-09 15:34 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-08 10:23 - 2013-12-08 10:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: VGA Single Chip
Description: VGA Single Chip
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2014 08:05:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LenovoQuickLaunch.exe, Version: 1.0.0.0, Zeitstempel: 0x5023cd23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988aa6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003811c
ID des fehlerhaften Prozesses: 0x928
Startzeit der fehlerhaften Anwendung: 0xLenovoQuickLaunch.exe0
Pfad der fehlerhaften Anwendung: LenovoQuickLaunch.exe1
Pfad des fehlerhaften Moduls: LenovoQuickLaunch.exe2
Berichtskennung: LenovoQuickLaunch.exe3
Vollständiger Name des fehlerhaften Pakets: LenovoQuickLaunch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LenovoQuickLaunch.exe5

Error: (03/13/2014 08:05:13 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/12/2014 11:37:39 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LenovoQuickLaunch.exe, Version: 1.0.0.0, Zeitstempel: 0x5023cd23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988aa6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003811c
ID des fehlerhaften Prozesses: 0x4c8
Startzeit der fehlerhaften Anwendung: 0xLenovoQuickLaunch.exe0
Pfad der fehlerhaften Anwendung: LenovoQuickLaunch.exe1
Pfad des fehlerhaften Moduls: LenovoQuickLaunch.exe2
Berichtskennung: LenovoQuickLaunch.exe3
Vollständiger Name des fehlerhaften Pakets: LenovoQuickLaunch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LenovoQuickLaunch.exe5

Error: (03/12/2014 11:37:38 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/11/2014 06:49:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LenovoQuickLaunch.exe, Version: 1.0.0.0, Zeitstempel: 0x5023cd23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988aa6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003811c
ID des fehlerhaften Prozesses: 0xdd0
Startzeit der fehlerhaften Anwendung: 0xLenovoQuickLaunch.exe0
Pfad der fehlerhaften Anwendung: LenovoQuickLaunch.exe1
Pfad des fehlerhaften Moduls: LenovoQuickLaunch.exe2
Berichtskennung: LenovoQuickLaunch.exe3
Vollständiger Name des fehlerhaften Pakets: LenovoQuickLaunch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LenovoQuickLaunch.exe5

Error: (03/11/2014 06:49:52 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/11/2014 06:49:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LenovoQuickLaunch.exe, Version: 1.0.0.0, Zeitstempel: 0x5023cd23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988aa6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003811c
ID des fehlerhaften Prozesses: 0xe08
Startzeit der fehlerhaften Anwendung: 0xLenovoQuickLaunch.exe0
Pfad der fehlerhaften Anwendung: LenovoQuickLaunch.exe1
Pfad des fehlerhaften Moduls: LenovoQuickLaunch.exe2
Berichtskennung: LenovoQuickLaunch.exe3
Vollständiger Name des fehlerhaften Pakets: LenovoQuickLaunch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LenovoQuickLaunch.exe5

Error: (03/11/2014 06:49:27 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/11/2014 06:48:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LenovoQuickLaunch.exe, Version: 1.0.0.0, Zeitstempel: 0x5023cd23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988aa6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003811c
ID des fehlerhaften Prozesses: 0xe50
Startzeit der fehlerhaften Anwendung: 0xLenovoQuickLaunch.exe0
Pfad der fehlerhaften Anwendung: LenovoQuickLaunch.exe1
Pfad des fehlerhaften Moduls: LenovoQuickLaunch.exe2
Berichtskennung: LenovoQuickLaunch.exe3
Vollständiger Name des fehlerhaften Pakets: LenovoQuickLaunch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LenovoQuickLaunch.exe5

Error: (03/11/2014 06:48:17 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (03/14/2014 08:35:18 AM) (Source: ipnathlp) (User: )
Description: 192.168.178.54192.168.137.0255.255.255.0

Error: (03/14/2014 08:35:18 AM) (Source: ipnathlp) (User: )
Description: 

Error: (03/14/2014 08:34:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (03/14/2014 08:34:28 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (03/13/2014 08:07:13 PM) (Source: ipnathlp) (User: )
Description: 192.168.178.54192.168.137.0255.255.255.0

Error: (03/13/2014 08:07:13 PM) (Source: ipnathlp) (User: )
Description: 

Error: (03/13/2014 08:06:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (03/13/2014 08:06:24 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (03/13/2014 02:05:00 PM) (Source: ipnathlp) (User: )
Description: 192.168.178.54192.168.137.0255.255.255.0

Error: (03/13/2014 02:05:00 PM) (Source: ipnathlp) (User: )
Description: 


Microsoft Office Sessions:
=========================
Error: (03/13/2014 08:05:14 PM) (Source: Application Error)(User: )
Description: LenovoQuickLaunch.exe1.0.0.05023cd23KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811c92801cf3eef23690bc9C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exeC:\Windows\system32\KERNELBASE.dll67fbfd59-aae2-11e3-8016-d43d7e2fdc19

Error: (03/13/2014 08:05:13 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/12/2014 11:37:39 AM) (Source: Application Error)(User: )
Description: LenovoQuickLaunch.exe1.0.0.05023cd23KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811c4c801cf3ddf0f6d1cc3C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exeC:\Windows\system32\KERNELBASE.dll54c46d8a-a9d2-11e3-8010-d43d7e2fdc19

Error: (03/12/2014 11:37:38 AM) (Source: .NET Runtime)(User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/11/2014 06:49:52 PM) (Source: Application Error)(User: )
Description: LenovoQuickLaunch.exe1.0.0.05023cd23KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811cdd001cf3d52473129c5C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exeC:\Windows\system32\KERNELBASE.dll8bd832e5-a945-11e3-800e-d43d7e2fdc19

Error: (03/11/2014 06:49:52 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/11/2014 06:49:27 PM) (Source: Application Error)(User: )
Description: LenovoQuickLaunch.exe1.0.0.05023cd23KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811ce0801cf3d523ac10210C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exeC:\Windows\system32\KERNELBASE.dll7cf2383b-a945-11e3-800e-d43d7e2fdc19

Error: (03/11/2014 06:49:27 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/11/2014 06:48:17 PM) (Source: Application Error)(User: )
Description: LenovoQuickLaunch.exe1.0.0.05023cd23KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811ce5001cf3d5204780c98C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exeC:\Windows\system32\KERNELBASE.dll53661ddb-a945-11e3-800e-d43d7e2fdc19

Error: (03/11/2014 06:48:17 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3542.76 MB
Available physical RAM: 2145.86 MB
Total Pagefile: 4182.76 MB
Available Pagefile: 2463.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:806.02 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
__________________
Alt 15.03.2014, 11:33   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Bitte alles deinstallieren was Du in der Additional.txt mit dem Zusatz <==ATTENTON findest.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.03.2014, 23:34   #5
xenofex
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Hallo Schrauber,

danke für deine Antwort. Ich habe HTC Home Apis und den Bundled Software Installer problemlos deinstalliert. Optimizer Pro läßt sich nicht deinstallieren; es erscheint folgende Nachricht:

Message file "C:\ProgramFiles(x86)Optimizer Pro\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program.

Ich füge trotzdem mal die Log-Datei von Malwarebytes ein:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.15.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
irmhov1 :: IRMHOV [Administrator]

15.03.2014 16:12:59
mbam-log-2014-03-15 (16-12-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215690
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
VG und ein schönes Wochenende,

xenofex

Hallo Schrauber,

nach einem stressigen Tag komme ich erst jetzt dazu, die restlichen Logs zu posten:

Adware Cleaner:

Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 15/03/2014 um 22:46:19
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : irmhov1 - IRMHOV
# Gestartet von : C:\Users\irmhov1\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Users\irmhov1\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\irmhov1\AppData\LocalLow\Minibar
Ordner Gelöscht : C:\Users\irmhov1\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\irmhov1\Documents\Optimizer Pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2781 octets] - [15/03/2014 22:44:15]
AdwCleaner[S0].txt - [2385 octets] - [15/03/2014 22:46:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2445 octets] ##########
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by irmhov1 on 15.03.2014 at 23:11:32,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\irmhov1\AppData\Roaming\mozilla\firefox\profiles\gxnjo8ee.default\prefs.js

user_pref("browser.search.defaultenginename", "Ixquick HTTPS - Deutsch");
user_pref("browser.search.selectedEngine", "Ixquick HTTPS - Deutsch");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2014 at 23:18:41,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by irmhov1 (administrator) on IRMHOV on 15-03-2014 23:22:15
Running from C:\Users\irmhov1\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-08] (AVAST Software)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Driver Restore] - C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKCU - {FE288B81-F739-409D-8A64-81FB9F33CE22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-11]
FF Extension: DownloadHelper - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-11]
FF Extension: NoScript - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-11]
FF Extension: Adblock Plus - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 23:18 - 2014-03-15 23:18 - 00001038 _____ () C:\Users\irmhov1\Desktop\JRT.txt
2014-03-15 23:11 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 22:44 - 2014-03-15 22:46 - 00000000 ____D () C:\AdwCleaner
2014-03-15 22:39 - 2014-03-15 22:39 - 01037734 _____ (Thisisu) C:\Users\irmhov1\Desktop\JRT.exe
2014-03-15 22:38 - 2014-03-15 22:38 - 01950720 _____ () C:\Users\irmhov1\Desktop\adwcleaner.exe
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 09:08 - 2014-03-14 09:08 - 00053292 _____ () C:\Users\irmhov1\Desktop\Addition.txt
2014-03-14 09:07 - 2014-03-15 23:22 - 00012494 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-14 09:07 - 2014-03-15 23:22 - 00000000 ____D () C:\FRST
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-13 13:29 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 13:29 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 13:29 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-13 13:29 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 13:28 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 13:28 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 13:28 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 13:28 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-13 13:28 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-13 13:27 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 13:27 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 13:27 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 13:27 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:43 - 2014-03-12 11:44 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:42 - 2014-03-15 20:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-12 11:42 - 2014-03-12 11:46 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:04 - 2014-03-11 19:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 15:02 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-11 00:44 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-11 00:44 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:19 - 2014-03-09 21:27 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:03 - 2014-03-12 11:41 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-09 11:01 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-09 11:01 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-09 11:01 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-09 11:01 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-09 11:01 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-09 11:01 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-09 11:01 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-09 11:00 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-09 11:00 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-03-09 11:00 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-03-09 11:00 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-03-09 11:00 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-03-09 11:00 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-09 11:00 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-09 11:00 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-09 11:00 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

==================== One Month Modified Files and Folders =======

2014-03-15 23:22 - 2014-03-14 09:07 - 00012494 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-15 23:22 - 2014-03-14 09:07 - 00000000 ____D () C:\FRST
2014-03-15 23:18 - 2014-03-15 23:18 - 00001038 _____ () C:\Users\irmhov1\Desktop\JRT.txt
2014-03-15 23:18 - 2013-02-19 11:49 - 00003588 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-5302519-908166271-969323471-1002
2014-03-15 23:11 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 23:06 - 2013-02-19 11:42 - 01848799 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 23:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-15 22:55 - 2012-11-08 14:34 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 22:55 - 2012-11-08 14:34 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 22:55 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 22:49 - 2013-03-27 17:18 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Skype
2014-03-15 22:48 - 2014-01-26 16:01 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-15 22:47 - 2013-02-22 18:23 - 00000288 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-15 22:47 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 22:46 - 2014-03-15 22:44 - 00000000 ____D () C:\AdwCleaner
2014-03-15 22:39 - 2014-03-15 22:39 - 01037734 _____ (Thisisu) C:\Users\irmhov1\Desktop\JRT.exe
2014-03-15 22:38 - 2014-03-15 22:38 - 01950720 _____ () C:\Users\irmhov1\Desktop\adwcleaner.exe
2014-03-15 20:28 - 2014-03-12 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-15 19:52 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-15 19:06 - 2013-02-23 10:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Outlook-Dateien
2014-03-15 04:43 - 2012-11-08 13:51 - 00578554 _____ () C:\Windows\PFRO.log
2014-03-15 02:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 11:34 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-14 09:08 - 2014-03-14 09:08 - 00053292 _____ () C:\Users\irmhov1\Desktop\Addition.txt
2014-03-14 08:52 - 2013-02-22 17:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-12 23:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:56 - 2014-03-11 15:02 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 12:08 - 2013-02-22 18:23 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-12 11:46 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:44 - 2014-03-12 11:43 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-12 11:41 - 2014-03-09 20:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-12 10:46 - 2013-02-22 18:23 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-12 00:05 - 2013-03-27 21:12 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\vlc
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:17 - 2014-03-11 19:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:41 - 2013-02-19 18:04 - 00000000 ____D () C:\ProgramData\UAB
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:41 - 2013-09-13 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 10:26 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2014-03-11 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-11 10:17 - 2013-11-22 17:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2013-02-19 11:42 - 00000000 ____D () C:\Users\irmhov1
2014-03-11 00:42 - 2013-06-27 20:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-11 00:41 - 2012-07-26 08:21 - 00032081 _____ () C:\Windows\setupact.log
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\MSDRM
2014-03-11 00:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-10 23:34 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-10 23:28 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-03-10 23:25 - 2013-06-27 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-10 23:13 - 2013-06-27 20:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-10 18:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:27 - 2014-03-09 21:19 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:20 - 2013-06-27 19:16 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Google
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-04 23:52 - 2013-02-27 23:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2013-02-27 23:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-23 09:13 - 2014-03-13 13:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 09:12 - 2014-03-13 13:29 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 09:11 - 2014-03-13 13:29 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 07:35 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 07:31 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 05:06 - 2014-03-13 13:28 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

Some content of TEMP:
====================
C:\Users\irmhov1\AppData\Local\Temp\bi_cleaner.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00000.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00001.exe
C:\Users\irmhov1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-09 11:05

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Ich danke dir recht herzlich für deine Bemühungen.

Freundliche Grüße,

xenofex


Alt 16.03.2014, 17:49   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Win 8 - Optimizer Pro

Alt 17.03.2014, 17:26   #7
xenofex
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Hallo Schrauber,

ich habe noch eine externe Festplatte sowie einen USB-Stick überprüfen lassen. Eset hat über Nacht gesucht und war erst nach mehr als 13 Stunden fertig. Nachstehend das Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=903a221e59bab44bb3d785c1aee39896
# engine=17471
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-17 09:22:26
# local_time=2014-03-17 10:22:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=774 16777213 85 83 553174 171758018 0 0
# compatibility_mode=5893 16776574 100 94 254836 24041614 0 0
# scanned=632623
# found=3
# cleaned=0
# scan_time=49485
sh=8C44AA7E75468E8F102EB840C8314FEE1D37E356 ft=1 fh=58c412e2f2041f6b vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"
sh=C8425EECBD8D9DB78B6E689E9EAF044C1E686949 ft=1 fh=43a81fe4033d5918 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=42F4923FF754F6F4EC1C1BA1172F17927E811F30 ft=1 fh=ed54f1f76cd17ebd vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir"
Eset ist deinstalliert, der Papierkorb geleert und Firewall sowie avast sind wieder aktiviert.

Logs von Security Check und FRST poste ich heute nachmittag.

Freundliche Grüße,

xenofex

Hier sind die restlichen Logs:

Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus 2014   
Windows Defender     
avast! Antivirus     
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Mozilla Firefox (27.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by irmhov1 (administrator) on IRMHOV on 17-03-2014 17:01:50
Running from C:\Users\irmhov1\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
() C:\Users\irmhov1\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-08] (AVAST Software)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Driver Restore] - C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKCU - {FE288B81-F739-409D-8A64-81FB9F33CE22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF SelectedSearchEngine: Ixquick HTTPS - Deutsch
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-11]
FF Extension: DownloadHelper - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-11]
FF Extension: NoScript - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-11]
FF Extension: Adblock Plus - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 19:58 - 2014-03-16 19:58 - 00987442 _____ () C:\Users\irmhov1\Desktop\SecurityCheck.exe
2014-03-16 19:48 - 2014-03-16 20:05 - 02347384 _____ (ESET) C:\Users\irmhov1\Desktop\esetsmartinstaller_enu.exe
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Brother
2014-03-15 23:18 - 2014-03-15 23:18 - 00001038 _____ () C:\Users\irmhov1\Desktop\JRT.txt
2014-03-15 23:11 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 22:44 - 2014-03-15 22:46 - 00000000 ____D () C:\AdwCleaner
2014-03-15 22:39 - 2014-03-15 22:39 - 01037734 _____ (Thisisu) C:\Users\irmhov1\Desktop\JRT.exe
2014-03-15 22:38 - 2014-03-15 22:38 - 01950720 _____ () C:\Users\irmhov1\Desktop\adwcleaner.exe
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 09:08 - 2014-03-14 09:08 - 00053292 _____ () C:\Users\irmhov1\Desktop\Addition.txt
2014-03-14 09:07 - 2014-03-17 17:01 - 00012929 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-14 09:07 - 2014-03-17 17:01 - 00000000 ____D () C:\FRST
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-13 13:29 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 13:29 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 13:29 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-13 13:29 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 13:28 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 13:28 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 13:28 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 13:28 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-13 13:28 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-13 13:27 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 13:27 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 13:27 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 13:27 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:43 - 2014-03-12 11:44 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:42 - 2014-03-17 16:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-12 11:42 - 2014-03-12 11:46 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:04 - 2014-03-11 19:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 15:02 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-11 00:44 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-11 00:44 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:19 - 2014-03-09 21:27 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:03 - 2014-03-12 11:41 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-09 11:01 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-09 11:01 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-09 11:01 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-09 11:01 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-09 11:01 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-09 11:01 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-09 11:01 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-09 11:00 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-09 11:00 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-03-09 11:00 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-03-09 11:00 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-03-09 11:00 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-03-09 11:00 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-09 11:00 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-09 11:00 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-09 11:00 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

==================== One Month Modified Files and Folders =======

2014-03-17 17:01 - 2014-03-14 09:07 - 00012929 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-17 17:01 - 2014-03-14 09:07 - 00000000 ____D () C:\FRST
2014-03-17 17:01 - 2012-11-08 14:34 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-03-17 17:01 - 2012-11-08 14:34 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-03-17 17:01 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-17 16:57 - 2013-03-27 17:18 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Skype
2014-03-17 16:28 - 2014-03-12 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-17 16:19 - 2013-02-19 11:49 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-5302519-908166271-969323471-1002
2014-03-17 15:20 - 2013-02-22 17:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Microsoft Help
2014-03-17 15:09 - 2014-01-26 16:01 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-17 15:09 - 2013-02-22 18:23 - 00000288 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-17 15:09 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 10:33 - 2012-11-08 13:51 - 00579380 _____ () C:\Windows\PFRO.log
2014-03-16 20:05 - 2014-03-16 19:48 - 02347384 _____ (ESET) C:\Users\irmhov1\Desktop\esetsmartinstaller_enu.exe
2014-03-16 19:58 - 2014-03-16 19:58 - 00987442 _____ () C:\Users\irmhov1\Desktop\SecurityCheck.exe
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Brother
2014-03-15 23:18 - 2014-03-15 23:18 - 00001038 _____ () C:\Users\irmhov1\Desktop\JRT.txt
2014-03-15 23:11 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 23:06 - 2013-02-19 11:42 - 01848799 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 22:46 - 2014-03-15 22:44 - 00000000 ____D () C:\AdwCleaner
2014-03-15 22:39 - 2014-03-15 22:39 - 01037734 _____ (Thisisu) C:\Users\irmhov1\Desktop\JRT.exe
2014-03-15 22:38 - 2014-03-15 22:38 - 01950720 _____ () C:\Users\irmhov1\Desktop\adwcleaner.exe
2014-03-15 19:52 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-15 19:06 - 2013-02-23 10:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Outlook-Dateien
2014-03-15 02:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 11:34 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-14 09:08 - 2014-03-14 09:08 - 00053292 _____ () C:\Users\irmhov1\Desktop\Addition.txt
2014-03-14 08:52 - 2013-02-22 17:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-12 23:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:56 - 2014-03-11 15:02 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 12:08 - 2013-02-22 18:23 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-12 11:46 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:44 - 2014-03-12 11:43 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-12 11:41 - 2014-03-09 20:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-12 10:46 - 2013-02-22 18:23 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-12 00:05 - 2013-03-27 21:12 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\vlc
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:17 - 2014-03-11 19:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:41 - 2013-02-19 18:04 - 00000000 ____D () C:\ProgramData\UAB
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:41 - 2013-09-13 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 10:26 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2014-03-11 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-11 10:17 - 2013-11-22 17:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2013-02-19 11:42 - 00000000 ____D () C:\Users\irmhov1
2014-03-11 00:42 - 2013-06-27 20:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-11 00:41 - 2012-07-26 08:21 - 00032081 _____ () C:\Windows\setupact.log
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\MSDRM
2014-03-11 00:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-10 23:34 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-10 23:28 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-03-10 23:25 - 2013-06-27 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-10 23:13 - 2013-06-27 20:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-10 18:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:27 - 2014-03-09 21:19 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:20 - 2013-06-27 19:16 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Google
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-04 23:52 - 2013-02-27 23:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2013-02-27 23:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-23 09:13 - 2014-03-13 13:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 09:12 - 2014-03-13 13:29 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 09:11 - 2014-03-13 13:29 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 07:35 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 07:31 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 05:06 - 2014-03-13 13:28 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

Some content of TEMP:
====================
C:\Users\irmhov1\AppData\Local\Temp\bi_cleaner.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00000.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00001.exe
C:\Users\irmhov1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-09 11:05

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Hi Schrauber, wie sieht's aus; haben wir das Biest bald gekillt?

Ein Problem gibt es noch: LENOVO Quick Launch funktioniert noch immer nicht. Wie kann man das beheben? Danke im Voraus.

Freundliche Grüße,

xenofex

Alt 18.03.2014, 11:05   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Installier die Software einfach mal neu.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.03.2014, 13:23   #9
xenofex
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Hallo Schrauber,

auf dem Rechner war WIN 8 vorinstalliert und da war auch LEVONO Quick Launch dabei. Es ist also keine separate Software.
Ich habe mal im Windows 8-Forum nachgeschaut, dort melden viele User das gleiche Problem und es findet sich keine Lösung dafür. Man vermutet, dass ein Windows-Update den Fehler verursacht hat.
Ich komme auch ohne Quick Launch klar, aber ....... der Rechner gehört nicht mir, er ist mir nur zur Verfügung gestellt bis ich einen neuen habe.

Wie ich gesehen habe, befinden sich noch Reste vom Organizer Pro bei Adwcleaner im Quarantäneordner. Kann ich die so einfach löschen? Danke im Voraus für deine Antwort.

Freundliche Grüße,

xenofex

Alt 19.03.2014, 10:42   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Das räumen wir jetzt auf.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.03.2014, 17:19   #11
xenofex
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Hallo Schrauber,

mit Delfix habe ich die Festplatte endgültig sauber bekommen. Ich danke dir ganz herzlich für deine schnelle und kompetente Hilfe.

Diesbezüglich habe ich keine Fragen mehr, allerdings möchte ich noch die Festplatte meines defekten Rechners überprüfen, bevor ich sie an den jetzt sauberen Computer anschließe. Aber dafür werde ich einen neuen Thread eröffnen.

Nochmals DANKE !

Viele Grüße,

xenofex

Alt 20.03.2014, 09:55   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Win 8 - Optimizer Pro - Standard

Win 8 - Optimizer Pro


Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 8 - Optimizer Pro
autostart, avast, computer, dateien, driver, eliminieren, funktionieren, guten, home, infizierte, installer, installiert, launch, logfile, malware, nichts, optimizer, probleme, quick, rechner, scan, search, software, steal, win, woche


« Add-on Namens AllllTuuBeNoAds geht nicht weg | Win7 PC langsam und hängt oft! Antispy Alarm »


Ähnliche Themen: Win 8 - Optimizer Pro


  1. Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 01.01.2015 (10)
  2. Optimizer Pro wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (3)
  3. Optimizer Pro :-(
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (8)
  4. Optimizer Pro und Spyhunter
    Plagegeister aller Art und deren Bekämpfung - 08.05.2014 (12)
  5. PC Optimizer Pro (malware)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (11)
  6. Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (19)
  7. Optimizer Pro loswerden ?
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (19)
  8. PC Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (9)
  9. optimizer pro
    Plagegeister aller Art und deren Bekämpfung - 04.01.2014 (11)
  10. Optimizer Pro
    Log-Analyse und Auswertung - 12.12.2013 (5)
  11. Win 8 64bit: Optimizer Pro v3.1
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (11)
  12. PC Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (13)
  13. SpyHunter 4 + Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (59)
  14. Optimizer Pro auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (17)
  15. Malware My Disk ,Memory Optimizer,HDD Optimizer auf welchem Weg ins System?
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (12)
  16. Internet Optimizer
    Plagegeister aller Art und deren Bekämpfung - 12.08.2005 (13)
  17. internet optimizer
    Plagegeister aller Art und deren Bekämpfung - 09.12.2004 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 8 - Optimizer Pro - Hallo und guten Abend! Nachdem sich am Wochenende mein PC (Win 7) endgültig verabschiedet hat, wurde mir ein Rechner mit Win 8 zur Verfügung gestellt, der jedoch einige Probleme aufzeigt. - Win 8 - Optimizer Pro...
Archiv
Du betrachtest: Win 8 - Optimizer Pro auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58