| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 8 - Optimizer ProWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.03.2014, 23:34
| #5 |
 |  Win 8 - Optimizer Pro Hallo Schrauber, danke für deine Antwort. Ich habe HTC Home Apis und den Bundled Software Installer problemlos deinstalliert. Optimizer Pro läßt sich nicht deinstallieren; es erscheint folgende Nachricht: Message file "C:\ProgramFiles(x86)Optimizer Pro\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program. Ich füge trotzdem mal die Log-Datei von Malwarebytes ein: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.15.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16843 irmhov1 :: IRMHOV [Administrator] 15.03.2014 16:12:59 mbam-log-2014-03-15 (16-12-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215690 Laufzeit: 3 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) xenofex Hallo Schrauber, nach einem stressigen Tag komme ich erst jetzt dazu, die restlichen Logs zu posten: Adware Cleaner: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 15/03/2014 um 22:46:19
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : irmhov1 - IRMHOV
# Gestartet von : C:\Users\irmhov1\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Users\irmhov1\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\irmhov1\AppData\LocalLow\Minibar
Ordner Gelöscht : C:\Users\irmhov1\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\irmhov1\Documents\Optimizer Pro
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16843
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2781 octets] - [15/03/2014 22:44:15]
AdwCleaner[S0].txt - [2385 octets] - [15/03/2014 22:46:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2445 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by irmhov1 on 15.03.2014 at 23:11:32,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\irmhov1\AppData\Roaming\mozilla\firefox\profiles\gxnjo8ee.default\prefs.js
user_pref("browser.search.defaultenginename", "Ixquick HTTPS - Deutsch");
user_pref("browser.search.selectedEngine", "Ixquick HTTPS - Deutsch");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2014 at 23:18:41,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by irmhov1 (administrator) on IRMHOV on 15-03-2014 23:22:15
Running from C:\Users\irmhov1\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-08] (AVAST Software)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Driver Restore] - C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKCU - {FE288B81-F739-409D-8A64-81FB9F33CE22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-11]
FF Extension: DownloadHelper - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-11]
FF Extension: NoScript - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-11]
FF Extension: Adblock Plus - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-15 23:18 - 2014-03-15 23:18 - 00001038 _____ () C:\Users\irmhov1\Desktop\JRT.txt
2014-03-15 23:11 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 22:44 - 2014-03-15 22:46 - 00000000 ____D () C:\AdwCleaner
2014-03-15 22:39 - 2014-03-15 22:39 - 01037734 _____ (Thisisu) C:\Users\irmhov1\Desktop\JRT.exe
2014-03-15 22:38 - 2014-03-15 22:38 - 01950720 _____ () C:\Users\irmhov1\Desktop\adwcleaner.exe
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 09:08 - 2014-03-14 09:08 - 00053292 _____ () C:\Users\irmhov1\Desktop\Addition.txt
2014-03-14 09:07 - 2014-03-15 23:22 - 00012494 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-14 09:07 - 2014-03-15 23:22 - 00000000 ____D () C:\FRST
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-13 13:29 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 13:29 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 13:29 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-13 13:29 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 13:28 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 13:28 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 13:28 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 13:28 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-13 13:28 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-13 13:27 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 13:27 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 13:27 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 13:27 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:43 - 2014-03-12 11:44 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:42 - 2014-03-15 20:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-12 11:42 - 2014-03-12 11:46 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _ Amazon.de Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _ Amazon.de Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:04 - 2014-03-11 19:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 15:02 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-11 00:44 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-11 00:44 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:19 - 2014-03-09 21:27 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:03 - 2014-03-12 11:41 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-09 11:01 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-09 11:01 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-09 11:01 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-09 11:01 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-09 11:01 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-09 11:01 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-09 11:01 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-09 11:00 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-09 11:00 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-03-09 11:00 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-03-09 11:00 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-03-09 11:00 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-03-09 11:00 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-09 11:00 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-09 11:00 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-09 11:00 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
==================== One Month Modified Files and Folders =======
2014-03-15 23:22 - 2014-03-14 09:07 - 00012494 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-15 23:22 - 2014-03-14 09:07 - 00000000 ____D () C:\FRST
2014-03-15 23:18 - 2014-03-15 23:18 - 00001038 _____ () C:\Users\irmhov1\Desktop\JRT.txt
2014-03-15 23:18 - 2013-02-19 11:49 - 00003588 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-5302519-908166271-969323471-1002
2014-03-15 23:11 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 23:06 - 2013-02-19 11:42 - 01848799 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 23:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-15 22:55 - 2012-11-08 14:34 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 22:55 - 2012-11-08 14:34 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 22:55 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 22:49 - 2013-03-27 17:18 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Skype
2014-03-15 22:48 - 2014-01-26 16:01 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-15 22:47 - 2013-02-22 18:23 - 00000288 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-15 22:47 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 22:46 - 2014-03-15 22:44 - 00000000 ____D () C:\AdwCleaner
2014-03-15 22:39 - 2014-03-15 22:39 - 01037734 _____ (Thisisu) C:\Users\irmhov1\Desktop\JRT.exe
2014-03-15 22:38 - 2014-03-15 22:38 - 01950720 _____ () C:\Users\irmhov1\Desktop\adwcleaner.exe
2014-03-15 20:28 - 2014-03-12 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-15 19:52 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-15 19:06 - 2013-02-23 10:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Outlook-Dateien
2014-03-15 04:43 - 2012-11-08 13:51 - 00578554 _____ () C:\Windows\PFRO.log
2014-03-15 02:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 11:34 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-14 09:08 - 2014-03-14 09:08 - 00053292 _____ () C:\Users\irmhov1\Desktop\Addition.txt
2014-03-14 08:52 - 2013-02-22 17:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 08:41 - 2014-03-14 08:41 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-12 23:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-12 15:56 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:56 - 2014-03-11 15:02 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 12:08 - 2013-02-22 18:23 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-12 11:46 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014
2014-03-12 11:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-12 11:44 - 2014-03-12 11:44 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVG2014
2014-03-12 11:44 - 2014-03-12 11:43 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ___HD () C:\$AVG
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-12 11:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-12 11:41 - 2014-03-09 20:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-12 10:46 - 2013-02-22 18:23 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-12 00:05 - 2013-03-27 21:12 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\vlc
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _ Amazon.de Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _ Amazon.de Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:17 - 2014-03-11 19:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:41 - 2013-02-19 18:04 - 00000000 ____D () C:\ProgramData\UAB
2014-03-11 13:40 - 2014-03-11 13:40 - 00003464 _____ () C:\Windows\System32\Tasks\Driver Restore-RTMScanRunOnce
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:41 - 2013-09-13 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 10:26 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2014-03-11 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-11 10:17 - 2013-11-22 17:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2013-02-19 11:42 - 00000000 ____D () C:\Users\irmhov1
2014-03-11 00:42 - 2013-06-27 20:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-11 00:41 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-11 00:41 - 2012-07-26 08:21 - 00032081 _____ () C:\Windows\setupact.log
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\MSDRM
2014-03-11 00:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-10 23:34 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-10 23:28 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-03-10 23:25 - 2013-06-27 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-10 23:13 - 2013-06-27 20:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-10 18:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:27 - 2014-03-09 21:19 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:20 - 2013-06-27 19:16 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Google
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-04 23:52 - 2013-02-27 23:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2013-02-27 23:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-23 09:13 - 2014-03-13 13:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 09:12 - 2014-03-13 13:29 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 09:11 - 2014-03-13 13:29 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 07:35 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 07:31 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 05:06 - 2014-03-13 13:28 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
Some content of TEMP:
====================
C:\Users\irmhov1\AppData\Local\Temp\bi_cleaner.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00000.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00001.exe
C:\Users\irmhov1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-09 11:05
==================== End Of Log ============================
--- --- --- --- --- --- Ich danke dir recht herzlich für deine Bemühungen. Freundliche Grüße, xenofex |
| Themen zu Win 8 - Optimizer Pro |
| autostart, avast, computer, dateien, driver, eliminieren, funktionieren, guten, home, infizierte, installer, installiert, launch, logfile, malware, nichts, optimizer, probleme, quick, rechner, scan, search, software, steal, win, woche |
Baum-Darstellung