Hallo und guten Tag,

gestern erhielt ich die aus meinem defekten Rechner ausgebaute Festplatte mit der Bemerkung, dass sich darauf "allerhand Ungeziefer" befände. Auf der FP befinden sich noch Daten, die ich unbedingt brauche.

Bevor ich jedoch auf die FP zugreife, möchte ich sie scannen und nach Möglichkeit alle Schädlinge beseitigen, damit mein neuer, gerade erst mit Hilfe von Schrauber bereinigter Computer nicht erneut infiziert wird.

Besagte Festplatte verfügt über die entsprechende Vorrichtung um sie als externe Festplatte an den Rechner anzuschließen.

Wie gehe ich am Besten vor? Für eure Hilfe bedanke ich mich im Voraus.

Freundliche Grüße,

xenofex

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Schrauber,

freut mich, dass du mir wieder helfen willst. Anbei die erbetenen Logs:


FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by irmhov1 (administrator) on IRMHOV on 21-03-2014 17:33:26
Running from C:\Users\irmhov1\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-08] (AVAST Software)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Driver Restore] - C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKCU - {FE288B81-F739-409D-8A64-81FB9F33CE22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF SelectedSearchEngine: Ixquick HTTPS - Deutsch
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-11]
FF Extension: DownloadHelper - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-11]
FF Extension: NoScript - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-11]
FF Extension: Adblock Plus - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 17:33 - 2014-03-21 17:33 - 00010992 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-21 17:33 - 2014-03-21 17:33 - 00000000 ____D () C:\FRST
2014-03-21 17:28 - 2014-03-21 17:28 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-21 16:32 - 2014-03-21 16:32 - 01066536 _____ (BillP Studios) C:\Users\irmhov1\Downloads\wpsetup.exe
2014-03-21 16:10 - 2014-03-21 16:10 - 04095448 _____ (BrightFort LLC ) C:\Users\irmhov1\Downloads\spywareblastersetup50.exe
2014-03-21 16:07 - 2014-03-21 16:07 - 00448512 _____ (OldTimer Tools) C:\Users\irmhov1\Downloads\TFC.exe
2014-03-21 10:03 - 2014-03-21 10:03 - 00000241 _____ () C:\Windows\Brpfx04a.ini
2014-03-21 10:03 - 2014-03-21 10:03 - 00000093 _____ () C:\Windows\brpcfx.ini
2014-03-21 10:02 - 2014-03-21 10:02 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2014-03-21 10:01 - 2014-03-21 10:01 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-03-21 10:01 - 2008-10-17 20:04 - 00179712 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5b.dll
2014-03-21 10:01 - 2008-06-17 15:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2014-03-21 10:01 - 2007-12-13 22:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2014-03-21 10:01 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2014-03-21 10:01 - 2007-12-13 22:16 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2014-03-21 10:01 - 2006-12-28 13:39 - 00176128 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll
2014-03-21 10:01 - 2003-11-28 18:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\Downloads\mflpro
2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\InstallShield
2014-03-21 09:59 - 2014-03-21 10:00 - 45949032 _____ (A.I.SOFT,INC.) C:\Users\irmhov1\Downloads\MFC-250C-inst-win8-A1.EXE
2014-03-21 09:51 - 2014-03-21 09:51 - 00000000 ____D () C:\ProgramData\Brother
2014-03-20 21:26 - 2014-03-20 21:27 - 53904525 _____ () C:\Users\irmhov1\Downloads\blender-2.70-windows64.exe
2014-03-20 19:25 - 2014-03-21 07:17 - 00000000 ____D () C:\Users\irmhov1\Downloads\Drucker_Treiber_Win 8
2014-03-20 19:10 - 2014-03-20 19:10 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-19 11:04 - 2014-03-19 11:05 - 00001270 _____ () C:\DelFix.txt
2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Skype
2014-03-18 23:57 - 2014-03-18 23:57 - 21987424 _____ (Mozilla) C:\Users\irmhov1\Downloads\Thunderbird Setup 24.4.0.exe
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Brother
2014-03-15 23:11 - 2014-03-19 11:04 - 00000000 ____D () C:\Windows\ERUNT
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 13:29 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 13:29 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 13:29 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 13:29 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-13 13:29 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 13:28 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-13 13:28 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 13:28 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 13:28 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 13:28 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 13:28 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 13:28 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 13:28 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 13:28 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-13 13:28 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-13 13:27 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 13:27 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 13:27 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 13:27 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 15:56 - 2014-03-19 23:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:42 - 2014-03-19 00:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:04 - 2014-03-11 19:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 15:02 - 2014-03-21 10:42 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:44 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-11 00:44 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-03-11 00:44 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-03-11 00:44 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-11 00:44 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-11 00:44 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-11 00:41 - 2014-03-21 10:02 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-11 00:41 - 2014-03-21 10:02 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:19 - 2014-03-09 21:27 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:03 - 2014-03-20 22:54 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-09 11:01 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-09 11:01 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-09 11:01 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-09 11:01 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-09 11:01 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-09 11:01 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-09 11:01 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-09 11:00 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-09 11:00 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-09 11:00 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-03-09 11:00 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-03-09 11:00 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-03-09 11:00 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-03-09 11:00 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-03-09 11:00 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-09 11:00 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-09 11:00 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-09 11:00 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

==================== One Month Modified Files and Folders =======

2014-03-21 17:33 - 2014-03-21 17:33 - 00010992 _____ () C:\Users\irmhov1\Desktop\FRST.txt
2014-03-21 17:33 - 2014-03-21 17:33 - 00000000 ____D () C:\FRST
2014-03-21 17:33 - 2013-02-19 11:42 - 01128127 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 17:28 - 2014-03-21 17:28 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe
2014-03-21 17:19 - 2013-03-27 17:18 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Skype
2014-03-21 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-21 16:49 - 2013-02-19 11:49 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-5302519-908166271-969323471-1002
2014-03-21 16:32 - 2014-03-21 16:32 - 01066536 _____ (BillP Studios) C:\Users\irmhov1\Downloads\wpsetup.exe
2014-03-21 16:10 - 2014-03-21 16:10 - 04095448 _____ (BrightFort LLC ) C:\Users\irmhov1\Downloads\spywareblastersetup50.exe
2014-03-21 16:07 - 2014-03-21 16:07 - 00448512 _____ (OldTimer Tools) C:\Users\irmhov1\Downloads\TFC.exe
2014-03-21 16:00 - 2012-11-08 14:34 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-03-21 16:00 - 2012-11-08 14:34 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-03-21 16:00 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 15:54 - 2014-01-26 16:01 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-21 15:53 - 2013-02-22 18:23 - 00000288 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-21 15:53 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 12:19 - 2013-02-23 10:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Outlook-Dateien
2014-03-21 10:42 - 2014-03-11 15:02 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen
2014-03-21 10:03 - 2014-03-21 10:03 - 00000241 _____ () C:\Windows\Brpfx04a.ini
2014-03-21 10:03 - 2014-03-21 10:03 - 00000093 _____ () C:\Windows\brpcfx.ini
2014-03-21 10:02 - 2014-03-21 10:02 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2014-03-21 10:02 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-21 10:02 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-21 10:02 - 2012-07-26 08:21 - 00032876 _____ () C:\Windows\setupact.log
2014-03-21 10:01 - 2014-03-21 10:01 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-03-21 10:01 - 2012-11-09 09:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\Downloads\mflpro
2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\InstallShield
2014-03-21 10:00 - 2014-03-21 09:59 - 45949032 _____ (A.I.SOFT,INC.) C:\Users\irmhov1\Downloads\MFC-250C-inst-win8-A1.EXE
2014-03-21 09:51 - 2014-03-21 09:51 - 00000000 ____D () C:\ProgramData\Brother
2014-03-21 07:17 - 2014-03-20 19:25 - 00000000 ____D () C:\Users\irmhov1\Downloads\Drucker_Treiber_Win 8
2014-03-20 22:54 - 2014-03-09 20:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads
2014-03-20 21:27 - 2014-03-20 21:26 - 53904525 _____ () C:\Users\irmhov1\Downloads\blender-2.70-windows64.exe
2014-03-20 19:10 - 2014-03-20 19:10 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-20 19:10 - 2013-02-19 11:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Lenovo
2014-03-19 23:50 - 2013-06-27 20:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-19 23:49 - 2013-02-19 11:42 - 00000000 ____D () C:\Users\irmhov1
2014-03-19 23:47 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes
2014-03-19 23:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-03-19 11:05 - 2014-03-19 11:04 - 00001270 _____ () C:\DelFix.txt
2014-03-19 11:04 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Skype
2014-03-19 00:22 - 2013-03-27 17:18 - 00000000 ____D () C:\ProgramData\Skype
2014-03-19 00:21 - 2014-03-12 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-19 00:21 - 2012-11-08 13:51 - 00590570 _____ () C:\Windows\PFRO.log
2014-03-19 00:19 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-18 23:57 - 2014-03-18 23:57 - 21987424 _____ (Mozilla) C:\Users\irmhov1\Downloads\Thunderbird Setup 24.4.0.exe
2014-03-18 22:01 - 2013-11-22 17:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:59 - 2012-11-09 09:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 21:59 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-18 21:58 - 2013-02-22 17:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-18 21:44 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-18 08:54 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-17 22:04 - 2013-03-27 21:12 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\vlc
2014-03-17 15:20 - 2013-02-22 17:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Microsoft Help
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Brother
2014-03-15 02:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-03-14 15:09 - 2014-03-14 15:09 - 00376264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 11:34 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:19 - 2014-03-12 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 12:08 - 2013-02-22 18:23 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software
2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData
2014-03-12 10:46 - 2013-02-22 18:23 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-11 22:37 - 2014-03-11 22:37 - 00442890 _____ () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör.htm
2014-03-11 22:37 - 2014-03-11 22:37 - 00000000 ____D () C:\Users\irmhov1\Documents\Gaming _ Multimedia COMPUTER mit 3 Jahren Garantie! _  Amazon.de  Computer & Zubehör-Dateien
2014-03-11 19:17 - 2014-03-11 19:17 - 00000000 ____D () C:\Users\irmhov1\Documents\ProcAlyzer Dumps
2014-03-11 19:17 - 2014-03-11 19:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe
2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations
2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk
2014-03-11 13:41 - 2013-02-19 18:04 - 00000000 ____D () C:\ProgramData\UAB
2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe
2014-03-11 11:41 - 2013-09-13 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe
2014-03-11 10:26 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2014-03-11 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-11 00:45 - 2014-03-11 00:45 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\MSDRM
2014-03-11 00:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-10 23:34 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-10 23:25 - 2013-06-27 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-10 23:13 - 2013-06-27 20:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-10 18:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia
2014-03-09 21:27 - 2014-03-09 21:19 - 00000000 ____D () C:\Users\irmhov1\dwhelper
2014-03-09 20:20 - 2013-06-27 19:16 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Google
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla
2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google
2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google
2014-03-04 23:52 - 2013-02-27 23:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2013-02-27 23:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-23 09:13 - 2014-03-13 13:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 09:13 - 2014-03-13 13:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 09:12 - 2014-03-13 13:29 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 09:12 - 2014-03-13 13:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 09:11 - 2014-03-13 13:29 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 09:11 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 07:54 - 2014-03-13 13:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 07:53 - 2014-03-13 13:29 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 07:53 - 2014-03-13 13:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 07:35 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 07:31 - 2014-03-13 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 05:06 - 2014-03-13 13:28 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

Some content of TEMP:
====================
C:\Users\irmhov1\AppData\Local\Temp\bi_cleaner.exe
C:\Users\irmhov1\AppData\Local\Temp\ERUNT.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00000.exe
C:\Users\irmhov1\AppData\Local\Temp\ose00001.exe
C:\Users\irmhov1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-19 09:43

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---


und

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by irmhov1 at 2014-03-21 17:33:49
Running from C:\Users\irmhov1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1AB4D394-B72C-86E8-4D58-27147BC4071E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2008 - Avast Software)
Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.3124 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.1920 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Driver Restore (HKLM-x32\...\{273130E8-117C-4237-A0FA-83EBBF11E051}) (Version: 8.1 - Driver Restore)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}) (Version: 7.1.1.1580 - Google)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

19-03-2014 10:04:48 Ende der Bereinigung
19-03-2014 22:43:43 Wiederherstellungsvorgang
21-03-2014 09:01:17 Installiert MFL-Pro Suite

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0161B12A-62C8-4BB9-AD73-F01819F3A096} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1A4C89B0-525E-4BFD-98F6-4C6DE26B8F55} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-08] (AVAST Software)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2EF21996-DDA0-4389-ACB5-87ACC9F5E2F1} - System32\Tasks\Driver Restore-RTMRules => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters)
Task: {34512CA5-478D-4A44-86CA-73AB0D72C44F} - System32\Tasks\Driver Restore-RTMUpdater => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters)
Task: {5FE25911-673F-4BE7-A378-307F8CEE59DE} - System32\Tasks\Driver Restore-RTMScan => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters)
Task: {86AC3A12-D548-429B-B2EB-A1BE11B4C690} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AADFCB49-0F35-46BC-B302-3A597F6510CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {AE8D75F3-525B-4D43-9856-9BDD49013223} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CBABF4B4-16C2-4828-BB38-81FBC5692A2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {CCC4202C-26D1-4387-8532-57433FBCAB19} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-11-09 15:36 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-13 18:53 - 2014-03-13 18:53 - 00208384 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\XPBurnComponent\1f2a69606066f6659f281e39acb384a3\XPBurnComponent.ni.dll
2013-09-19 10:10 - 2013-09-19 10:10 - 00653704 _____ () C:\Program Files (x86)\Driver Restore\Driver Restore\ThemePack.DriverRestore.dll
2013-09-19 09:31 - 2013-09-19 09:31 - 00412064 _____ () C:\Program Files (x86)\Driver Restore\Driver Restore\Agent.Communication.XmlSerializers.dll
2014-03-21 10:01 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2012-08-06 13:08 - 2012-08-06 13:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 12:54 - 2012-08-06 12:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-21 15:54 - 2014-03-21 11:44 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032100\algo.dll
2014-03-11 19:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-11 19:04 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-11 19:04 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-11 19:04 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-11 19:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-11-09 15:34 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-08 10:23 - 2013-12-08 10:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-21 10:01 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: VGA Single Chip
Description: VGA Single Chip
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2014 07:07:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LenovoQuickLaunch.exe, Version: 1.0.0.0, Zeitstempel: 0x5023cd23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988aa6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003811c
ID des fehlerhaften Prozesses: 0x314
Startzeit der fehlerhaften Anwendung: 0xLenovoQuickLaunch.exe0
Pfad der fehlerhaften Anwendung: LenovoQuickLaunch.exe1
Pfad des fehlerhaften Moduls: LenovoQuickLaunch.exe2
Berichtskennung: LenovoQuickLaunch.exe3
Vollständiger Name des fehlerhaften Pakets: LenovoQuickLaunch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LenovoQuickLaunch.exe5

Error: (03/20/2014 07:07:55 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/20/2014 00:04:09 AM) (Source: Driver Restore) (User: )
Description: Zeitstempel: 19.03.2014 23:04:09
Meldung: Es ist eine Exception aufgetreten, die erkannt wurde: ObjectDisposedException
---------Exception-Informationen----------
Ortszeit: 20.03.2014 00:04:09
Type: ExceptionLogging, Version=3.0.0.93, Culture=neutral, PublicKeyToken=null
Meldung: Auf das verworfene Objekt kann nicht zugegriffen werden.
Objektname: "c".
Quelle: System.Windows.Forms
Zielstandort: Void CreateHandle()
Stacktrace:    bei System.Windows.Forms.Control.CreateHandle()
	
   bei System.Windows.Forms.Control.get_Handle()
	
   bei System.Windows.Forms.ContainerControl.FocusActiveControlInternal()
	
   bei System.Windows.Forms.ContainerControl.Select(Boolean directed, Boolean forward)
	
   bei System.Windows.Forms.Control.SelectNextControl(Control ctl, Boolean forward, Boolean tabStopOnly, Boolean nested, Boolean wrap)
	
   bei System.Windows.Forms.UserControl.WmSetFocus(Message& m)
	
   bei System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
	
   bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
--------------------------------------
Zusätzliche Informationen
Suchmaschinenname: IRMHOV
Assembly: ExceptionLogging, Version=3.0.0.93, Culture=neutral, PublicKeyToken=null
Anwendungsdomäne: DriverRestore.exe
Thread-Identität: irmhov\irmhov1
Thread-Name: 
Windows-Identität: irmhov\irmhov1
Prozessname:

Error: (03/20/2014 00:00:00 AM) (Source: ESENT) (User: )
Description: svchost (1600) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Windows\system32\SRU\SRU0005C.log.

Error: (03/19/2014 10:48:48 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LenovoQuickLaunch.exe, Version: 1.0.0.0, Zeitstempel: 0x5023cd23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988aa6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003811c
ID des fehlerhaften Prozesses: 0x18c
Startzeit der fehlerhaften Anwendung: 0xLenovoQuickLaunch.exe0
Pfad der fehlerhaften Anwendung: LenovoQuickLaunch.exe1
Pfad des fehlerhaften Moduls: LenovoQuickLaunch.exe2
Berichtskennung: LenovoQuickLaunch.exe3
Vollständiger Name des fehlerhaften Pakets: LenovoQuickLaunch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LenovoQuickLaunch.exe5

Error: (03/19/2014 10:48:47 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/19/2014 09:48:45 AM) (Source: Microsoft Office 14) (User: )
Description: Microsoft PowerPoint: Rejected Safe Mode action : PowerPoint konnte zuletzt nicht korrekt gestartet werden. Das Starten von PowerPoint im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie PowerPoint im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft PowerPoint.

Error: (03/17/2014 10:24:07 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/16/2014 08:35:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/16/2014 08:34:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (03/21/2014 03:54:13 PM) (Source: ipnathlp) (User: )
Description: 192.168.178.54192.168.137.0255.255.255.0

Error: (03/21/2014 03:54:13 PM) (Source: ipnathlp) (User: )
Description: 

Error: (03/21/2014 03:53:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (03/21/2014 03:53:38 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (03/21/2014 00:43:40 PM) (Source: DCOM) (User: irmhov)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (03/21/2014 10:47:50 AM) (Source: DCOM) (User: irmhov)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (03/21/2014 10:05:28 AM) (Source: ipnathlp) (User: )
Description: 192.168.178.54192.168.137.0255.255.255.0

Error: (03/21/2014 10:05:28 AM) (Source: ipnathlp) (User: )
Description: 

Error: (03/21/2014 10:05:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (03/21/2014 10:04:48 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0


Microsoft Office Sessions:
=========================
Error: (03/20/2014 07:07:56 PM) (Source: Application Error)(User: )
Description: LenovoQuickLaunch.exe1.0.0.05023cd23KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811c31401cf446747a725edC:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exeC:\Windows\system32\KERNELBASE.dll8fa91034-b05a-11e3-802f-d43d7e2fdc19

Error: (03/20/2014 07:07:55 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/20/2014 00:04:09 AM) (Source: Driver Restore)(User: )
Description: Zeitstempel: 19.03.2014 23:04:09
Meldung: Es ist eine Exception aufgetreten, die erkannt wurde: ObjectDisposedException
---------Exception-Informationen----------
Ortszeit: 20.03.2014 00:04:09
Type: ExceptionLogging, Version=3.0.0.93, Culture=neutral, PublicKeyToken=null
Meldung: Auf das verworfene Objekt kann nicht zugegriffen werden.
Objektname: "c".
Quelle: System.Windows.Forms
Zielstandort: Void CreateHandle()
Stacktrace:    bei System.Windows.Forms.Control.CreateHandle()
	
   bei System.Windows.Forms.Control.get_Handle()
	
   bei System.Windows.Forms.ContainerControl.FocusActiveControlInternal()
	
   bei System.Windows.Forms.ContainerControl.Select(Boolean directed, Boolean forward)
	
   bei System.Windows.Forms.Control.SelectNextControl(Control ctl, Boolean forward, Boolean tabStopOnly, Boolean nested, Boolean wrap)
	
   bei System.Windows.Forms.UserControl.WmSetFocus(Message& m)
	
   bei System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
	
   bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
--------------------------------------
Zusätzliche Informationen
Suchmaschinenname: IRMHOV
Assembly: ExceptionLogging, Version=3.0.0.93, Culture=neutral, PublicKeyToken=null
Anwendungsdomäne: DriverRestore.exe
Thread-Identität: irmhov\irmhov1
Thread-Name: 
Windows-Identität: irmhov\irmhov1
Prozessname:

Error: (03/20/2014 00:00:00 AM) (Source: ESENT)(User: )
Description: svchost1600SRUJet: C:\Windows\system32\SRU\SRU0005C.log-1811 (0xfffff8ed)

Error: (03/19/2014 10:48:48 AM) (Source: Application Error)(User: )
Description: LenovoQuickLaunch.exe1.0.0.05023cd23KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811c18c01cf434f7c8136d7C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exeC:\Windows\system32\KERNELBASE.dllaad5b7ef-af4b-11e3-802c-d43d7e2fdc19

Error: (03/19/2014 10:48:47 AM) (Source: .NET Runtime)(User: )
Description: Anwendung: LenovoQuickLaunch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NotSupportedException
Stapel:
   bei System.Security.Util.StringExpressionSet.CanonicalizePath(System.String, Boolean)
   bei System.Security.Util.StringExpressionSet.CreateListFromExpressions(System.String[], Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.Security.AccessControl.AccessControlActions, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission.AddPathList(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean, Boolean)
   bei System.Security.Permissions.FileIOPermission..ctor(System.Security.Permissions.FileIOPermissionAccess, System.String[], Boolean, Boolean)
   bei System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   bei System.IO.Directory.InternalGetFileDirectoryNames(System.String, System.String, System.String, Boolean, Boolean, System.IO.SearchOption, Boolean)
   bei System.IO.Directory.InternalGetFiles(System.String, System.String, System.IO.SearchOption)
   bei Lenovo.WPF.StartMenu.Logger.MonitorLog()
   bei Lenovo.WPF.StartMenu.Logger.WriteLog()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (03/19/2014 09:48:45 AM) (Source: Microsoft Office 14)(User: )
Description: Microsoft PowerPointPowerPoint konnte zuletzt nicht korrekt gestartet werden. Das Starten von PowerPoint im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie PowerPoint im abgesicherten Modus starten?

Error: (03/17/2014 10:24:07 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/16/2014 08:35:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\irmhov1\Desktop\esetsmartinstaller_enu.exe

Error: (03/16/2014 08:34:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\irmhov1\Desktop\esetsmartinstaller_enu.exe


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3542.76 MB
Available physical RAM: 2191.52 MB
Total Pagefile: 4182.76 MB
Available Pagefile: 2420.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:822.18 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.62 GB) NTFS
Drive j: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: () (Fixed) (Total:465.66 GB) (Free:143.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B2F954A7)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Viele Grüße,

xenofex

Platte anklemmen, dann mit MBAM nen Vollscan machen.

Hallo Schrauber,

danke für deine Antwort. Mir geht es vorrangig darum, wichtige Daten von der Festplatte zu sichern, um gegebenenfalls mit dem nunmehr sauberen neuen Rechner darauf zurückgreifen zu können. Vorher möchte ich sicher gehen, dass diese Dateien keine Malware, Viren usw. enthalten.

Die Festplatte wird nach Sicherung dieser Daten formatiert. Wenn unter diesem Gesichtspunkt trotzdem ein Vollscan mit MBAM erforderlich sein sollte, werde ich den Log umgehend posten.

Freundliche Grüße,

xenofex

Mit einem Vollscan durch MBAM weißt Du ob Malware drauf ist. DU kannst aber die Daten, die Du sichern willst, in einen eigenen Ordner auf der Festplatte packen und nur diesen Ordner scannen.

Sauber = Ordner auf den Rechner schieben und Platte formatieren.

Hallo Schrauber,

danke für deine Antwort. Ich habe, deinem Vorschlag entsprechend, die für mich relevanten Daten in einem Extraordner auf den Desktop gelegt. Anschließend habe ich diesen Ordner mit MBAM gescannt (Quickscan), wobei einigeSchädlinge gefunden wurden.

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.22.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
irmhov1 :: IRMHOV [Administrator]

23.03.2014 15:27:08
MBAM-log-2014-03-23 (16-21-58).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\Users\irmhov1\Desktop\Daten_irmhov|)
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 124898
Laufzeit: 52 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\htchome_setup.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\Pepakura-designer.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\SoftonicDownloader_fuer_photo-flash-maker.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\sysrc_trial_9407_german.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\YTD396Setup(Youtube-Downloader).exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt.

(Ende)
         

Von Softonic werde ich künftig NICHTS mehr downloaden.

Freundliche Grüße,

xenofex

[QUOTE=xenofex;1272641]Hallo Schrauber,

danke für deine Antwort. Ich habe, deinem Vorschlag entsprechend, die für mich relevanten Daten in einem Extraordner auf den Desktop gelegt. Anschließend habe ich diesen Ordner mit MBAM gescannt (Quickscan), wobei einigeSchädlinge gefunden wurden.

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.22.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
irmhov1 :: IRMHOV [Administrator]

23.03.2014 15:27:08
MBAM-log-2014-03-23 (16-21-58).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\Users\irmhov1\Desktop\Daten_irmhov|)
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 124898
Laufzeit: 52 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\htchome_setup.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\Pepakura-designer.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\SoftonicDownloader_fuer_photo-flash-maker.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\sysrc_trial_9407_german.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt.
C:\Users\irmhov1\Desktop\Daten_irmhov\Downloads\YTD396Setup(Youtube-Downloader).exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt.

(Ende)
         

Von Softonic werde ich NIE WIEDER etwas downloaden.

Nachtrag:

Die infizierten Dateien habe ich zwischenzeitlich gelöscht. Beim erneuten Scan des Ordners wurde nichts mehr gefunden:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.22.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
irmhov1 :: IRMHOV [Administrator]

23.03.2014 17:32:14
mbam-log-2014-03-23 (17-32-14).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\Users\irmhov1\Desktop\Daten_irmhov|)
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 124893
Laufzeit: 52 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Kann ich davon ausgehen, das die gesicherten Daten jetzt sauber sind oder sind noch weitere Schritte erforderlich?

Noch eine Frage: Im Quarantäne-Ordner von MBAM sind jede Menge Funde, auch aus anderen Scans, aufgelistet. Kann ich diese löschen oder werden sie noch benötigt?

Danke im Voraus.

Freundliche Grüße,

xenofex

Ja, passt kannst loslegen. Quarantäne kannste löschen.

Hallo Schrauber,

vielen, vielen Dank für deine Hilfe. Bin happy, dass ich wieder unbesorgt auf meine Daten zugreifen kann.

Alle Liebe und Gute und viele Grüße,

xenofex

Gern Geschehen