![]() |
|
Log-Analyse und Auswertung: Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wirdWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird Hallo liebe Helfer, die folgende Schadsoftware wird von meinem Virenprogramm erkannt, scheint aber von diesem nicht korrekt entfernt werden zu können. Darüber hinaus wäre ich selbstverständlich dankbar zu Hinweisen bei etwaigen weiteren Auffälligkeiten auf meinem System. Schon mal vielen Dank im Voraus für die Hilfe. Hier zunächst mal ausführliche Information aus Avira zu dem entsprechenden "Virus": Code:
ATTFilter Typ: Datei Quelle: C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe Status: Infiziert Quarantäne-Objekt: 57313a45.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.03.18.36 Virendefinitionsdatei: 7.11.152.90 Gefunden: ADWARE/SearchSuite.c Datum/Uhrzeit: 02.06.2014, 00:44 defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:03 on 02/06/2014 (Michel1899) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01 Ran by Michel1899 (administrator) on MICHEL on 02-06-2014 01:05:37 Running from C:\Users\Michel1899\Downloads Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe (Dropbox, Inc.) C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-05-18] () HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-05-18] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKLM - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms} SearchScopes: HKCU - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = SearchScopes: HKCU - {58064229-5711-4E4D-8944-2B3587376579} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{32C9AFD3-EC4E-42BB-B031-675C2DE9F8AC}: [NameServer]193.174.193.231 FireFox: ======== FF ProfilePath: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default FF SearchEngineOrder.1: default-search.net FF Homepage: hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\searchplugins\default-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Settings Manager - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} [2014-05-18] FF Extension: PAYBACK Toolbar - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\toolbar-ff@payback.de.xpi [2014-05-07] FF Extension: Adblock Plus - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-19] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [] Chrome: ======= CHR HomePage: hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp" CHR DefaultSearchKeyword: ask.com CHR DefaultSearchProvider: default-search.net CHR DefaultSearchURL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Freemake Video Converter) - C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-19] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-04] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] () S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation) R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] () R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-02 01:05 - 2014-06-02 01:05 - 00024314 _____ () C:\Users\Michel1899\Downloads\FRST.txt 2014-06-02 01:05 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST 2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Downloads\FRST64.exe 2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log 2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable 2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe 2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker 2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe 2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx 2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip 2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip 2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip 2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList 2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList 2014-05-18 19:55 - 2014-06-02 00:45 - 00000000 ____D () C:\ProgramData\systemk 2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx 2014-05-16 09:33 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-16 09:33 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-15 14:29 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2014-05-15 14:29 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe 2014-05-15 14:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 14:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 14:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 14:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 14:28 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2014-05-15 14:28 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-05-15 14:28 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2014-05-15 14:28 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-05-15 14:28 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe 2014-05-15 14:28 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-05-15 14:28 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2014-05-15 14:28 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-05-15 14:28 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-05-15 14:28 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-05-15 14:28 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-15 14:28 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-05-15 14:28 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-15 14:28 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-05-15 14:28 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-05-15 14:28 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-05-15 14:28 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-05-15 14:28 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-05-15 14:28 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-05-15 14:28 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-05-15 14:28 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-05-15 14:28 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-05-15 14:28 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-05-15 14:28 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2014-05-15 14:28 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-05-15 14:28 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2014-05-15 14:28 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-05-15 14:28 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll 2014-05-15 14:28 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll 2014-05-15 14:28 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll 2014-05-15 14:28 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll 2014-05-15 14:28 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 14:28 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 14:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-05-15 14:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-05-15 14:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-05-15 12:03 - 2014-05-15 12:04 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx 2014-05-15 08:53 - 2014-05-24 11:14 - 00002948 _____ () C:\Windows\PFRO.log 2014-05-14 18:05 - 2014-05-26 10:54 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx 2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4 2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 20:51 - 2014-05-10 20:52 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi 2014-05-08 19:57 - 2014-05-08 19:58 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4 2014-05-05 22:34 - 2014-06-02 00:57 - 01653978 _____ () C:\Windows\WindowsUpdate.log 2014-05-05 17:11 - 2014-05-05 17:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-05 17:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-05 17:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-05 17:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-05 17:07 - 2014-05-05 17:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe 2014-05-04 20:45 - 2014-05-19 19:56 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db 2014-05-04 20:43 - 2014-05-04 20:44 - 00000004 _____ () C:\end 2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake 2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\ProgramData\Freemake 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\OpenCandy 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe 2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4 2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug 2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 ==================== One Month Modified Files and Folders ======= 2014-06-02 01:05 - 2014-06-02 01:05 - 00024314 _____ () C:\Users\Michel1899\Downloads\FRST.txt 2014-06-02 01:05 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST 2014-06-02 01:05 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Temp 2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Downloads\FRST64.exe 2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log 2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable 2014-06-02 01:03 - 2014-02-26 08:41 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1873882003-3979479213-967090690-1001 2014-06-02 01:03 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899 2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe 2014-06-02 01:01 - 2014-04-13 11:32 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-02 01:00 - 2014-02-26 11:12 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Dropbox 2014-06-02 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-06-02 00:59 - 2014-03-25 15:27 - 00000000 ___RD () C:\Users\Michel1899\SkyDrive 2014-06-02 00:59 - 2014-02-26 11:17 - 00000000 ___RD () C:\Users\Michel1899\Dropbox 2014-06-02 00:59 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\DropboxMaster 2014-06-02 00:58 - 2014-04-13 11:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-02 00:58 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-02 00:57 - 2014-05-05 22:34 - 01653978 _____ () C:\Windows\WindowsUpdate.log 2014-06-02 00:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-06-02 00:47 - 2014-04-13 11:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-02 00:45 - 2014-05-18 19:55 - 00000000 ____D () C:\ProgramData\systemk 2014-06-02 00:17 - 2014-02-26 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-01 22:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-05-27 09:58 - 2014-03-03 16:31 - 00667648 ___SH () C:\Users\Michel1899\Desktop\Thumbs.db 2014-05-26 20:58 - 2014-04-14 15:25 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\HpUpdate 2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker 2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe 2014-05-26 10:54 - 2014-05-14 18:05 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx 2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx 2014-05-24 12:17 - 2014-03-21 10:41 - 00001084 _____ () C:\Users\Michel1899\Desktop\Dropbox.lnk 2014-05-24 12:17 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-24 12:17 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-24 11:14 - 2014-05-15 08:53 - 00002948 _____ () C:\Windows\PFRO.log 2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip 2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip 2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip 2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList 2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList 2014-05-19 20:01 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Packages 2014-05-19 19:56 - 2014-05-04 20:45 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db 2014-05-18 10:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2014-05-17 11:36 - 2014-03-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-05-17 11:36 - 2014-03-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx 2014-05-16 09:34 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore 2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-15 20:39 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-05-15 20:35 - 2014-02-26 11:18 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 20:34 - 2014-02-26 11:18 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 20:34 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-05-15 19:12 - 2013-12-11 11:24 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-15 19:12 - 2013-08-23 01:24 - 00766620 _____ () C:\Windows\system32\perfh007.dat 2014-05-15 19:12 - 2013-08-23 01:24 - 00159902 _____ () C:\Windows\system32\perfc007.dat 2014-05-15 14:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-15 12:04 - 2014-05-15 12:03 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx 2014-05-13 20:22 - 2014-02-26 11:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4 2014-05-13 18:03 - 2014-02-26 11:10 - 00001155 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-13 18:03 - 2013-12-11 11:31 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-13 17:57 - 2014-02-26 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 20:57 - 2014-03-29 23:59 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\vlc 2014-05-10 20:52 - 2014-05-10 20:51 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi 2014-05-09 00:42 - 2014-04-13 11:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 00:42 - 2014-04-13 11:32 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 19:58 - 2014-05-08 19:57 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4 2014-05-07 15:29 - 2014-03-26 21:19 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\TempSWSicherungsverzeichnis 2014-05-07 14:14 - 2014-03-26 20:21 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\SolidWorks 2014-05-06 06:40 - 2014-05-15 14:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:25 - 2014-05-15 14:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:00 - 2014-05-15 14:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 14:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 17:24 - 2014-05-05 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-05 17:08 - 2014-05-05 17:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-05 17:06 - 2014-03-19 18:40 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe 2014-05-04 20:44 - 2014-05-04 20:43 - 00000004 _____ () C:\end 2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake 2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Freemake 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\OpenCandy 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe 2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4 2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug 2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-05-03 18:16 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\VirtualStore Some content of TEMP: ==================== C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 08:54 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01 Ran by Michel1899 at 2014-06-02 01:06:14 Running from C:\Users\Michel1899\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5A06C25A-366E-46CC-880E-3F904B634E9E}) (Version: - Microsoft) Dell Custom Help (Version: 16.05.1000.0264 - Intel Corporation) Hidden Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden Expekt Poker (HKCU\...\Expekt Poker) (Version: - ) Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) Intel(R) PRO/Wireless Driver (Version: 16.05.1000.0574 - Intel Corporation) Hidden Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.5.0.0096 - Intel Corporation) Hidden Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel® PROSet/Wireless WiFi Software (Version: 16.05.1000.0264 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - ) SolidWorks 2013 x64 Edition SP03 (Version: 21.130.60 - SolidWorks) Hidden SolidWorks 2013 x64 German Resources (Version: 21.130.60 - SolidWorks Corporation) Hidden SolidWorks eDrawings 2013 x64 Edition SP03 (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp) Hidden TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version: - Microsoft) Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 15-05-2014 14:25:17 Windows Update 23-05-2014 13:28:37 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00301658-0096-49F6-89F1-ADA74362C075} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {00CC6EA4-216F-4CFB-9802-051087EA2B3A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {09F74B83-F510-4D66-A4C4-1852988C74FC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {19CED202-216F-45D2-805F-27B3C8BBBEC7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2F5D4DA4-65B9-4740-A8C7-5E6043ADBDDE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {35C86106-9313-41AE-B844-64C27E6D41F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {3A372697-B083-4A27-B2A4-4C97E1A01888} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3CB9C012-69D2-4B3D-9AA8-24F51CA35214} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4A1AD8C7-B21E-47CB-9188-FE3F3C4721A8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {520C78B0-FEDA-4CD4-AE40-12E113CBCFE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.) Task: {68AF5DBF-11CA-4453-AD63-933EF79FEA8C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6C88BAAB-DB4A-4712-B15E-A1E12F2E5F23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {716C0586-2BFC-41F5-8FB5-693DB012165E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {735F6A19-D3E4-425C-B9C1-5B63BA8C19A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-15] (Microsoft Corporation) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {843648AC-DA72-4C39-8AA4-D8A09F75452F} - System32\Tasks\Auto Re-Aktivierung => C:\Windows\Re-Aktivierung\TriggerKMS.exe [2013-01-23] () Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8C6AE141-7852-4756-B8D2-0CE95CC99F21} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {93093FA1-8575-4C7C-AAE4-9F28B4D6863A} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard) Task: {949B7CF3-361E-44FA-8B61-C184645FBB25} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated) Task: {C76D663D-5781-4EDB-BAB3-5257B4D705EC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {CB7BE466-563E-46B1-A791-EE8C7C5617AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DB5ABAC6-228D-4DFE-9F9E-73194C03C4AE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F1B5E62F-A439-402B-838D-8FD9FAE03E92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {F4B5346E-5617-4673-ABCA-4AD0B536215F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-23 22:41 - 2014-05-18 11:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll 2013-07-01 10:21 - 2013-07-01 10:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe 2013-07-01 01:16 - 2013-07-01 01:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll 2013-07-01 01:16 - 2013-07-01 01:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll 2013-07-01 01:15 - 2013-07-01 01:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll 2013-07-01 01:17 - 2013-07-01 01:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll 2013-07-01 01:17 - 2013-07-01 01:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll 2013-07-01 01:17 - 2013-07-01 01:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll 2013-07-01 01:16 - 2013-07-01 01:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll 2013-07-01 01:16 - 2013-07-01 01:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll 2013-07-01 01:15 - 2013-07-01 01:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll 2013-07-01 10:21 - 2013-07-01 10:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe 2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2013-12-11 11:43 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2013-12-11 11:43 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2013-03-28 22:34 - 2013-03-28 22:34 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll 2014-02-26 11:12 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-03-23 22:41 - 2014-05-18 11:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll 2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-05-24 11:15 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-06-02 00:59 - 2014-06-02 00:59 - 00043008 _____ () C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\libcef.dll 2013-12-11 11:35 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-03-23 22:41 - 2014-05-18 11:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll 2014-05-12 10:42 - 2014-05-12 10:42 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-01-14 00:03 - 2014-01-14 00:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2013-12-11 11:30 - 2013-08-28 12:02 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Michel1899\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Michel1899\SkyDrive.old:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/28/2014 11:18:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_13_0_0_214.exe, Version: 13.0.0.214, Zeitstempel: 0x5359c61d Name des fehlerhaften Moduls: NPSWF32_13_0_0_214.dll, Version: 13.0.0.214, Zeitstempel: 0x5359c6c6 Ausnahmecode: 0xc000041d Fehleroffset: 0x000019b4 ID des fehlerhaften Prozesses: 0x1ae8 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_13_0_0_214.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_13_0_0_214.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_13_0_0_214.exe2 Berichtskennung: FlashPlayerPlugin_13_0_0_214.exe3 Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_13_0_0_214.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_13_0_0_214.exe5 Error: (05/26/2014 08:54:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/26/2014 08:49:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.5.0.0, Zeitstempel: 0x52179ea0 Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.5.0.0, Zeitstempel: 0x52179d03 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bcd8 ID des fehlerhaften Prozesses: 0x90c Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0 Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1 Pfad des fehlerhaften Moduls: ZeroConfigService.exe2 Berichtskennung: ZeroConfigService.exe3 Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5 Error: (05/23/2014 10:30:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/23/2014 09:52:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/20/2014 09:54:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/20/2014 09:29:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/19/2014 07:48:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/19/2014 06:48:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ12, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af Ausnahmecode: 0xc0000008 Fehleroffset: 0x000000000009ca6a ID des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Net Driver HPZ120 Pfad der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ121 Pfad des fehlerhaften Moduls: svchost.exe_Net Driver HPZ122 Berichtskennung: svchost.exe_Net Driver HPZ123 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Net Driver HPZ124 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Net Driver HPZ125 Error: (05/19/2014 11:48:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (06/02/2014 00:59:06 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/02/2014 00:57:35 AM) (Source: DCOM) (EventID: 10010) (User: MICHEL) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (06/02/2014 00:46:47 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/01/2014 10:35:32 PM) (Source: DCOM) (EventID: 10016) (User: MICHEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (05/30/2014 10:08:52 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 29.05.2014 um 18:16:06 unerwartet heruntergefahren. Error: (05/28/2014 04:09:15 PM) (Source: DCOM) (EventID: 10016) (User: MICHEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (05/28/2014 10:07:42 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (05/26/2014 08:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/26/2014 08:47:16 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error: (05/25/2014 01:24:20 PM) (Source: DCOM) (EventID: 10010) (User: MICHEL) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Microsoft Office Sessions: ========================= Error: (05/28/2014 11:18:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dNPSWF32_13_0_0_214.dll13.0.0.2145359c6c6c000041d000019b41ae801cf7a4c283b0037C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeC:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_13_0_0_214.dll0e500807-e649-11e3-82aa-fcf8ae222099 Error: (05/26/2014 08:54:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/26/2014 08:49:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ZeroConfigService.exe16.5.0.052179ea0MurocApi.dll16.5.0.052179d03c0000005000000000002bcd890c01cf7912fde16420C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll6e440b94-e506-11e3-82a8-fcf8ae222099 Error: (05/23/2014 10:30:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/23/2014 09:52:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/20/2014 09:54:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/20/2014 09:29:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/19/2014 07:48:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/19/2014 06:48:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_Net Driver HPZ126.3.9600.163845215dfe3ntdll.dll6.3.9600.17031530895afc0000008000000000009ca6a78801cf73739a985ca0C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll5d0f11f8-df75-11e3-8296-fcf8ae222099 Error: (05/19/2014 11:48:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) CodeIntegrity Errors: =================================== Date: 2014-06-02 00:58:17.635 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-06-02 00:58:17.573 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-06-02 00:45:57.274 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-06-02 00:45:57.220 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-06-01 22:34:44.601 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-06-01 22:34:44.554 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-05-30 16:21:24.539 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-05-30 16:21:24.476 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-05-30 10:08:51.696 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-05-30 10:08:51.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8072.96 MB Available physical RAM: 6066.84 MB Total Pagefile: 9352.96 MB Available Pagefile: 7363.82 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.96 GB) (Free:852.04 GB) NTFS Drive e: (GAENSEPRINZESSIN) (CDROM) (Total:3.85 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 2F088ABB) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-02 01:11:47 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\MICHEL~1\AppData\Local\Temp\uwldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F] .text C:\Windows\System32\svchost.exe[1992] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F] .text C:\Windows\System32\svchost.exe[1992] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F] .text C:\Windows\System32\svchost.exe[1640] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F] .text C:\Windows\System32\svchost.exe[1640] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [564:588] fffff9600086db90 ---- Processes - GMER 2.1 ---- Process C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728] (FILE NOT FOUND) 0000000000400000 Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2014-01-03 01:09:26) 0000000003d70000 Library c:\users\michel~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2014-06-01 22:59:31) 0000000003c70000 Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2013-08-23 19:01:44) 0000000066280000 Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000065660000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
Themen zu Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird |
4d36e972-e325-11ce-bfc1-08002be10318, adware/searchsuite.c, antivir, association, ccsetup, desktop, explorer, fehlercode 1, homepage, installation, officejet, onedrive, opera, outlook 2013, programm, pup.optional.aztecmedia.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.datamngr.a, pup.optional.defaultsearch.a, pup.optional.linkey.a, pup.optional.opencandy, pup.optional.settingsmanager.a, pup.optional.softonic.a, pup.optional.systemk.a, registry, rundll, services.exe, vonteera, win32/adware.bandoo.ae, win32/toolbar.asksbar, win32/toolbar.searchsuite.q, winlogon.exe |