| |
| |||||||
Log-Analyse und Auswertung: Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wirdWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.06.2014, 00:33
| #1 |
| |  Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird Hallo liebe Helfer, die folgende Schadsoftware wird von meinem Virenprogramm erkannt, scheint aber von diesem nicht korrekt entfernt werden zu können. Darüber hinaus wäre ich selbstverständlich dankbar zu Hinweisen bei etwaigen weiteren Auffälligkeiten auf meinem System. Schon mal vielen Dank im Voraus für die Hilfe. Hier zunächst mal ausführliche Information aus Avira zu dem entsprechenden "Virus": Code:
ATTFilter Typ: Datei
Quelle: C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
Status: Infiziert
Quarantäne-Objekt: 57313a45.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.18.36
Virendefinitionsdatei: 7.11.152.90
Gefunden: ADWARE/SearchSuite.c
Datum/Uhrzeit: 02.06.2014, 00:44
defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:03 on 02/06/2014 (Michel1899)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Michel1899 (administrator) on MICHEL on 02-06-2014 01:05:37
Running from C:\Users\Michel1899\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dropbox, Inc.) C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-05-18] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-05-18] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL =
SearchScopes: HKCU - {58064229-5711-4E4D-8944-2B3587376579} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32C9AFD3-EC4E-42BB-B031-675C2DE9F8AC}: [NameServer]193.174.193.231
FireFox:
========
FF ProfilePath: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Settings Manager - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} [2014-05-18]
FF Extension: PAYBACK Toolbar - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\toolbar-ff@payback.de.xpi [2014-05-07]
FF Extension: Adblock Plus - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-19]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
Chrome:
=======
CHR HomePage: hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp
CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultSearchURL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Freemake Video Converter) - C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-04]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 01:05 - 2014-06-02 01:05 - 00024314 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:05 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST
2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Downloads\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-18 19:55 - 2014-06-02 00:45 - 00000000 ____D () C:\ProgramData\systemk
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:33 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 09:33 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 14:29 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 14:29 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 14:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 14:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 14:28 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 14:28 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 14:28 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 14:28 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 14:28 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 14:28 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 14:28 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 14:28 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 14:28 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 14:28 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 14:28 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:28 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 14:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 14:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 12:03 - 2014-05-15 12:04 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-15 08:53 - 2014-05-24 11:14 - 00002948 _____ () C:\Windows\PFRO.log
2014-05-14 18:05 - 2014-05-26 10:54 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:51 - 2014-05-10 20:52 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-08 19:57 - 2014-05-08 19:58 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-05 22:34 - 2014-06-02 00:57 - 01653978 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 17:11 - 2014-05-05 17:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 17:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 17:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 17:07 - 2014-05-05 17:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:45 - 2014-05-19 19:56 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-04 20:43 - 2014-05-04 20:44 - 00000004 _____ () C:\end
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\OpenCandy
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
==================== One Month Modified Files and Folders =======
2014-06-02 01:05 - 2014-06-02 01:05 - 00024314 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:05 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST
2014-06-02 01:05 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Temp
2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Downloads\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:03 - 2014-02-26 08:41 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1873882003-3979479213-967090690-1001
2014-06-02 01:03 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-06-02 01:01 - 2014-04-13 11:32 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-02 01:00 - 2014-02-26 11:12 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Dropbox
2014-06-02 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-06-02 00:59 - 2014-03-25 15:27 - 00000000 ___RD () C:\Users\Michel1899\SkyDrive
2014-06-02 00:59 - 2014-02-26 11:17 - 00000000 ___RD () C:\Users\Michel1899\Dropbox
2014-06-02 00:59 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\DropboxMaster
2014-06-02 00:58 - 2014-04-13 11:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 00:58 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 00:57 - 2014-05-05 22:34 - 01653978 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 00:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-02 00:47 - 2014-04-13 11:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 00:45 - 2014-05-18 19:55 - 00000000 ____D () C:\ProgramData\systemk
2014-06-02 00:17 - 2014-02-26 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 22:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-27 09:58 - 2014-03-03 16:31 - 00667648 ___SH () C:\Users\Michel1899\Desktop\Thumbs.db
2014-05-26 20:58 - 2014-04-14 15:25 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\HpUpdate
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 10:54 - 2014-05-14 18:05 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-24 12:17 - 2014-03-21 10:41 - 00001084 _____ () C:\Users\Michel1899\Desktop\Dropbox.lnk
2014-05-24 12:17 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 12:17 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:14 - 2014-05-15 08:53 - 00002948 _____ () C:\Windows\PFRO.log
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-19 20:01 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Packages
2014-05-19 19:56 - 2014-05-04 20:45 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-18 10:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-17 11:36 - 2014-03-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-17 11:36 - 2014-03-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:34 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 20:39 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-15 20:35 - 2014-02-26 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:34 - 2014-02-26 11:18 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:34 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-15 19:12 - 2013-12-11 11:24 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 19:12 - 2013-08-23 01:24 - 00766620 _____ () C:\Windows\system32\perfh007.dat
2014-05-15 19:12 - 2013-08-23 01:24 - 00159902 _____ () C:\Windows\system32\perfc007.dat
2014-05-15 14:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-15 12:04 - 2014-05-15 12:03 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-13 20:22 - 2014-02-26 11:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-13 18:03 - 2014-02-26 11:10 - 00001155 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-13 18:03 - 2013-12-11 11:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 17:57 - 2014-02-26 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:57 - 2014-03-29 23:59 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\vlc
2014-05-10 20:52 - 2014-05-10 20:51 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-09 00:42 - 2014-04-13 11:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 00:42 - 2014-04-13 11:32 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 19:58 - 2014-05-08 19:57 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-07 15:29 - 2014-03-26 21:19 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\TempSWSicherungsverzeichnis
2014-05-07 14:14 - 2014-03-26 20:21 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\SolidWorks
2014-05-06 06:40 - 2014-05-15 14:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 14:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 14:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 14:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 17:24 - 2014-05-05 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:08 - 2014-05-05 17:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:06 - 2014-03-19 18:40 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:44 - 2014-05-04 20:43 - 00000004 _____ () C:\end
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\OpenCandy
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-05-03 18:16 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\VirtualStore
Some content of TEMP:
====================
C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe
C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 08:54
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Michel1899 at 2014-06-02 01:06:14
Running from C:\Users\Michel1899\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5A06C25A-366E-46CC-880E-3F904B634E9E}) (Version: - Microsoft)
Dell Custom Help (Version: 16.05.1000.0264 - Intel Corporation) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Expekt Poker (HKCU\...\Expekt Poker) (Version: - )
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
Intel(R) PRO/Wireless Driver (Version: 16.05.1000.0574 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.5.0.0096 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 16.05.1000.0264 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
SolidWorks 2013 x64 Edition SP03 (Version: 21.130.60 - SolidWorks) Hidden
SolidWorks 2013 x64 German Resources (Version: 21.130.60 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP03 (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
15-05-2014 14:25:17 Windows Update
23-05-2014 13:28:37 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00301658-0096-49F6-89F1-ADA74362C075} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {00CC6EA4-216F-4CFB-9802-051087EA2B3A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09F74B83-F510-4D66-A4C4-1852988C74FC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19CED202-216F-45D2-805F-27B3C8BBBEC7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F5D4DA4-65B9-4740-A8C7-5E6043ADBDDE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35C86106-9313-41AE-B844-64C27E6D41F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3A372697-B083-4A27-B2A4-4C97E1A01888} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3CB9C012-69D2-4B3D-9AA8-24F51CA35214} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A1AD8C7-B21E-47CB-9188-FE3F3C4721A8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {520C78B0-FEDA-4CD4-AE40-12E113CBCFE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {68AF5DBF-11CA-4453-AD63-933EF79FEA8C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C88BAAB-DB4A-4712-B15E-A1E12F2E5F23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {716C0586-2BFC-41F5-8FB5-693DB012165E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {735F6A19-D3E4-425C-B9C1-5B63BA8C19A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-15] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {843648AC-DA72-4C39-8AA4-D8A09F75452F} - System32\Tasks\Auto Re-Aktivierung => C:\Windows\Re-Aktivierung\TriggerKMS.exe [2013-01-23] ()
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C6AE141-7852-4756-B8D2-0CE95CC99F21} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {93093FA1-8575-4C7C-AAE4-9F28B4D6863A} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {949B7CF3-361E-44FA-8B61-C184645FBB25} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {C76D663D-5781-4EDB-BAB3-5257B4D705EC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CB7BE466-563E-46B1-A791-EE8C7C5617AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DB5ABAC6-228D-4DFE-9F9E-73194C03C4AE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F1B5E62F-A439-402B-838D-8FD9FAE03E92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {F4B5346E-5617-4673-ABCA-4AD0B536215F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-23 22:41 - 2014-05-18 11:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-07-01 01:16 - 2013-07-01 01:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-12-11 11:43 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-12-11 11:43 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-03-28 22:34 - 2013-03-28 22:34 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2014-02-26 11:12 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-23 22:41 - 2014-05-18 11:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-24 11:15 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-02 00:59 - 2014-06-02 00:59 - 00043008 _____ () C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-11 11:35 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-23 22:41 - 2014-05-18 11:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-05-12 10:42 - 2014-05-12 10:42 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-14 00:03 - 2014-01-14 00:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-12-11 11:30 - 2013-08-28 12:02 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Michel1899\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Michel1899\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2014 11:18:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_13_0_0_214.exe, Version: 13.0.0.214, Zeitstempel: 0x5359c61d
Name des fehlerhaften Moduls: NPSWF32_13_0_0_214.dll, Version: 13.0.0.214, Zeitstempel: 0x5359c6c6
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000019b4
ID des fehlerhaften Prozesses: 0x1ae8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_13_0_0_214.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_13_0_0_214.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_13_0_0_214.exe2
Berichtskennung: FlashPlayerPlugin_13_0_0_214.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_13_0_0_214.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_13_0_0_214.exe5
Error: (05/26/2014 08:54:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/26/2014 08:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.5.0.0, Zeitstempel: 0x52179ea0
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.5.0.0, Zeitstempel: 0x52179d03
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0x90c
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5
Error: (05/23/2014 10:30:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/23/2014 09:52:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/20/2014 09:54:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/20/2014 09:29:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/19/2014 07:48:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/19/2014 06:48:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ12, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af
Ausnahmecode: 0xc0000008
Fehleroffset: 0x000000000009ca6a
ID des fehlerhaften Prozesses: 0x788
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Net Driver HPZ120
Pfad der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ121
Pfad des fehlerhaften Moduls: svchost.exe_Net Driver HPZ122
Berichtskennung: svchost.exe_Net Driver HPZ123
Vollständiger Name des fehlerhaften Pakets: svchost.exe_Net Driver HPZ124
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Net Driver HPZ125
Error: (05/19/2014 11:48:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
System errors:
=============
Error: (06/02/2014 00:59:06 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/02/2014 00:57:35 AM) (Source: DCOM) (EventID: 10010) (User: MICHEL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (06/02/2014 00:46:47 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/01/2014 10:35:32 PM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/30/2014 10:08:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.05.2014 um 18:16:06 unerwartet heruntergefahren.
Error: (05/28/2014 04:09:15 PM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/28/2014 10:07:42 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/26/2014 08:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2014 08:47:16 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (05/25/2014 01:24:20 PM) (Source: DCOM) (EventID: 10010) (User: MICHEL)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Microsoft Office Sessions:
=========================
Error: (05/28/2014 11:18:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dNPSWF32_13_0_0_214.dll13.0.0.2145359c6c6c000041d000019b41ae801cf7a4c283b0037C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeC:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_13_0_0_214.dll0e500807-e649-11e3-82aa-fcf8ae222099
Error: (05/26/2014 08:54:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/26/2014 08:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.5.0.052179ea0MurocApi.dll16.5.0.052179d03c0000005000000000002bcd890c01cf7912fde16420C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll6e440b94-e506-11e3-82a8-fcf8ae222099
Error: (05/23/2014 10:30:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/23/2014 09:52:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/20/2014 09:54:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/20/2014 09:29:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/19/2014 07:48:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/19/2014 06:48:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_Net Driver HPZ126.3.9600.163845215dfe3ntdll.dll6.3.9600.17031530895afc0000008000000000009ca6a78801cf73739a985ca0C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll5d0f11f8-df75-11e3-8296-fcf8ae222099
Error: (05/19/2014 11:48:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2014-06-02 00:58:17.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-02 00:58:17.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-02 00:45:57.274
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-02 00:45:57.220
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-01 22:34:44.601
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-01 22:34:44.554
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 16:21:24.539
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 16:21:24.476
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 10:08:51.696
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 10:08:51.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 8072.96 MB
Available physical RAM: 6066.84 MB
Total Pagefile: 9352.96 MB
Available Pagefile: 7363.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:922.96 GB) (Free:852.04 GB) NTFS
Drive e: (GAENSEPRINZESSIN) (CDROM) (Total:3.85 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2F088ABB)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-02 01:11:47
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\MICHEL~1\AppData\Local\Temp\uwldypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1992] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1992] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1640] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1640] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [564:588] fffff9600086db90
---- Processes - GMER 2.1 ----
Process C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728] (FILE NOT FOUND) 0000000000400000
Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2014-01-03 01:09:26) 0000000003d70000
Library c:\users\michel~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2014-06-01 22:59:31) 0000000003c70000
Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2013-08-23 19:01:44) 0000000066280000
Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000065660000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
02.06.2014, 07:17
| #2 |
| /// the machine /// TB-Ausbilder    | Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
02.06.2014, 10:06
| #3 |
| | Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird Danke für die schnelle Antwort.
__________________MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.06.2014 Suchlauf-Zeit: 10:44:08 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.06.02.03 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Michel1899 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 276144 Verstrichene Zeit: 12 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 13 PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll, Löschen bei Neustart, [307ba3d0bdbeaa8cce7874df8a7af50b], PUP.Optional.SystemK.A, C:\Program Files (x86)\Settings Manager\systemk\systemk.dll, Löschen bei Neustart, [793284ef2c4f7cba2d3ba7d633ceb14f], PUP.Optional.SystemK.A, C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF29.dll, Löschen bei Neustart, [9f0c5a19d9a2092d9ecae19c8f72d32d], Registrierungsschlüssel: 14 PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A91196222, In Quarantäne, [8e1dc0b33c3f3ff7a0c8f18c8f728d73], PUP.Optional.Linkey.A, HKU\S-1-5-21-1873882003-3979479213-967090690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Löschen bei Neustart, [8526d89b92e92214d010969b8d75f907], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, In Quarantäne, [e4c762117308a2948da7eab61ee4d030], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK, In Quarantäne, [7f2c6f046516f2446acb4b55ce3446ba], PUP.Optional.Softonic.A, HKU\S-1-5-21-1873882003-3979479213-967090690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [8f1cd2a1d5a6ae88350a0b91cb3732ce], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKU\S-1-5-21-1873882003-3979479213-967090690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, Löschen bei Neustart, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], Registrierungswerte: 1 PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK|browser, ie ff cr, In Quarantäne, [7f2c6f046516f2446acb4b55ce3446ba] Registrierungsdaten: 0 (No malicious items detected) Ordner: 5 PUP.Optional.SystemK.A, C:\ProgramData\systemk, In Quarantäne, [82292350671489adc11b900ef012e61a], PUP.Optional.OpenCandy, C:\Users\Michel1899\AppData\Roaming\OpenCandy, In Quarantäne, [5754532016652412f8f76d0d6e94e719], PUP.Optional.OpenCandy, C:\Users\Michel1899\AppData\Roaming\OpenCandy\0BA68ECCC84A46E4B2BF416E461C7D0B, In Quarantäne, [5754532016652412f8f76d0d6e94e719], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk, Löschen bei Neustart, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64, Löschen bei Neustart, [beed2c4784f7979f6594d0b12fd3857b], Dateien: 34 PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll, Löschen bei Neustart, [c0eb0c67c6b593a3ba9c361d3cc810f0], PUP.Optional.AztecMedia.A, C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll, Löschen bei Neustart, [307ba3d0bdbeaa8cce7874df8a7af50b], PUP.Optional.SystemK.A, C:\Program Files (x86)\Settings Manager\systemk\systemk.dll, Löschen bei Neustart, [793284ef2c4f7cba2d3ba7d633ceb14f], PUP.Optional.SystemK.A, C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF29.dll, Löschen bei Neustart, [9f0c5a19d9a2092d9ecae19c8f72d32d], PUP.Optional.SystemK.A, C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg, In Quarantäne, [8e1dc0b33c3f3ff7a0c8f18c8f728d73], PUP.Optional.Conduit.A, C:\Users\Michel1899\AppData\Roaming\OpenCandy\0BA68ECCC84A46E4B2BF416E461C7D0B\search_protect_global.exe, In Quarantäne, [a803b3c0cead37ff7e6b55c8e9184fb1], PUP.Optional.SystemK.A, C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$R4HTNO3.dll, In Quarantäne, [f4b7d1a25f1c0e28d296a0dd4ab714ec], PUP.Optional.AztecMedia.A, C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$R7THF53.dll, In Quarantäne, [9219de9533484ceac97d3b18a85ce020], PUP.Optional.AztecMedia.A, C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RC1BFWW.dll, In Quarantäne, [8a21096a5f1c5ed80156a2b1ef15946c], PUP.Optional.AztecMedia.A, C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RJNALFK.dll, In Quarantäne, [882391e2df9cbc7ae1751142ad5705fb], PUP.Optional.SystemK.A, C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RLKW7IV.exe, In Quarantäne, [8823b2c1cead53e31850c3ba5ca5d729], PUP.Optional.SystemK.A, C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RWPEJ81.cfg, In Quarantäne, [07a47df6c2b9280ee484215cb05106fa], PUP.Optional.SystemK.A, C:\ProgramData\systemk\general.cfg, In Quarantäne, [82292350671489adc11b900ef012e61a], PUP.Optional.SystemK.A, C:\ProgramData\systemk\coordinator.cfg, In Quarantäne, [82292350671489adc11b900ef012e61a], PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-21-1873882003-3979479213-967090690-1001.cfg, In Quarantäne, [82292350671489adc11b900ef012e61a], PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-32.cfg, In Quarantäne, [82292350671489adc11b900ef012e61a], PUP.Optional.DefaultSearch.A, C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\searchplugins\default-search.xml, In Quarantäne, [a803076c3e3d75c19f8c5c440bf7b947], PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [7d2e5d164f2ca4920f1d0b95c93923dd], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32cert.dll, In Quarantäne, [248795de542747efcb76facd41c2718f], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64cert.dll, In Quarantäne, [c4e7d2a1394253e33f02e0e739cade22], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32prop.dll, In Quarantäne, [3774fc77afccfb3b390916b1847f659b], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64prop.dll, In Quarantäne, [7b300d66403b70c6b88a4a7d4db6d52b], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\del_DM_LL_nsa3E5C.dll, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Löschen bei Neustart, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll, In Quarantäne, [beed2c4784f7979f6594d0b12fd3857b], PUP.Optional.DefaultSearch.A, C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp" ],), Ersetzt,[5c4f2e45f784b77fc5a2abe24cb80af6] PUP.Optional.DefaultSearch.A, C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp",), Ersetzt,[09a2dd96accfb482d5930c81f113af51] PUP.Optional.DefaultSearch.A, C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "search_url": "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}",), Ersetzt,[23888de65e1dda5c5c0ddbb207fdd927] PUP.Optional.DefaultSearch.A, C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp");), Ersetzt,[cdde5221d4a7a690b60a6a2329db46ba] PUP.Optional.DefaultSearch.A, C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p=");), Ersetzt,[94179dd61c5f90a6e5dc5a33ec18cc34] PUP.Optional.CrossRider.A, C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "145bc405c6ba311076e8e594e060209e");), Ersetzt,[5c4f30431a61a690cbfbace145bf9b65] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 02/06/2014 um 10:51:28
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Michel1899 - MICHEL
# Gestartet von : C:\Users\Michel1899\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\Program Files (x86)\Settings Manager
Ordner Gelöscht : C:\Program Files (x86)\SparPilotAddon
Ordner Gelöscht : C:\Users\Michel1899\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Michel1899\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}
Ordner Gelöscht : C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SystemK
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17037
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "default-search.net");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "145bc405c6ba311076e8e594e060209e");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p=");
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
*************************
AdwCleaner[R0].txt - [10914 octets] - [02/06/2014 10:50:31]
AdwCleaner[S0].txt - [8177 octets] - [02/06/2014 10:51:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8237 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Michel1899 on 02.06.2014 at 10:56:51,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Michel1899\AppData\Roaming\mozilla\firefox\profiles\ddv4ekxv.default\minidumps [39 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.06.2014 at 11:00:26,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Michel1899 (administrator) on MICHEL on 02-06-2014 11:03:16
Running from C:\Users\Michel1899\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dropbox, Inc.) C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {58064229-5711-4E4D-8944-2B3587376579} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32C9AFD3-EC4E-42BB-B031-675C2DE9F8AC}: [NameServer]193.174.193.231
FireFox:
========
FF ProfilePath: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: PAYBACK Toolbar - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\toolbar-ff@payback.de.xpi [2014-05-07]
FF Extension: Adblock Plus - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-19]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultNewTabURL:
CHR Extension: (No Name) - C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-19]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 11:03 - 2014-06-02 11:03 - 00019662 _____ () C:\Users\Michel1899\Desktop\FRST.txt
2014-06-02 11:00 - 2014-06-02 11:00 - 00000756 _____ () C:\Users\Michel1899\Desktop\JRT.txt
2014-06-02 10:56 - 2014-06-02 10:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 10:55 - 2014-06-02 10:56 - 01016261 _____ (Thisisu) C:\Users\Michel1899\Desktop\JRT.exe
2014-06-02 10:54 - 2014-06-02 10:54 - 00008321 _____ () C:\Users\Michel1899\Desktop\AdwCleaner[S0].txt
2014-06-02 10:50 - 2014-06-02 10:51 - 00000000 ____D () C:\AdwCleaner
2014-06-02 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 10:49 - 2014-06-02 10:49 - 01327971 _____ () C:\Users\Michel1899\Desktop\adwcleaner_3.211.exe
2014-06-02 10:44 - 2014-06-02 10:49 - 00012116 _____ () C:\Users\Michel1899\Desktop\mbam.txt
2014-06-02 01:36 - 2014-06-02 01:36 - 611383096 _____ () C:\Windows\MEMORY.DMP
2014-06-02 01:36 - 2014-06-02 01:36 - 00291784 _____ () C:\Windows\Minidump\060214-17140-01.dmp
2014-06-02 01:36 - 2014-06-02 01:36 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 01:11 - 2014-06-02 01:11 - 00014740 _____ () C:\Users\Michel1899\Downloads\gmer.log
2014-06-02 01:07 - 2014-06-02 01:07 - 00380416 _____ () C:\Users\Michel1899\Downloads\Gmer-19357.exe
2014-06-02 01:06 - 2014-06-02 01:06 - 00045807 _____ () C:\Users\Michel1899\Downloads\Addition.txt
2014-06-02 01:05 - 2014-06-02 11:03 - 00000000 ____D () C:\FRST
2014-06-02 01:05 - 2014-06-02 01:06 - 00046419 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Desktop\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:33 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 09:33 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 14:29 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 14:29 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 14:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 14:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 14:28 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 14:28 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 14:28 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 14:28 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 14:28 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 14:28 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 14:28 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 14:28 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 14:28 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 14:28 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 14:28 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:28 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 14:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 14:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 12:03 - 2014-05-15 12:04 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-15 08:53 - 2014-06-02 10:52 - 00012182 _____ () C:\Windows\PFRO.log
2014-05-14 18:05 - 2014-05-26 10:54 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:51 - 2014-05-10 20:52 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-08 19:57 - 2014-05-08 19:58 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-05 22:34 - 2014-06-02 09:50 - 01668579 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 17:11 - 2014-06-02 10:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 17:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 17:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 17:07 - 2014-05-05 17:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:45 - 2014-05-19 19:56 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
==================== One Month Modified Files and Folders =======
2014-06-02 11:03 - 2014-06-02 11:03 - 00019662 _____ () C:\Users\Michel1899\Desktop\FRST.txt
2014-06-02 11:03 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST
2014-06-02 11:03 - 2014-02-26 08:41 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1873882003-3979479213-967090690-1001
2014-06-02 11:03 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Temp
2014-06-02 11:00 - 2014-06-02 11:00 - 00000756 _____ () C:\Users\Michel1899\Desktop\JRT.txt
2014-06-02 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-06-02 10:56 - 2014-06-02 10:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 10:56 - 2014-06-02 10:55 - 01016261 _____ (Thisisu) C:\Users\Michel1899\Desktop\JRT.exe
2014-06-02 10:55 - 2014-04-13 11:32 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-02 10:55 - 2014-04-13 11:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 10:54 - 2014-06-02 10:54 - 00008321 _____ () C:\Users\Michel1899\Desktop\AdwCleaner[S0].txt
2014-06-02 10:54 - 2014-02-26 11:17 - 00000000 ___RD () C:\Users\Michel1899\Dropbox
2014-06-02 10:54 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\DropboxMaster
2014-06-02 10:54 - 2014-02-26 11:12 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Dropbox
2014-06-02 10:53 - 2014-03-25 15:27 - 00000000 ___RD () C:\Users\Michel1899\SkyDrive
2014-06-02 10:52 - 2014-05-15 08:53 - 00012182 _____ () C:\Windows\PFRO.log
2014-06-02 10:52 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 10:51 - 2014-06-02 10:50 - 00000000 ____D () C:\AdwCleaner
2014-06-02 10:49 - 2014-06-02 10:49 - 01327971 _____ () C:\Users\Michel1899\Desktop\adwcleaner_3.211.exe
2014-06-02 10:49 - 2014-06-02 10:44 - 00012116 _____ () C:\Users\Michel1899\Desktop\mbam.txt
2014-06-02 10:48 - 2014-05-05 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 10:47 - 2014-04-13 11:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\System
2014-06-02 10:17 - 2014-02-26 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 09:50 - 2014-05-05 22:34 - 01668579 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 01:53 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899
2014-06-02 01:36 - 2014-06-02 01:36 - 611383096 _____ () C:\Windows\MEMORY.DMP
2014-06-02 01:36 - 2014-06-02 01:36 - 00291784 _____ () C:\Windows\Minidump\060214-17140-01.dmp
2014-06-02 01:36 - 2014-06-02 01:36 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 01:11 - 2014-06-02 01:11 - 00014740 _____ () C:\Users\Michel1899\Downloads\gmer.log
2014-06-02 01:07 - 2014-06-02 01:07 - 00380416 _____ () C:\Users\Michel1899\Downloads\Gmer-19357.exe
2014-06-02 01:06 - 2014-06-02 01:06 - 00045807 _____ () C:\Users\Michel1899\Downloads\Addition.txt
2014-06-02 01:06 - 2014-06-02 01:05 - 00046419 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Desktop\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-06-02 00:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-01 22:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-27 09:58 - 2014-03-03 16:31 - 00667648 ___SH () C:\Users\Michel1899\Desktop\Thumbs.db
2014-05-26 20:58 - 2014-04-14 15:25 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\HpUpdate
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 10:54 - 2014-05-14 18:05 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-24 12:17 - 2014-03-21 10:41 - 00001084 _____ () C:\Users\Michel1899\Desktop\Dropbox.lnk
2014-05-24 12:17 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 12:17 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-19 20:01 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Packages
2014-05-19 19:56 - 2014-05-04 20:45 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-18 10:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-17 11:36 - 2014-03-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-17 11:36 - 2014-03-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:34 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 20:39 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-15 20:35 - 2014-02-26 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:34 - 2014-02-26 11:18 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:34 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-15 19:12 - 2013-12-11 11:24 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 19:12 - 2013-08-23 01:24 - 00766620 _____ () C:\Windows\system32\perfh007.dat
2014-05-15 19:12 - 2013-08-23 01:24 - 00159902 _____ () C:\Windows\system32\perfc007.dat
2014-05-15 14:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-15 12:04 - 2014-05-15 12:03 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-13 20:22 - 2014-02-26 11:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-13 18:03 - 2014-02-26 11:10 - 00001155 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-13 18:03 - 2013-12-11 11:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 17:57 - 2014-02-26 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:57 - 2014-03-29 23:59 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\vlc
2014-05-10 20:52 - 2014-05-10 20:51 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-09 00:42 - 2014-04-13 11:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 00:42 - 2014-04-13 11:32 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 19:58 - 2014-05-08 19:57 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-07 15:29 - 2014-03-26 21:19 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\TempSWSicherungsverzeichnis
2014-05-07 14:14 - 2014-03-26 20:21 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\SolidWorks
2014-05-06 06:40 - 2014-05-15 14:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 14:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 14:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 14:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:08 - 2014-05-05 17:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:06 - 2014-03-19 18:40 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-05-03 18:16 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\VirtualStore
Some content of TEMP:
====================
C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe
C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3o8tzm.dll
C:\Users\Michel1899\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 08:54
==================== End Of Log ============================
Vielen herzlichen Dank! :-)  |
|
03.06.2014, 09:48
| #4 |
| /// the machine /// TB-Ausbilder | Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wirdESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2014, 14:56
| #5 | |
| | Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=3d4ac176a103c749b735764042a5111c
# engine=18534
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-03 01:46:59
# local_time=2014-06-03 03:46:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1577730 26684512 0 0
# scanned=214661
# found=29
# cleaned=0
# scan_time=5539
sh=63022D62B780E0CB3C9AE873A09A32207AEC0C45 ft=1 fh=550715eb61a24f3b vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RD861BJ.exe"
sh=2CF0E9EA3CDC2296FF073201E864C469A7A5759E ft=1 fh=5618c33f21c2403f vn="Variante von Win32/AdWare.Bandoo.AE Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RJNPSA6.dll"
sh=6736252706F89DFC6899FEE6C360D8BFBF401BEC ft=1 fh=374276c930bcde15 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF10.dll.vir"
sh=7909DF2339D78F00C24092FFF9491317AB954316 ft=1 fh=2ff184a74c05a271 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF11.dll.vir"
sh=E5FCE2519122FAF40529BA6294CB3F0844E0C738 ft=1 fh=f13e05a62680f109 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF12.dll.vir"
sh=EFC055DC03DD7698ABBFB92718A7777E2973F079 ft=1 fh=6ef019d475ea6325 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF13.dll.vir"
sh=D2859A7F5E059C24ED68665DA69EDF33A7352D55 ft=1 fh=357742a168447bbd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF14.dll.vir"
sh=5F46910AFA74FD8EE8574E183A04B8E781F1A249 ft=1 fh=9887df60e379ba2f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF15.dll.vir"
sh=D755D4C9CC3700F4869589360F53F61B6CC2CC72 ft=1 fh=ce2f72d226aff2b4 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF16.dll.vir"
sh=D5224E3374B861B523BC618B725D88774D077E39 ft=1 fh=c6333adf6866c44f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF17.dll.vir"
sh=B538DC950FD59AA3F4D1349FE0BD2E2B92603612 ft=1 fh=21900040b5af4e8e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF18.dll.vir"
sh=B785203A7E1C00F93B888EB494B33EA5D108571E ft=1 fh=fe3406bdfbae635e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF19.dll.vir"
sh=11A9C493387FFF75D1DDEDBB8F4449CD06DF8C93 ft=1 fh=005351c573d9875e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF2.dll.vir"
sh=7AE7378589350EA7FF89791FB017E371E653A5B7 ft=1 fh=f8ea411c78bbb34f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF20.dll.vir"
sh=DFEDDDF25967D22BBDFC60DAB1911B85FEE88D01 ft=1 fh=dc927e8494037489 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF21.dll.vir"
sh=693DE5FECAD1B00542B339DD2F9A529B4A06A5E2 ft=1 fh=e35a43df301ed0c6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF22.dll.vir"
sh=4ED4F94AF4D97B67412714D0747B45CF0FD6B2DA ft=1 fh=0444909e9111ddc6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF23.dll.vir"
sh=1AFC1DF188673069ACE2163F696052C1ECB08144 ft=1 fh=9a5377a5e8bddacd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF24.dll.vir"
sh=75E809C271D5E5ADE512E408C9EA5ADE196DE89C ft=1 fh=7061a52b9960f21b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF25.dll.vir"
sh=C400C8D7DA9B44EF26D343A43D7079E4A87AF733 ft=1 fh=dbd9550bceae1ea9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF26.dll.vir"
sh=4E650F2C07952D0925C8D71B2B0D36B410D27C51 ft=1 fh=e213dfeb1eda7c6b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF27.dll.vir"
sh=BD6032EF269C1FFAB0931168C6B5CBFE0D8AAF72 ft=1 fh=076f8ebd13e4e9b1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF28.dll.vir"
sh=7670B37DBB5192661C56908529F0C994E45A6954 ft=1 fh=36b8f310622c76d5 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF4.dll.vir"
sh=FDD7DD7F09B21EB50AAC74FC235F05A594DAC4DC ft=1 fh=4edf44d6b267a41c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF5.dll.vir"
sh=BD07028D4DA0F02790633480206025807B0F78E2 ft=1 fh=473dff4246a7fd2a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF6.dll.vir"
sh=42E09CB7ADCA9A141089F3F2D45F746B1C236F98 ft=1 fh=ffd8dd6bffaac829 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF7.dll.vir"
sh=53B8D8514A3C23F2B745FBD5C03E09BB24BF331D ft=1 fh=07e550a04c82e3f3 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF8.dll.vir"
sh=6539535AAB146A3C27DB949B4376C7895C3731B6 ft=1 fh=e1ba3d53c2ef126c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF9.dll.vir"
sh=D32B92ABCEC651ABE6B27997A67674DC994609E4 ft=1 fh=04eb9f1f842db58d vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel1899\Dropbox\Michel\Dokumente\Programme\Nero 8 Ultra Edition 8.3.6.0\Nero-8.3.6.0_deu_trial.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Windows Defender
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Michel1899 (administrator) on MICHEL on 03-06-2014 15:51:51
Running from C:\Users\Michel1899\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Dropbox, Inc.) C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {58064229-5711-4E4D-8944-2B3587376579} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32C9AFD3-EC4E-42BB-B031-675C2DE9F8AC}: [NameServer]193.174.193.231
FireFox:
========
FF ProfilePath: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\foxyproxy@eric.h.jung [2014-06-02]
FF Extension: PAYBACK Toolbar - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\toolbar-ff@payback.de.xpi [2014-05-07]
FF Extension: Adblock Plus - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-19]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultNewTabURL:
CHR Extension: (No Name) - C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-19]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-03 15:51 - 2014-06-03 15:51 - 00000000 ____D () C:\Users\Michel1899\Desktop\FRST-OlderVersion
2014-06-03 15:50 - 2014-06-03 15:50 - 00854367 _____ () C:\Users\Michel1899\Desktop\SecurityCheck.exe
2014-06-03 14:09 - 2014-06-03 14:09 - 02347384 _____ (ESET) C:\Users\Michel1899\Desktop\esetsmartinstaller_deu.exe
2014-06-02 11:03 - 2014-06-03 15:51 - 00019683 _____ () C:\Users\Michel1899\Desktop\FRST.txt
2014-06-02 11:00 - 2014-06-02 11:00 - 00000756 _____ () C:\Users\Michel1899\Desktop\JRT.txt
2014-06-02 10:56 - 2014-06-02 10:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 10:55 - 2014-06-02 10:56 - 01016261 _____ (Thisisu) C:\Users\Michel1899\Desktop\JRT.exe
2014-06-02 10:54 - 2014-06-02 10:54 - 00008321 _____ () C:\Users\Michel1899\Desktop\AdwCleaner[S0].txt
2014-06-02 10:50 - 2014-06-02 10:51 - 00000000 ____D () C:\AdwCleaner
2014-06-02 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 10:49 - 2014-06-02 10:49 - 01327971 _____ () C:\Users\Michel1899\Desktop\adwcleaner_3.211.exe
2014-06-02 10:44 - 2014-06-02 10:49 - 00012116 _____ () C:\Users\Michel1899\Desktop\mbam.txt
2014-06-02 01:36 - 2014-06-02 01:36 - 611383096 _____ () C:\Windows\MEMORY.DMP
2014-06-02 01:36 - 2014-06-02 01:36 - 00291784 _____ () C:\Windows\Minidump\060214-17140-01.dmp
2014-06-02 01:36 - 2014-06-02 01:36 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 01:11 - 2014-06-02 01:11 - 00014740 _____ () C:\Users\Michel1899\Downloads\gmer.log
2014-06-02 01:07 - 2014-06-02 01:07 - 00380416 _____ () C:\Users\Michel1899\Downloads\Gmer-19357.exe
2014-06-02 01:06 - 2014-06-02 01:06 - 00045807 _____ () C:\Users\Michel1899\Downloads\Addition.txt
2014-06-02 01:05 - 2014-06-03 15:51 - 00000000 ____D () C:\FRST
2014-06-02 01:05 - 2014-06-02 01:06 - 00046419 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:04 - 2014-06-03 15:51 - 02068992 _____ (Farbar) C:\Users\Michel1899\Desktop\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:33 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 09:33 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 14:29 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 14:29 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 14:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 14:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 14:28 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 14:28 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 14:28 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 14:28 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 14:28 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 14:28 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 14:28 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 14:28 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 14:28 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 14:28 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 14:28 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:28 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 14:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 14:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 12:03 - 2014-05-15 12:04 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-15 08:53 - 2014-06-03 07:32 - 00012808 _____ () C:\Windows\PFRO.log
2014-05-14 18:05 - 2014-05-26 10:54 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:51 - 2014-05-10 20:52 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-08 19:57 - 2014-05-08 19:58 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-05 22:34 - 2014-06-03 13:12 - 01758000 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 17:11 - 2014-06-02 10:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 17:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 17:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 17:07 - 2014-05-05 17:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:45 - 2014-05-19 19:56 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-04 20:43 - 2014-06-03 15:49 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
==================== One Month Modified Files and Folders =======
2014-06-03 15:52 - 2014-06-02 11:03 - 00019683 _____ () C:\Users\Michel1899\Desktop\FRST.txt
2014-06-03 15:52 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Temp
2014-06-03 15:51 - 2014-06-03 15:51 - 00000000 ____D () C:\Users\Michel1899\Desktop\FRST-OlderVersion
2014-06-03 15:51 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST
2014-06-03 15:51 - 2014-06-02 01:04 - 02068992 _____ (Farbar) C:\Users\Michel1899\Desktop\FRST64.exe
2014-06-03 15:50 - 2014-06-03 15:50 - 00854367 _____ () C:\Users\Michel1899\Desktop\SecurityCheck.exe
2014-06-03 15:49 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-03 15:47 - 2014-04-13 11:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 15:17 - 2014-02-26 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-06-03 14:09 - 2014-06-03 14:09 - 02347384 _____ (ESET) C:\Users\Michel1899\Desktop\esetsmartinstaller_deu.exe
2014-06-03 13:37 - 2014-02-26 11:12 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 13:37 - 2014-02-26 11:12 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-03 13:12 - 2014-05-05 22:34 - 01758000 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 07:43 - 2014-02-26 08:41 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1873882003-3979479213-967090690-1001
2014-06-03 07:35 - 2014-04-13 11:32 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 07:35 - 2014-02-26 11:12 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Dropbox
2014-06-03 07:34 - 2014-02-26 11:17 - 00000000 ___RD () C:\Users\Michel1899\Dropbox
2014-06-03 07:33 - 2014-04-13 11:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 07:33 - 2014-03-25 15:27 - 00000000 ___RD () C:\Users\Michel1899\SkyDrive
2014-06-03 07:33 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\DropboxMaster
2014-06-03 07:32 - 2014-05-15 08:53 - 00012808 _____ () C:\Windows\PFRO.log
2014-06-03 07:32 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 21:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-02 21:30 - 2014-04-14 15:25 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\HpUpdate
2014-06-02 11:00 - 2014-06-02 11:00 - 00000756 _____ () C:\Users\Michel1899\Desktop\JRT.txt
2014-06-02 10:56 - 2014-06-02 10:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 10:56 - 2014-06-02 10:55 - 01016261 _____ (Thisisu) C:\Users\Michel1899\Desktop\JRT.exe
2014-06-02 10:54 - 2014-06-02 10:54 - 00008321 _____ () C:\Users\Michel1899\Desktop\AdwCleaner[S0].txt
2014-06-02 10:51 - 2014-06-02 10:50 - 00000000 ____D () C:\AdwCleaner
2014-06-02 10:49 - 2014-06-02 10:49 - 01327971 _____ () C:\Users\Michel1899\Desktop\adwcleaner_3.211.exe
2014-06-02 10:49 - 2014-06-02 10:44 - 00012116 _____ () C:\Users\Michel1899\Desktop\mbam.txt
2014-06-02 10:48 - 2014-05-05 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\System
2014-06-02 01:53 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899
2014-06-02 01:36 - 2014-06-02 01:36 - 611383096 _____ () C:\Windows\MEMORY.DMP
2014-06-02 01:36 - 2014-06-02 01:36 - 00291784 _____ () C:\Windows\Minidump\060214-17140-01.dmp
2014-06-02 01:36 - 2014-06-02 01:36 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 01:11 - 2014-06-02 01:11 - 00014740 _____ () C:\Users\Michel1899\Downloads\gmer.log
2014-06-02 01:07 - 2014-06-02 01:07 - 00380416 _____ () C:\Users\Michel1899\Downloads\Gmer-19357.exe
2014-06-02 01:06 - 2014-06-02 01:06 - 00045807 _____ () C:\Users\Michel1899\Downloads\Addition.txt
2014-06-02 01:06 - 2014-06-02 01:05 - 00046419 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-06-01 22:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-27 09:58 - 2014-03-03 16:31 - 00667648 ___SH () C:\Users\Michel1899\Desktop\Thumbs.db
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 10:54 - 2014-05-14 18:05 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-24 12:17 - 2014-03-21 10:41 - 00001084 _____ () C:\Users\Michel1899\Desktop\Dropbox.lnk
2014-05-24 12:17 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 12:17 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-19 20:01 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Packages
2014-05-19 19:56 - 2014-05-04 20:45 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-18 10:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-17 11:36 - 2014-03-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-17 11:36 - 2014-03-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:34 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 20:39 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-15 20:35 - 2014-02-26 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:34 - 2014-02-26 11:18 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:34 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-15 19:12 - 2013-12-11 11:24 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 19:12 - 2013-08-23 01:24 - 00766620 _____ () C:\Windows\system32\perfh007.dat
2014-05-15 19:12 - 2013-08-23 01:24 - 00159902 _____ () C:\Windows\system32\perfc007.dat
2014-05-15 14:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-15 12:04 - 2014-05-15 12:03 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-13 20:22 - 2014-02-26 11:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-13 18:03 - 2014-02-26 11:10 - 00001155 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-13 18:03 - 2013-12-11 11:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 17:57 - 2014-02-26 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:57 - 2014-03-29 23:59 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\vlc
2014-05-10 20:52 - 2014-05-10 20:51 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-09 00:42 - 2014-04-13 11:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 00:42 - 2014-04-13 11:32 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 19:58 - 2014-05-08 19:57 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-07 15:29 - 2014-03-26 21:19 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\TempSWSicherungsverzeichnis
2014-05-07 14:14 - 2014-03-26 20:21 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\SolidWorks
2014-05-06 06:40 - 2014-05-15 14:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 14:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 14:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 14:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:08 - 2014-05-05 17:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:06 - 2014-03-19 18:40 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
Some content of TEMP:
====================
C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe
C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp187ugo.dll
C:\Users\Michel1899\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-02 21:28
==================== End Of Log ============================
--- --- --- Zitat:
|
|
04.06.2014, 09:33
| #6 |
| /// the machine /// TB-Ausbilder | Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird |
|
04.06.2014, 11:22
| #7 |
| | Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird Dann bleibt mir wohl nur noch, mich recht herzlich für die tolle Unterstützung zu bedanken! :-) Hier noch die Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Michel1899 at 2014-06-04 12:19:55 Run:1
Running from C:\Users\Michel1899\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\$Recycle.Bin
*****************
C:\$Recycle.Bin => Moved successfully.
==== End of Fixlog ====
|
|
05.06.2014, 09:28
| #8 |
| /// the machine /// TB-Ausbilder | Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware/searchsuite.c, antivir, association, ccsetup, desktop, explorer, fehlercode 1, homepage, installation, officejet, onedrive, opera, outlook 2013, programm, pup.optional.aztecmedia.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.datamngr.a, pup.optional.defaultsearch.a, pup.optional.linkey.a, pup.optional.opencandy, pup.optional.settingsmanager.a, pup.optional.softonic.a, pup.optional.systemk.a, registry, rundll, services.exe, vonteera, win32/adware.bandoo.ae, win32/toolbar.asksbar, win32/toolbar.searchsuite.q, winlogon.exe |
Linear-Darstellung
